Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/aW47PFTU1GkGkcfbr_D4D_7OLSo.roa
File:                     aW47PFTU1GkGkcfbr_D4D_7OLSo.roa (raw, json)
Hash identifier:          V4XyM+P/X+mWvp62Jg7bUk2HK65nZQD3P4Ctnd+2uVs=
Subject key identifier:   69:6E:3B:3C:54:D4:D4:69:06:91:C7:DB:AF:F0:F8:0F:FE:CE:2D:2A
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0185056150300290062C2A8BD0D4BD370DC0
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/aW47PFTU1GkGkcfbr_D4D_7OLSo.roa
Signing time:             Mon 12 Dec 2022 08:09:01 +0000
ROA not before:           Mon 12 Dec 2022 08:09:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24866
IP address blocks:        212.14.160.0/19 maxlen: 24
                          212.69.96.0/19 maxlen: 24
                          188.162.0.0/16 maxlen: 24
                          195.230.64.0/19 maxlen: 24
                          195.149.111.0/24 maxlen: 24
                          195.16.96.0/19 maxlen: 24
                          212.119.160.0/19 maxlen: 24
                          178.176.229.0/24 maxlen: 24
                          178.176.228.0/24 maxlen: 24
                          178.176.227.0/24 maxlen: 24
                          195.78.116.0/23 maxlen: 24
                          193.201.228.0/22 maxlen: 24
                          212.44.64.0/19 maxlen: 24
                          195.5.128.0/19 maxlen: 24
                          213.154.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:05:61:50:30:02:90:06:2c:2a:8b:d0:d4:bd:37:0d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Dec 12 08:09:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=696e3b3c54d4d4690691c7dbaff0f80ffece2d2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ce:6f:dd:a9:2b:ea:60:a3:36:0a:63:3f:84:
                    e6:87:b6:56:fc:0a:cc:e6:a0:0e:a4:c1:1c:04:db:
                    dc:b6:17:a5:e1:f4:10:a4:2c:31:b6:cc:44:25:7d:
                    c4:d8:8b:fa:45:62:b5:d0:95:42:ee:ad:ff:c0:cd:
                    1b:cc:18:d2:28:df:ab:17:4f:3d:b5:e5:d0:44:5b:
                    58:da:79:f4:91:3d:2f:be:96:5f:19:34:b3:2b:cb:
                    0f:58:58:d7:82:17:04:af:ec:31:67:37:47:f9:51:
                    b8:83:14:ea:07:6f:38:fc:22:84:6e:fd:c0:dc:88:
                    3e:e8:65:40:cb:66:e3:df:15:74:a2:fb:4f:1a:47:
                    f9:e4:2b:e6:f5:4e:c5:42:21:da:25:15:bc:d6:92:
                    07:a4:5c:49:35:e8:71:ee:19:b5:84:c4:86:7c:d2:
                    f4:8f:94:a2:27:da:db:f3:bc:b2:c0:cf:92:7d:c7:
                    3b:69:0b:43:55:2c:7b:a2:c2:b4:38:b9:24:a0:77:
                    74:38:fe:e9:0f:89:62:da:c7:cf:fc:9b:11:d3:1a:
                    80:f7:7c:fb:ee:97:84:6f:95:bb:95:de:ac:92:61:
                    db:19:99:f3:74:e9:6d:a7:c0:cb:88:06:a3:41:9b:
                    44:b5:bb:82:cd:3a:b0:f8:ea:5f:ec:9c:53:79:4d:
                    0a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:6E:3B:3C:54:D4:D4:69:06:91:C7:DB:AF:F0:F8:0F:FE:CE:2D:2A
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/aW47PFTU1GkGkcfbr_D4D_7OLSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.176.227.0-178.176.229.255
                  188.162.0.0/16
                  193.201.228.0/22
                  195.5.128.0/19
                  195.16.96.0/19
                  195.78.116.0/23
                  195.149.111.0/24
                  195.230.64.0/19
                  212.14.160.0/19
                  212.44.64.0/19
                  212.69.96.0/19
                  212.119.160.0/19
                  213.154.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7f:9b:b0:94:aa:dd:3d:fe:30:b8:85:cf:c3:fd:4f:7c:ce:db:
         7d:f1:cd:39:4d:5a:f8:20:c4:68:de:19:d9:64:0b:c5:0c:f9:
         7c:f3:19:27:69:01:e4:a4:8f:fc:3f:bf:ab:f0:42:5a:1e:1f:
         16:a8:f1:4f:78:cf:35:61:7c:1e:87:d8:50:86:67:98:27:7b:
         d4:f5:e4:d2:c2:87:2e:c7:22:05:30:31:e1:16:96:2c:5b:4a:
         99:fc:d5:55:ce:cc:f1:81:4e:50:09:c8:44:b9:a1:03:46:27:
         32:c4:19:cc:9f:fe:0e:ac:f1:92:79:fe:32:3b:24:57:d0:6c:
         52:e3:1f:bc:b6:fe:29:1f:6e:1c:ec:7f:4c:c2:97:b1:e5:9d:
         09:56:46:2a:03:a0:e9:b6:b8:b2:cc:dd:ae:b9:29:a5:33:5d:
         7d:7c:c8:65:60:f2:fe:bc:d7:0b:9c:43:0a:8c:9f:6c:a7:79:
         0b:b1:0a:0f:cf:14:eb:11:8c:41:7e:06:fe:67:92:dc:b2:44:
         fe:37:df:c2:f0:3c:dc:0f:55:54:16:fd:38:d1:a4:ff:49:e0:
         22:0a:e7:a3:7b:52:ff:58:cb:d4:67:2e:8a:73:90:7f:ef:67:
         dd:98:2b:db:87:a9:9f:1d:42:b3:ba:34:a1:1a:5b:f7:25:89:
         a9:af:20:ac
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYUFYVAwApAGLCqL0NS9Nw3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjEyMDgwOTAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTZlM2IzYzU0ZDRkNDY5MDY5MWM3ZGJhZmYwZjgwZmZlY2UyZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp85v3akr6mCjNgpjP4Tmh7ZW/ArM
5qAOpMEcBNvcthel4fQQpCwxtsxEJX3E2Iv6RWK10JVC7q3/wM0bzBjSKN+rF089
teXQRFtY2nn0kT0vvpZfGTSzK8sPWFjXghcEr+wxZzdH+VG4gxTqB284/CKEbv3A
3Ig+6GVAy2bj3xV0ovtPGkf55Cvm9U7FQiHaJRW81pIHpFxJNehx7hm1hMSGfNL0
j5SiJ9rb87yywM+Sfcc7aQtDVSx7osK0OLkkoHd0OP7pD4li2sfP/JsR0xqA93z7
7peEb5W7ld6skmHbGZnzdOltp8DLiAajQZtEtbuCzTqw+Opf7JxTeU0KtwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFGluOzxU1NRpBpHH26/w+A/+zi0qMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvYVc0N1BGVFUxR2tHa2NmYnJfRDREXzdPTFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBbBAIAATBVMAwDBACysOMD
BAGysOQDAwC8ogMEAsHJ5AMEBcMFgAMEBcMQYAMEAcNOdAMEAMOVbwMEBcPmQAME
BdQOoAMEBdQsQAMEBdRFYAMEBdR3oAMEBdWaoDANBgkqhkiG9w0BAQsFAAOCAQEA
f5uwlKrdPf4wuIXPw/1PfM7bffHNOU1a+CDEaN4Z2WQLxQz5fPMZJ2kB5KSP/D+/
q/BCWh4fFqjxT3jPNWF8HofYUIZnmCd71PXk0sKHLsciBTAx4RaWLFtKmfzVVc7M
8YFOUAnIRLmhA0YnMsQZzJ/+Dqzxknn+MjskV9BsUuMfvLb+KR9uHOx/TMKXseWd
CVZGKgOg6ba4sszdrrkppTNdfXzIZWDy/rzXC5xDCoyfbKd5C7EKD88U6xGMQX4G
/meS3LJE/jffwvA83A9VVBb9ONGk/0ngIgrno3tS/1jL1GcuinOQf+9n3Zgr24ep
nx1Cs7o0oRpb9yWJqa8grA==
-----END CERTIFICATE-----