Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/M8nuPLpf7LBlRVsNwRwMnS3HPX0.roa
File:                     M8nuPLpf7LBlRVsNwRwMnS3HPX0.roa (raw, json)
Hash identifier:          +V/X+cVKVZleYopVrZoHYcWeSr2Uo7YVLkrVP/4ioXQ=
Subject key identifier:   33:C9:EE:3C:BA:5F:EC:B0:65:45:5B:0D:C1:1C:0C:9D:2D:C7:3D:7D
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018505614DD9A6B68993CEA90EC904F00713
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/M8nuPLpf7LBlRVsNwRwMnS3HPX0.roa
Signing time:             Mon 12 Dec 2022 08:09:01 +0000
ROA not before:           Mon 12 Dec 2022 08:09:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8263
IP address blocks:        212.14.160.0/19 maxlen: 24
                          212.69.96.0/19 maxlen: 24
                          188.162.0.0/16 maxlen: 24
                          195.230.64.0/19 maxlen: 24
                          195.149.111.0/24 maxlen: 24
                          195.16.96.0/19 maxlen: 24
                          178.176.225.0/24 maxlen: 24
                          178.176.224.0/24 maxlen: 24
                          178.176.226.0/24 maxlen: 24
                          212.119.160.0/19 maxlen: 24
                          195.78.116.0/23 maxlen: 24
                          193.201.228.0/22 maxlen: 24
                          212.44.64.0/19 maxlen: 24
                          195.5.128.0/19 maxlen: 24
                          213.154.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:05:61:4d:d9:a6:b6:89:93:ce:a9:0e:c9:04:f0:07:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Dec 12 08:09:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=33c9ee3cba5fecb065455b0dc11c0c9d2dc73d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fc:16:b4:4b:7e:20:cd:3e:f0:8d:e7:65:c4:
                    0b:c1:95:50:41:fe:02:82:8f:2c:98:5a:40:06:98:
                    72:f1:83:a5:b2:ae:da:c8:f5:f1:1c:99:56:94:17:
                    d7:16:66:d7:85:67:76:5f:81:c9:b0:3c:a3:e9:76:
                    c4:49:ff:d9:a8:ce:c3:ac:fb:e8:4f:55:d5:08:c9:
                    60:0f:1d:04:51:b9:8a:85:86:3f:32:0f:35:64:97:
                    ef:6b:2d:68:cd:98:86:6f:f8:a1:98:5b:5e:1b:3b:
                    e0:db:4b:5f:6e:31:bf:4c:44:e5:9a:12:c7:9d:79:
                    8e:3e:d6:4e:40:db:28:73:b8:89:b0:49:77:ae:f3:
                    a7:0b:68:03:35:d9:55:a7:9e:d1:bd:cd:dc:29:76:
                    2d:57:6c:44:4b:78:c8:bb:72:75:70:18:2e:1b:b9:
                    e4:94:a4:4c:1d:70:5e:3c:a2:fa:60:2c:a0:0f:78:
                    02:69:78:3a:a7:00:eb:98:99:e3:9b:eb:35:74:fb:
                    2b:73:ad:b5:14:49:67:51:dc:76:86:36:38:0c:1b:
                    0d:c5:58:86:95:ef:39:ef:d4:c5:6b:70:24:83:9c:
                    51:5e:9b:ae:01:07:3f:f7:05:bf:c2:e8:11:de:81:
                    d8:46:67:36:05:2a:01:b9:71:53:0c:9b:3b:a4:a5:
                    6d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C9:EE:3C:BA:5F:EC:B0:65:45:5B:0D:C1:1C:0C:9D:2D:C7:3D:7D
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/M8nuPLpf7LBlRVsNwRwMnS3HPX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.176.224.0-178.176.226.255
                  188.162.0.0/16
                  193.201.228.0/22
                  195.5.128.0/19
                  195.16.96.0/19
                  195.78.116.0/23
                  195.149.111.0/24
                  195.230.64.0/19
                  212.14.160.0/19
                  212.44.64.0/19
                  212.69.96.0/19
                  212.119.160.0/19
                  213.154.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7c:7d:93:a5:04:44:52:09:6f:0a:9d:f6:57:b3:63:09:bc:44:
         98:0f:4d:dd:f1:c0:1e:9f:c0:7d:2b:04:d8:52:f9:d9:01:53:
         ae:35:a0:06:a4:8c:4b:5d:bd:60:ca:e9:e3:a6:22:17:cb:a5:
         94:4d:bd:87:52:2e:00:7c:99:0a:74:37:97:a3:c4:1d:48:2c:
         ab:2e:57:55:98:0b:57:e4:c3:c6:16:8d:90:9b:fd:40:b6:c7:
         c8:f7:a6:e6:da:62:81:d0:66:c7:a0:c4:2c:87:46:44:98:76:
         27:c6:3c:93:29:fe:c8:9b:5f:27:5e:b9:75:3f:ca:6c:ba:da:
         3a:66:5f:78:61:df:a2:e5:81:6f:9b:28:0f:6d:5b:0b:04:48:
         b5:f1:e7:49:62:39:88:16:6f:11:d7:28:5d:be:c0:15:7b:71:
         dd:b9:96:b5:4e:53:60:53:57:92:01:e6:b5:f1:cc:8f:5a:3f:
         70:96:94:84:b8:72:c7:24:7d:31:c2:90:f2:19:45:39:a2:2a:
         86:84:cf:6f:ae:17:3f:57:f9:21:6b:26:c9:f0:01:c8:ea:ef:
         74:1f:3d:ad:13:0d:a9:a9:d2:c8:c2:53:1c:6a:07:b7:82:d7:
         e3:26:f4:23:73:5a:13:4f:93:0f:7f:e8:9d:71:a8:87:96:9e:
         26:a5:66:32
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYUFYU3ZpraJk86pDskE8AcTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjEyMDgwOTAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2M5ZWUzY2JhNWZlY2IwNjU0NTViMGRjMTFjMGM5ZDJkYzczZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/wWtEt+IM0+8I3nZcQLwZVQQf4C
go8smFpABphy8YOlsq7ayPXxHJlWlBfXFmbXhWd2X4HJsDyj6XbESf/ZqM7DrPvo
T1XVCMlgDx0EUbmKhYY/Mg81ZJfvay1ozZiGb/ihmFteGzvg20tfbjG/TETlmhLH
nXmOPtZOQNsoc7iJsEl3rvOnC2gDNdlVp57Rvc3cKXYtV2xES3jIu3J1cBguG7nk
lKRMHXBePKL6YCygD3gCaXg6pwDrmJnjm+s1dPsrc621FElnUdx2hjY4DBsNxViG
le8579TFa3Akg5xRXpuuAQc/9wW/wugR3oHYRmc2BSoBuXFTDJs7pKVt6QIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFDPJ7jy6X+ywZUVbDcEcDJ0txz19MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvTThudVBMcGY3TEJsUlZzTndSd01uUzNIUFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBbBAIAATBVMAwDBAWysOAD
BACysOIDAwC8ogMEAsHJ5AMEBcMFgAMEBcMQYAMEAcNOdAMEAMOVbwMEBcPmQAME
BdQOoAMEBdQsQAMEBdRFYAMEBdR3oAMEBdWaoDANBgkqhkiG9w0BAQsFAAOCAQEA
fH2TpQREUglvCp32V7NjCbxEmA9N3fHAHp/AfSsE2FL52QFTrjWgBqSMS129YMrp
46YiF8ullE29h1IuAHyZCnQ3l6PEHUgsqy5XVZgLV+TDxhaNkJv9QLbHyPem5tpi
gdBmx6DELIdGRJh2J8Y8kyn+yJtfJ165dT/KbLraOmZfeGHfouWBb5soD21bCwRI
tfHnSWI5iBZvEdcoXb7AFXtx3bmWtU5TYFNXkgHmtfHMj1o/cJaUhLhyxyR9McKQ
8hlFOaIqhoTPb64XP1f5IWsmyfAByOrvdB89rRMNqanSyMJTHGoHt4LX4yb0I3Na
E0+TD3/onXGoh5aeJqVmMg==
-----END CERTIFICATE-----