Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/rzJlowWF9AizU_giXrzOVcrYl0Q.roa
File:                     rzJlowWF9AizU_giXrzOVcrYl0Q.roa (raw, json)
Hash identifier:          zPHLha7fHXTphFd0MW4IKgBWz/QwBHTi+FK+SyxC94U=
Subject key identifier:   AF:32:65:A3:05:85:F4:08:B3:53:F8:22:5E:BC:CE:55:CA:D8:97:44
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0184F243CEA0D303AE3783C84AD60D294BD1
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/rzJlowWF9AizU_giXrzOVcrYl0Q.roa
Signing time:             Thu 08 Dec 2022 15:04:00 +0000
ROA not before:           Thu 08 Dec 2022 15:04:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24767
IP address blocks:        212.69.96.0/19 maxlen: 24
                          212.14.160.0/19 maxlen: 24
                          188.162.0.0/16 maxlen: 24
                          195.230.64.0/19 maxlen: 24
                          195.16.96.0/19 maxlen: 24
                          195.149.111.0/24 maxlen: 24
                          212.119.160.0/19 maxlen: 24
                          195.78.116.0/23 maxlen: 24
                          193.201.228.0/22 maxlen: 24
                          213.243.64.0/18 maxlen: 24
                          217.115.80.0/20 maxlen: 24
                          195.5.128.0/19 maxlen: 24
                          212.44.64.0/19 maxlen: 24
                          213.154.160.0/19 maxlen: 24
                          213.168.32.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f2:43:ce:a0:d3:03:ae:37:83:c8:4a:d6:0d:29:4b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Dec  8 15:04:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af3265a30585f408b353f8225ebcce55cad89744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:31:b0:1a:2b:88:bb:f7:72:29:ba:33:59:51:
                    8f:0d:46:d5:8b:d0:4e:67:42:5a:f3:2c:54:98:1f:
                    d1:d6:53:41:43:3a:97:93:b4:4f:fc:43:3d:39:5b:
                    e1:b5:3b:86:a5:4f:96:1a:31:81:45:a9:5b:85:ad:
                    bf:a8:82:67:69:25:82:d4:b1:55:bb:95:27:60:df:
                    5d:81:b9:79:9d:8a:36:fe:63:10:f6:25:d4:b0:c5:
                    75:bb:d9:8a:39:96:1b:35:2f:eb:c2:70:f2:21:5b:
                    8a:d9:e3:e2:b2:c4:2b:8e:e1:83:b8:b0:67:17:48:
                    47:c7:f1:f0:0d:14:57:2d:16:c4:03:b0:32:f8:82:
                    30:ec:a9:c4:80:b5:1b:ec:55:3d:ba:ed:aa:fe:5d:
                    c6:6d:06:ed:fb:54:63:b9:d8:0b:01:65:8e:b0:0c:
                    ca:c9:d7:a1:24:53:ad:7c:fa:3f:6f:71:22:bf:d4:
                    e0:6c:f4:20:52:8e:20:ee:e7:f5:eb:29:7f:f3:64:
                    62:a3:d0:5b:dc:4f:7e:a0:9e:b2:58:61:13:af:49:
                    c8:26:fb:04:55:2a:03:90:90:3a:c3:0d:89:a1:58:
                    c3:c6:5c:ea:ae:d9:2e:1c:75:34:f1:e8:56:98:80:
                    7d:4f:e4:48:13:37:52:3f:62:f8:2b:65:8f:0c:54:
                    0e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:32:65:A3:05:85:F4:08:B3:53:F8:22:5E:BC:CE:55:CA:D8:97:44
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/rzJlowWF9AizU_giXrzOVcrYl0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.162.0.0/16
                  193.201.228.0/22
                  195.5.128.0/19
                  195.16.96.0/19
                  195.78.116.0/23
                  195.149.111.0/24
                  195.230.64.0/19
                  212.14.160.0/19
                  212.44.64.0/19
                  212.69.96.0/19
                  212.119.160.0/19
                  213.154.160.0/19
                  213.168.32.0/19
                  213.243.64.0/18
                  217.115.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         05:92:0a:95:b1:d1:50:16:c8:8d:87:12:8a:0e:f3:e3:21:b8:
         10:f5:7d:df:86:cb:e1:42:40:e1:24:f3:4e:23:0e:1a:67:ad:
         d7:1a:d0:d8:15:a4:d7:f8:f6:79:7d:af:b3:bd:2a:99:2b:d6:
         b5:bd:3c:a7:87:43:ab:73:60:f6:6c:98:c7:d1:d4:b9:88:3a:
         32:72:68:3c:b7:87:b8:7e:20:d2:3f:60:20:f6:7d:16:a6:44:
         a9:c7:7a:12:8b:9b:72:3a:a1:cd:a2:09:dd:a3:4b:0e:8c:1a:
         35:5f:4e:21:26:3d:1b:68:6e:27:90:ed:7e:9a:f7:b0:08:e4:
         fa:d4:bb:c2:38:db:0a:8b:7c:ff:6b:23:5c:01:93:c5:0c:e1:
         0b:89:b2:13:8f:31:61:f0:a4:10:01:59:b3:90:c2:fc:15:ce:
         e2:31:a3:c3:1b:7b:27:b0:ce:97:3a:f8:5d:8b:39:00:b4:4a:
         cf:80:67:7f:f6:31:59:ab:e8:c5:ff:11:a1:45:0a:98:d9:5d:
         4a:40:51:2c:d5:a1:26:48:00:97:42:2c:b4:75:f5:93:3a:a2:
         c5:fe:d2:d1:39:28:c3:dd:a1:e8:a1:73:25:a5:ab:1f:34:a7:
         a6:99:f5:d9:82:36:77:f0:8f:94:27:35:48:81:1c:d4:92:4c:
         f0:bf:43:41
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYTyQ86g0wOuN4PIStYNKUvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjA4MTUwNDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMyNjVhMzA1ODVmNDA4YjM1M2Y4MjI1ZWJjY2U1NWNhZDg5NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzGwGiuIu/dyKbozWVGPDUbVi9BO
Z0Ja8yxUmB/R1lNBQzqXk7RP/EM9OVvhtTuGpU+WGjGBRalbha2/qIJnaSWC1LFV
u5UnYN9dgbl5nYo2/mMQ9iXUsMV1u9mKOZYbNS/rwnDyIVuK2ePissQrjuGDuLBn
F0hHx/HwDRRXLRbEA7Ay+IIw7KnEgLUb7FU9uu2q/l3GbQbt+1RjudgLAWWOsAzK
ydehJFOtfPo/b3Eiv9TgbPQgUo4g7uf16yl/82Rio9Bb3E9+oJ6yWGETr0nIJvsE
VSoDkJA6ww2JoVjDxlzqrtkuHHU08ehWmIB9T+RIEzdSP2L4K2WPDFQO5wIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFK8yZaMFhfQIs1P4Il68zlXK2JdEMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvcnpKbG93V0Y5QWl6VV9naVhyek9WY3JZbDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBfBAIAATBZAwMAvKIDBALB
yeQDBAXDBYADBAXDEGADBAHDTnQDBADDlW8DBAXD5kADBAXUDqADBAXULEADBAXU
RWADBAXUd6ADBAXVmqADBAXVqCADBAbV80ADBATZc1AwDQYJKoZIhvcNAQELBQAD
ggEBAAWSCpWx0VAWyI2HEooO8+MhuBD1fd+Gy+FCQOEk804jDhpnrdca0NgVpNf4
9nl9r7O9Kpkr1rW9PKeHQ6tzYPZsmMfR1LmIOjJyaDy3h7h+INI/YCD2fRamRKnH
ehKLm3I6oc2iCd2jSw6MGjVfTiEmPRtobieQ7X6a97AI5PrUu8I42wqLfP9rI1wB
k8UM4QuJshOPMWHwpBABWbOQwvwVzuIxo8Mbeyewzpc6+F2LOQC0Ss+AZ3/2MVmr
6MX/EaFFCpjZXUpAUSzVoSZIAJdCLLR19ZM6osX+0tE5KMPdoeihcyWlqx80p6aZ
9dmCNnfwj5QnNUiBHNSSTPC/Q0E=
-----END CERTIFICATE-----