Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/bbd4c4-d2cd-41b7-9a4a-855169842eac/1/72VTQCjYYSOrAt62UXE-MVOAi5Y.roa
File:                     72VTQCjYYSOrAt62UXE-MVOAi5Y.roa (raw, json)
Hash identifier:          6ttogNhh3BYyLh2rBkYfp+rtVupKeNEmnhXEejJldUM=
Subject key identifier:   EF:65:53:40:28:D8:61:23:AB:02:DE:B6:51:71:3E:31:53:80:8B:96
Certificate issuer:       /CN=fde59773d5e03870c87d57090976fb33b03c685e
Certificate serial:       01856EAFDDDE177A0AFD17719EB4761B780A
Authority key identifier: FD:E5:97:73:D5:E0:38:70:C8:7D:57:09:09:76:FB:33:B0:3C:68:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_eWXc9XgOHDIfVcJCXb7M7A8aF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/bbd4c4-d2cd-41b7-9a4a-855169842eac/1/72VTQCjYYSOrAt62UXE-MVOAi5Y.roa
Signing time:             Sun 01 Jan 2023 18:54:57 +0000
ROA not before:           Sun 01 Jan 2023 18:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30889
IP address blocks:        195.214.240.0/21 maxlen: 24
                          45.145.124.0/22 maxlen: 24
                          79.98.96.0/21 maxlen: 24
                          185.172.16.0/22 maxlen: 24
                          194.177.32.0/19 maxlen: 24
                          185.95.120.0/22 maxlen: 24
                          185.196.248.0/22 maxlen: 24
                          185.15.128.0/22 maxlen: 24
                          193.27.194.0/23 maxlen: 24
                          185.149.8.0/22 maxlen: 24
                          2a03:bf40::/32 maxlen: 32
                          2a01:6d8::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:af:dd:de:17:7a:0a:fd:17:71:9e:b4:76:1b:78:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fde59773d5e03870c87d57090976fb33b03c685e
        Validity
            Not Before: Jan  1 18:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef65534028d86123ab02deb651713e3153808b96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:86:75:b4:85:4b:ad:30:c6:d2:70:aa:97:c1:
                    87:a8:c6:8e:93:d4:d8:cd:c8:79:8c:29:c8:81:db:
                    a9:b2:68:91:d4:d7:fe:7b:76:be:64:ae:cb:71:4a:
                    04:cb:a0:7a:3c:d8:67:2d:02:27:68:cc:a7:a8:3a:
                    0a:1a:7e:b4:9e:be:40:e4:82:df:59:cf:be:13:48:
                    18:28:d0:51:54:12:5a:21:ff:2c:7e:81:9b:8c:14:
                    8a:2f:f9:8f:11:b7:55:9f:71:ab:84:a9:54:56:3a:
                    13:89:36:9c:83:07:c3:6f:e6:e2:0e:b3:01:33:5e:
                    65:d9:61:e3:95:99:11:57:f5:26:eb:3b:17:85:b4:
                    7e:86:43:d8:27:b1:c5:a3:8d:87:8a:4a:e3:4d:8e:
                    a6:ba:ce:ea:63:6c:bd:9a:c4:35:18:c5:c2:49:ec:
                    34:f8:c6:ef:b0:a8:51:a3:0d:7d:f7:6b:b4:b3:ec:
                    17:c8:f6:98:ce:47:9c:cb:52:86:d3:e2:08:61:72:
                    33:14:74:d0:ea:ab:1a:64:f5:f5:ca:a1:9a:c8:18:
                    7c:d3:5a:d5:ff:bc:58:6f:af:1a:9c:ce:54:8a:79:
                    86:cb:5a:26:67:5b:75:2c:c3:91:e7:6c:2b:2d:b8:
                    84:a7:20:c2:79:bb:61:ce:53:80:16:fb:5f:34:f0:
                    fe:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:65:53:40:28:D8:61:23:AB:02:DE:B6:51:71:3E:31:53:80:8B:96
            X509v3 Authority Key Identifier:
                keyid:FD:E5:97:73:D5:E0:38:70:C8:7D:57:09:09:76:FB:33:B0:3C:68:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_eWXc9XgOHDIfVcJCXb7M7A8aF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/bbd4c4-d2cd-41b7-9a4a-855169842eac/1/72VTQCjYYSOrAt62UXE-MVOAi5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/bbd4c4-d2cd-41b7-9a4a-855169842eac/1/_eWXc9XgOHDIfVcJCXb7M7A8aF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.124.0/22
                  79.98.96.0/21
                  185.15.128.0/22
                  185.95.120.0/22
                  185.149.8.0/22
                  185.172.16.0/22
                  185.196.248.0/22
                  193.27.194.0/23
                  194.177.32.0/19
                  195.214.240.0/21
                IPv6:
                  2a01:6d8::/32
                  2a03:bf40::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:27:7e:70:c4:a3:6c:41:35:61:5f:a8:5e:86:8a:b1:1f:55:
         6e:c8:b0:0e:7c:39:ac:7f:2f:86:c9:bc:77:fe:cc:37:61:87:
         c8:37:ac:12:19:34:b5:07:10:9c:45:0e:1d:04:10:86:fa:b2:
         f9:c1:d0:65:46:ed:9a:7f:76:0b:d4:7d:28:d5:8f:8f:5f:35:
         f6:93:b7:2a:a2:de:0d:16:67:a4:cd:00:4d:1b:52:9a:3c:87:
         ac:06:1d:d0:91:61:fc:75:f5:f4:5c:b0:97:d4:8d:17:38:71:
         e4:3d:34:37:c9:4f:6d:77:29:29:0d:26:2a:66:88:5c:b2:c7:
         fd:95:2b:11:b7:97:52:f1:5a:4b:a5:3d:b5:75:b2:eb:e2:8e:
         cb:ca:12:63:67:0e:c0:9c:31:fa:00:d6:44:ac:9b:91:e3:33:
         80:40:45:77:d4:39:87:f2:68:86:d5:ad:fa:d3:ca:c1:d9:9f:
         2a:1c:e9:1c:fe:9d:e1:fc:3a:45:86:fa:be:4a:01:cd:37:85:
         a9:dc:7e:29:31:2a:4d:58:90:14:af:9d:0e:d3:ff:dc:51:0c:
         01:d1:eb:5c:8f:c5:76:72:d2:78:a3:16:50:5c:2e:fb:69:ea:
         f5:9b:09:34:6d:17:bc:b8:bf:5c:ac:46:65:df:fc:ed:75:8e:
         5a:c2:89:9a
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYVur93eF3oK/RdxnrR2G3gKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZTU5NzczZDVlMDM4NzBjODdkNTcwOTA5NzZmYjMzYjAz
YzY4NWUwHhcNMjMwMTAxMTg1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjY1NTM0MDI4ZDg2MTIzYWIwMmRlYjY1MTcxM2UzMTUzODA4Yjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oZ1tIVLrTDG0nCql8GHqMaOk9TY
zch5jCnIgdupsmiR1Nf+e3a+ZK7LcUoEy6B6PNhnLQInaMynqDoKGn60nr5A5ILf
Wc++E0gYKNBRVBJaIf8sfoGbjBSKL/mPEbdVn3GrhKlUVjoTiTacgwfDb+biDrMB
M15l2WHjlZkRV/Um6zsXhbR+hkPYJ7HFo42HikrjTY6mus7qY2y9msQ1GMXCSew0
+MbvsKhRow1992u0s+wXyPaYzkecy1KG0+IIYXIzFHTQ6qsaZPX1yqGayBh801rV
/7xYb68anM5UinmGy1omZ1t1LMOR52wrLbiEpyDCebthzlOAFvtfNPD+gwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFO9lU0Ao2GEjqwLetlFxPjFTgIuWMB8GA1UdIwQY
MBaAFP3ll3PV4DhwyH1XCQl2+zOwPGheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2VXWGM5WGdPSERJZlZjSkNYYjdNN0E4YUY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iYmQ0YzQtZDJjZC00MWI3LTlhNGEt
ODU1MTY5ODQyZWFjLzEvNzJWVFFDallZU09yQXQ2MlVYRS1NVk9BaTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iYmQ0YzQtZDJjZC00MWI3LTlhNGEtODU1MTY5ODQyZWFj
LzEvX2VXWGM5WGdPSERJZlZjSkNYYjdNN0E4YUY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQCLZF8AwQD
T2JgAwQCuQ+AAwQCuV94AwQCuZUIAwQCuawQAwQCucT4AwQBwRvCAwQFwrEgAwQD
w9bwMBQEAgACMA4DBQAqAQbYAwUAKgO/QDANBgkqhkiG9w0BAQsFAAOCAQEAGid+
cMSjbEE1YV+oXoaKsR9VbsiwDnw5rH8vhsm8d/7MN2GHyDesEhk0tQcQnEUOHQQQ
hvqy+cHQZUbtmn92C9R9KNWPj1819pO3KqLeDRZnpM0ATRtSmjyHrAYd0JFh/HX1
9Fywl9SNFzhx5D00N8lPbXcpKQ0mKmaIXLLH/ZUrEbeXUvFaS6U9tXWy6+KOy8oS
Y2cOwJwx+gDWRKybkeMzgEBFd9Q5h/JohtWt+tPKwdmfKhzpHP6d4fw6RYb6vkoB
zTeFqdx+KTEqTViQFK+dDtP/3FEMAdHrXI/FdnLSeKMWUFwu+2nq9ZsJNG0XvLi/
XKxGZd/87XWOWsKJmg==
-----END CERTIFICATE-----