Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/95e78a-57e7-4a58-9316-288bd6b9e092/1/oYN-xEgthMX6BgqQj-bh64ja1bk.roa
File:                     oYN-xEgthMX6BgqQj-bh64ja1bk.roa (raw, json)
Hash identifier:          8leElJrffVMTUUW5kNCuJqBLVmXqGN0IP+rEWgg1vBU=
Subject key identifier:   A1:83:7E:C4:48:2D:84:C5:FA:06:0A:90:8F:E6:E1:EB:88:DA:D5:B9
Certificate issuer:       /CN=5a61102ed4d66dcd952de01304e0afe1384d00bf
Certificate serial:       0185719E74A89B83826A0394F36DC93F88EB
Authority key identifier: 5A:61:10:2E:D4:D6:6D:CD:95:2D:E0:13:04:E0:AF:E1:38:4D:00:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WmEQLtTWbc2VLeATBOCv4ThNAL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/95e78a-57e7-4a58-9316-288bd6b9e092/1/oYN-xEgthMX6BgqQj-bh64ja1bk.roa
Signing time:             Mon 02 Jan 2023 08:34:48 +0000
ROA not before:           Mon 02 Jan 2023 08:34:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12886
IP address blocks:        170.81.52.0/22 maxlen: 22
                          62.204.160.0/19 maxlen: 19
                          212.118.192.0/19 maxlen: 19
                          103.21.236.0/22 maxlen: 22
                          103.192.160.0/22 maxlen: 22
                          170.84.228.0/22 maxlen: 22
                          128.65.144.0/21 maxlen: 21
                          185.88.92.0/22 maxlen: 22
                          103.234.232.0/22 maxlen: 22
                          94.101.120.0/22 maxlen: 22
                          193.23.64.0/19 maxlen: 19
                          103.51.228.0/22 maxlen: 22
                          103.76.96.0/22 maxlen: 22
                          2a02:f90::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:9e:74:a8:9b:83:82:6a:03:94:f3:6d:c9:3f:88:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a61102ed4d66dcd952de01304e0afe1384d00bf
        Validity
            Not Before: Jan  2 08:34:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a1837ec4482d84c5fa060a908fe6e1eb88dad5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:81:48:89:d7:b5:ae:1f:13:9e:7e:6f:14:c4:
                    7a:f2:21:41:50:68:50:14:ac:1c:13:f8:ab:82:18:
                    d1:25:f2:56:4c:06:0e:6c:53:cb:0e:20:7c:6a:71:
                    ef:0d:eb:ea:b6:f3:0c:21:4d:1a:d5:1c:57:d0:f7:
                    23:24:cf:44:7a:3f:6b:ea:24:e5:5f:f3:b1:7f:df:
                    3c:3f:b9:ce:63:43:e3:03:0f:23:08:b7:11:4e:bd:
                    17:9f:66:20:23:80:80:54:ba:91:f6:45:c9:a6:2f:
                    bc:c6:a9:72:f8:3d:a0:aa:57:bc:c1:22:2e:06:14:
                    94:e1:92:67:a5:b4:6a:fb:fa:36:0f:b0:35:5b:a4:
                    12:be:85:32:ef:14:7c:70:cb:df:9c:68:cf:d0:2e:
                    35:c0:e9:e0:7d:95:92:d6:ad:3b:82:4f:be:56:58:
                    73:71:88:48:b9:3d:4b:c9:f2:af:8a:bd:1c:f9:ee:
                    b9:1f:9f:a3:63:73:71:ba:19:03:5f:2d:ed:a9:03:
                    b7:cb:d4:51:47:f0:dc:0c:3e:66:4a:2b:94:d9:f1:
                    09:f5:0d:25:dc:13:fb:22:a6:7a:d3:2d:aa:43:cf:
                    43:d2:cb:73:d3:1c:c4:b4:77:41:b6:b2:ec:7c:20:
                    c7:76:be:11:85:3a:ab:cd:1a:ee:99:ef:de:b4:e7:
                    ea:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:83:7E:C4:48:2D:84:C5:FA:06:0A:90:8F:E6:E1:EB:88:DA:D5:B9
            X509v3 Authority Key Identifier:
                keyid:5A:61:10:2E:D4:D6:6D:CD:95:2D:E0:13:04:E0:AF:E1:38:4D:00:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WmEQLtTWbc2VLeATBOCv4ThNAL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/95e78a-57e7-4a58-9316-288bd6b9e092/1/oYN-xEgthMX6BgqQj-bh64ja1bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/95e78a-57e7-4a58-9316-288bd6b9e092/1/WmEQLtTWbc2VLeATBOCv4ThNAL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.160.0/19
                  94.101.120.0/22
                  103.21.236.0/22
                  103.51.228.0/22
                  103.76.96.0/22
                  103.192.160.0/22
                  103.234.232.0/22
                  128.65.144.0/21
                  170.81.52.0/22
                  170.84.228.0/22
                  185.88.92.0/22
                  193.23.64.0/19
                  212.118.192.0/19
                IPv6:
                  2a02:f90::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:3d:d4:b1:b3:93:42:79:25:e2:ed:88:8f:fb:d9:86:3a:c8:
         b5:f5:36:1e:d8:a4:35:9f:e3:51:f9:a1:77:e4:43:30:a3:a8:
         d1:a1:45:2f:b5:48:6d:16:a9:3e:7d:f1:d2:cf:ab:70:24:cb:
         66:ff:4a:2e:59:ab:a0:e7:5f:d6:0c:a9:0e:ae:a8:79:99:79:
         ea:99:87:f4:c5:7f:44:41:a8:7e:ef:0c:21:c6:c1:c7:bf:79:
         19:81:a5:16:5f:be:3e:20:21:e3:8f:28:d5:a2:31:50:ff:19:
         8b:32:75:08:3a:16:e3:46:f2:36:a4:2a:45:dc:26:b1:6f:c5:
         d5:c5:2a:21:88:0d:ab:df:e7:06:31:a9:c1:7b:7d:5c:d4:3c:
         8c:bf:f2:f4:96:05:8e:86:95:ab:75:b6:f0:61:a6:14:95:a6:
         5e:dd:a7:da:50:cc:45:b6:fa:49:e4:9e:d1:54:71:a6:a1:93:
         0b:03:20:f8:ac:00:13:ac:c6:9f:43:ca:d0:6b:8c:e9:59:3d:
         b9:49:b4:99:23:e0:a0:b6:10:74:bc:ea:b2:71:7a:05:8d:45:
         d8:f4:0d:c0:88:99:59:a9:34:7a:1f:20:bb:06:22:77:98:c0:
         00:eb:53:64:8e:a9:3d:ef:5e:75:d1:bb:ff:cb:8f:24:06:69:
         f3:2f:38:22
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYVxnnSom4OCagOU823JP4jrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNjExMDJlZDRkNjZkY2Q5NTJkZTAxMzA0ZTBhZmUxMzg0
ZDAwYmYwHhcNMjMwMTAyMDgzNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTgzN2VjNDQ4MmQ4NGM1ZmEwNjBhOTA4ZmU2ZTFlYjg4ZGFkNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYFIide1rh8Tnn5vFMR68iFBUGhQ
FKwcE/irghjRJfJWTAYObFPLDiB8anHvDevqtvMMIU0a1RxX0PcjJM9Eej9r6iTl
X/Oxf988P7nOY0PjAw8jCLcRTr0Xn2YgI4CAVLqR9kXJpi+8xqly+D2gqle8wSIu
BhSU4ZJnpbRq+/o2D7A1W6QSvoUy7xR8cMvfnGjP0C41wOngfZWS1q07gk++Vlhz
cYhIuT1LyfKvir0c+e65H5+jY3NxuhkDXy3tqQO3y9RRR/DcDD5mSiuU2fEJ9Q0l
3BP7IqZ60y2qQ89D0stz0xzEtHdBtrLsfCDHdr4RhTqrzRrume/etOfqmQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFKGDfsRILYTF+gYKkI/m4euI2tW5MB8GA1UdIwQY
MBaAFFphEC7U1m3NlS3gEwTgr+E4TQC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV21FUUx0VFdiYzJWTGVBVEJPQ3Y0VGhOQUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi85NWU3OGEtNTdlNy00YTU4LTkzMTYt
Mjg4YmQ2YjllMDkyLzEvb1lOLXhFZ3RoTVg2QmdxUWotYmg2NGphMWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi85NWU3OGEtNTdlNy00YTU4LTkzMTYtMjg4YmQ2YjllMDky
LzEvV21FUUx0VFdiYzJWTGVBVEJPQ3Y0VGhOQUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQFPsygAwQC
XmV4AwQCZxXsAwQCZzPkAwQCZ0xgAwQCZ8CgAwQCZ+roAwQDgEGQAwQCqlE0AwQC
qlTkAwQCuVhcAwQFwRdAAwQF1HbAMA0EAgACMAcDBQAqAg+QMA0GCSqGSIb3DQEB
CwUAA4IBAQAiPdSxs5NCeSXi7YiP+9mGOsi19TYe2KQ1n+NR+aF35EMwo6jRoUUv
tUhtFqk+ffHSz6twJMtm/0ouWaug51/WDKkOrqh5mXnqmYf0xX9EQah+7wwhxsHH
v3kZgaUWX74+ICHjjyjVojFQ/xmLMnUIOhbjRvI2pCpF3Caxb8XVxSohiA2r3+cG
ManBe31c1DyMv/L0lgWOhpWrdbbwYaYUlaZe3afaUMxFtvpJ5J7RVHGmoZMLAyD4
rAATrMafQ8rQa4zpWT25SbSZI+CgthB0vOqycXoFjUXY9A3AiJlZqTR6HyC7BiJ3
mMAA61Nkjqk971510bv/y48kBmnzLzgi
-----END CERTIFICATE-----