Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/d2f2c0-51ab-4ada-a26e-25b5bc8dd63c/1/xww2WqWK8y6AuJQvwfqiNh3UVt4.roa
File:                     xww2WqWK8y6AuJQvwfqiNh3UVt4.roa (raw, json)
Hash identifier:          Pqfq35zUjdOhAoxhgAWph1VMhA742yvhVIuMxG2Ctc4=
Subject key identifier:   C7:0C:36:5A:A5:8A:F3:2E:80:B8:94:2F:C1:FA:A2:36:1D:D4:56:DE
Certificate issuer:       /CN=b30bf5d9085fe5afe5e201d7c236cef9be9235af
Certificate serial:       01837AA2730113C0C011D69D2AAAA5592142
Authority key identifier: B3:0B:F5:D9:08:5F:E5:AF:E5:E2:01:D7:C2:36:CE:F9:BE:92:35:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/swv12Qhf5a_l4gHXwjbO-b6SNa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/d2f2c0-51ab-4ada-a26e-25b5bc8dd63c/1/xww2WqWK8y6AuJQvwfqiNh3UVt4.roa
Signing time:             Mon 26 Sep 2022 16:30:10 +0000
ROA not before:           Mon 26 Sep 2022 16:30:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42237
IP address blocks:        193.105.134.0/24 maxlen: 24
                          91.236.116.0/24 maxlen: 24
                          185.217.2.0/24 maxlen: 24
                          185.217.1.0/24 maxlen: 24
                          185.217.0.0/24 maxlen: 24
                          185.246.130.0/23 maxlen: 23
                          185.246.128.0/22 maxlen: 22
                          2a0d:8986::/32 maxlen: 32
                          2a0d:8985::/32 maxlen: 32
                          2a0d:8982::/32 maxlen: 32
                          2a0d:8981::/32 maxlen: 32
                          2a0b:c040::/32 maxlen: 32
                          2a0d:8987::/32 maxlen: 32
                          2a0d:8984::/32 maxlen: 32
                          2a0d:8980::/32 maxlen: 32
                          2a0b:c041::/32 maxlen: 32
                          2a0d:8983::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7a:a2:73:01:13:c0:c0:11:d6:9d:2a:aa:a5:59:21:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b30bf5d9085fe5afe5e201d7c236cef9be9235af
        Validity
            Not Before: Sep 26 16:30:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c70c365aa58af32e80b8942fc1faa2361dd456de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b9:b3:16:f4:9e:c1:a0:7a:60:75:31:3d:16:
                    77:64:dd:5e:e3:1f:34:d5:ba:a4:e4:2c:24:74:1d:
                    10:48:f2:98:15:a6:5c:0d:d2:32:8f:27:46:7e:08:
                    ae:86:e8:25:f7:e6:4f:dc:da:33:cb:fb:b3:b3:e9:
                    5a:fb:51:7a:c2:6c:06:16:c1:6a:0d:ae:4a:ea:04:
                    28:95:71:2f:4c:83:e4:60:53:db:0c:5a:7e:05:c5:
                    fb:8f:62:02:12:24:30:e3:5f:bc:b9:5e:78:5a:7a:
                    a9:23:02:0a:c8:b6:41:af:8d:6d:88:27:7a:ae:f0:
                    77:5e:56:c2:13:63:33:6f:81:69:9c:13:b8:99:fc:
                    9c:26:93:4d:6e:62:bd:8a:de:c4:86:90:8f:40:cc:
                    96:4c:a1:0a:02:75:f3:5f:cf:7b:90:cb:39:94:c5:
                    60:f6:67:bc:80:23:30:47:32:e5:67:20:ee:c7:d7:
                    db:e4:ab:0d:fb:84:bb:46:73:c4:6e:ba:37:ee:dc:
                    a6:7b:57:f3:a1:50:6c:94:fb:b7:49:af:bb:61:75:
                    82:b5:c3:8f:57:37:27:c7:1f:d8:0a:1a:cd:38:95:
                    2f:e7:18:1d:ac:b0:67:f4:b4:b9:c0:09:08:e9:b7:
                    0a:f9:33:85:25:e6:93:80:b0:a3:ec:17:c1:e8:11:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0C:36:5A:A5:8A:F3:2E:80:B8:94:2F:C1:FA:A2:36:1D:D4:56:DE
            X509v3 Authority Key Identifier:
                keyid:B3:0B:F5:D9:08:5F:E5:AF:E5:E2:01:D7:C2:36:CE:F9:BE:92:35:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swv12Qhf5a_l4gHXwjbO-b6SNa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d2f2c0-51ab-4ada-a26e-25b5bc8dd63c/1/xww2WqWK8y6AuJQvwfqiNh3UVt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d2f2c0-51ab-4ada-a26e-25b5bc8dd63c/1/swv12Qhf5a_l4gHXwjbO-b6SNa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.116.0/24
                  185.217.0.0-185.217.2.255
                  185.246.128.0/22
                  193.105.134.0/24
                IPv6:
                  2a0b:c040::/31
                  2a0d:8980::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:05:2b:4d:48:b5:ed:69:84:27:6f:3f:fd:b4:6f:89:1b:ea:
         bc:63:62:d0:29:7f:14:94:80:a0:f1:90:4d:24:da:98:e4:41:
         ba:1d:cf:5c:12:2d:8e:86:48:40:5d:da:da:3d:be:da:c0:85:
         58:ef:2b:55:a0:51:cd:84:d5:c0:b8:13:ed:d2:0a:76:87:38:
         c0:ca:c0:b5:b6:dd:90:c8:d5:54:e6:d6:86:b4:f4:47:ac:00:
         75:8b:ff:71:27:06:d6:25:a6:36:a9:ac:b0:b1:1f:da:9b:e5:
         3f:23:c1:ce:bf:77:4f:7e:ff:66:65:2a:ff:02:c8:f2:11:44:
         c2:3b:60:b8:fc:25:1f:b9:cc:ab:f4:37:4a:b8:9c:8c:49:12:
         1e:bc:81:2c:cd:0c:e2:89:99:26:d3:30:ac:0d:84:55:dc:73:
         67:da:62:66:21:89:58:78:77:67:53:bd:93:94:33:04:86:9d:
         b0:3f:91:94:ab:b5:e3:89:25:51:fc:6c:e8:df:8f:c2:5a:4c:
         5c:b8:81:c0:00:61:fb:83:23:bd:fb:20:70:5e:8e:de:6b:3a:
         dd:06:ba:fa:7a:05:b0:55:82:b0:e3:e0:3a:f1:e1:ab:e9:f0:
         7a:61:5f:69:db:32:41:fe:61:40:c1:12:99:f1:7b:ab:cd:5a:
         88:86:82:e2
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYN6onMBE8DAEdadKqqlWSFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMGJmNWQ5MDg1ZmU1YWZlNWUyMDFkN2MyMzZjZWY5YmU5
MjM1YWYwHhcNMjIwOTI2MTYzMDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzBjMzY1YWE1OGFmMzJlODBiODk0MmZjMWZhYTIzNjFkZDQ1NmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLmzFvSewaB6YHUxPRZ3ZN1e4x80
1bqk5CwkdB0QSPKYFaZcDdIyjydGfgiuhugl9+ZP3Nozy/uzs+la+1F6wmwGFsFq
Da5K6gQolXEvTIPkYFPbDFp+BcX7j2ICEiQw41+8uV54WnqpIwIKyLZBr41tiCd6
rvB3XlbCE2Mzb4FpnBO4mfycJpNNbmK9it7EhpCPQMyWTKEKAnXzX897kMs5lMVg
9me8gCMwRzLlZyDux9fb5KsN+4S7RnPEbro37tyme1fzoVBslPu3Sa+7YXWCtcOP
Vzcnxx/YChrNOJUv5xgdrLBn9LS5wAkI6bcK+TOFJeaTgLCj7BfB6BF8MwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFMcMNlqlivMugLiUL8H6ojYd1FbeMB8GA1UdIwQY
MBaAFLML9dkIX+Wv5eIB18I2zvm+kjWvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3d2MTJRaGY1YV9sNGdIWHdqYk8tYjZTTmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9kMmYyYzAtNTFhYi00YWRhLWEyNmUt
MjViNWJjOGRkNjNjLzEveHd3MldxV0s4eTZBdUpRdndmcWlOaDNVVnQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9kMmYyYzAtNTFhYi00YWRhLWEyNmUtMjViNWJjOGRkNjNj
LzEvc3d2MTJRaGY1YV9sNGdIWHdqYk8tYjZTTmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAlBAIAATAfAwQAW+x0MAsD
AwC52QMEALnZAgMEArn2gAMEAMFphjAUBAIAAjAOAwUBKgvAQAMFAyoNiYAwDQYJ
KoZIhvcNAQELBQADggEBABYFK01Ite1phCdvP/20b4kb6rxjYtApfxSUgKDxkE0k
2pjkQbodz1wSLY6GSEBd2to9vtrAhVjvK1WgUc2E1cC4E+3SCnaHOMDKwLW23ZDI
1VTm1oa09EesAHWL/3EnBtYlpjaprLCxH9qb5T8jwc6/d09+/2ZlKv8CyPIRRMI7
YLj8JR+5zKv0N0q4nIxJEh68gSzNDOKJmSbTMKwNhFXcc2faYmYhiVh4d2dTvZOU
MwSGnbA/kZSrteOJJVH8bOjfj8JaTFy4gcAAYfuDI737IHBejt5rOt0Guvp6BbBV
grDj4Drx4avp8HphX2nbMkH+YUDBEpnxe6vNWoiGguI=
-----END CERTIFICATE-----