Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/2/AS61138.roa
File:                     AS61138.roa (raw, json)
Hash identifier:          iKG4fiOAZ568+GqqCJ4Ad5nN9G3LoHWOq5cJj5GpvBA=
Subject key identifier:   C5:0B:9B:7A:5E:2B:D5:C5:F2:7E:D5:32:EE:99:BC:E3:F9:2C:FE:5D
Certificate issuer:       /CN=d12ea65dee9873b5dcf3c6c0224faea6fcb8aea6
Certificate serial:       082B729F903DB4C7925B46E4FECCCA2D0DF3C6F2
Authority key identifier: D1:2E:A6:5D:EE:98:73:B5:DC:F3:C6:C0:22:4F:AE:A6:FC:B8:AE:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0S6mXe6Yc7Xc88bAIk-upvy4rqY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/2/AS61138.roa
Signing time:             Sun 01 Jan 2023 23:59:21 +0000
ROA not before:           Sun 01 Jan 2023 23:54:21 +0000
ROA not after:            Sun 31 Dec 2023 23:59:21 +0000
asID:                     61138
IP address blocks:        5.253.84.0/22 maxlen: 24
                          185.90.60.0/22 maxlen: 24
                          185.99.132.0/22 maxlen: 24
                          185.121.160.0/22 maxlen: 24
                          185.121.168.0/22 maxlen: 24
                          185.121.168.0/24 maxlen: 24
                          185.121.176.0/22 maxlen: 24
                          185.147.32.0/22 maxlen: 24
                          185.195.236.0/22 maxlen: 24
                          185.195.239.0/24 maxlen: 24
                          185.214.172.0/22 maxlen: 24
                          185.236.212.0/22 maxlen: 24
                          2a06:1280::/32 maxlen: 48
                          2a06:a004::/32 maxlen: 48
                          2a06:a006::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:2b:72:9f:90:3d:b4:c7:92:5b:46:e4:fe:cc:ca:2d:0d:f3:c6:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d12ea65dee9873b5dcf3c6c0224faea6fcb8aea6
        Validity
            Not Before: Jan  1 23:54:21 2023 GMT
            Not After : Dec 31 23:59:21 2023 GMT
        Subject: CN=C50B9B7A5E2BD5C5F27ED532EE99BCE3F92CFE5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0d:12:a5:81:06:1c:c9:77:2b:a6:9c:bf:e7:
                    28:9b:96:62:b8:e5:a1:24:c8:3f:6e:6d:f6:cc:3a:
                    e0:a0:96:21:b0:25:ea:eb:90:34:b8:28:91:5f:35:
                    1e:25:62:e1:96:db:34:8f:73:36:1c:4d:3f:9d:2c:
                    2f:00:b3:d5:23:10:3e:9c:3f:fc:64:a6:75:75:18:
                    68:88:54:36:4b:1d:5d:67:30:7b:e9:ff:92:80:87:
                    99:c1:ca:81:82:b9:a8:40:72:57:db:03:e6:9b:ee:
                    5f:ea:66:15:84:f7:09:b2:dd:16:6a:a9:fa:17:7f:
                    3e:2a:e3:9c:e8:c9:7b:c3:c9:9f:08:8a:9e:b3:d0:
                    58:0f:f9:99:25:cc:b9:86:e3:ea:d6:80:c8:bd:9f:
                    f2:67:d9:57:93:cf:19:e0:2e:d1:c9:84:46:d9:d9:
                    66:f6:48:05:f6:ee:51:cc:ee:d1:e8:da:c1:e1:ed:
                    db:88:ab:e8:3b:96:77:a8:9b:d6:f3:be:5b:cc:cf:
                    8e:60:0d:cb:56:9f:a3:12:0a:3b:0d:92:eb:13:db:
                    6f:9a:fb:1b:de:e8:60:60:5b:09:a7:f4:c1:6a:37:
                    35:51:9e:a1:60:ca:17:91:91:bc:f4:02:ed:1e:88:
                    b4:b7:0e:b1:b5:40:3b:54:b5:62:3f:53:cb:99:33:
                    5e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:0B:9B:7A:5E:2B:D5:C5:F2:7E:D5:32:EE:99:BC:E3:F9:2C:FE:5D
            X509v3 Authority Key Identifier:
                keyid:D1:2E:A6:5D:EE:98:73:B5:DC:F3:C6:C0:22:4F:AE:A6:FC:B8:AE:A6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/2/D12EA65DEE9873B5DCF3C6C0224FAEA6FCB8AEA6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0S6mXe6Yc7Xc88bAIk-upvy4rqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/2/AS61138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.84.0/22
                  185.90.60.0/22
                  185.99.132.0/22
                  185.121.160.0/22
                  185.121.168.0/22
                  185.121.176.0/22
                  185.147.32.0/22
                  185.195.236.0/22
                  185.214.172.0/22
                  185.236.212.0/22
                IPv6:
                  2a06:1280::/32
                  2a06:a004::/32
                  2a06:a006::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:b6:41:81:28:7e:a7:de:87:11:b7:85:93:28:f1:a5:ee:18:
         b6:68:8a:12:70:17:f2:7e:4e:58:e7:0b:42:7e:d4:f3:5d:b0:
         79:d9:14:7d:23:8d:57:7a:4f:74:bf:9f:d6:a4:54:bf:ea:51:
         63:b3:71:9e:0b:67:eb:a6:0d:2c:c4:56:be:ed:4f:82:ec:a1:
         53:17:8b:98:0a:f5:58:5a:a7:65:0a:ce:39:ba:d0:55:9c:2b:
         02:a2:41:ea:59:57:42:d2:42:91:40:6b:73:c9:e2:8d:a1:ab:
         0b:24:2e:68:53:dd:17:7b:46:bd:4a:40:92:94:2a:86:f4:94:
         bf:86:72:9a:2a:83:ee:a1:1b:27:3f:6a:2f:2f:6a:e5:c0:68:
         91:a5:c7:54:a8:bf:b9:7f:33:c3:9b:f1:60:bb:af:95:6b:2c:
         ab:28:2b:e5:96:5a:e6:4d:e6:47:6a:31:fd:74:72:7b:04:75:
         a7:48:e4:f0:80:26:1e:c7:e6:2d:7b:81:49:ab:8e:93:ee:42:
         a8:3a:e9:63:7b:24:4a:9a:1f:6d:ad:6e:54:7e:59:8b:b4:0f:
         71:f6:20:60:94:7f:ce:e1:32:ea:b2:5b:1d:6a:8a:45:2d:46:
         a9:9a:41:6f:ff:50:fc:5d:c3:30:26:73:ff:a4:01:13:b2:59:
         05:68:f5:1c
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIUCCtyn5A9tMeSW0bk/szKLQ3zxvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDEyZWE2NWRlZTk4NzNiNWRjZjNjNmMwMjI0ZmFlYTZm
Y2I4YWVhNjAeFw0yMzAxMDEyMzU0MjFaFw0yMzEyMzEyMzU5MjFaMDMxMTAvBgNV
BAMTKEM1MEI5QjdBNUUyQkQ1QzVGMjdFRDUzMkVFOTlCQ0UzRjkyQ0ZFNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgDRKlgQYcyXcrppy/5yiblmK4
5aEkyD9ubfbMOuCgliGwJerrkDS4KJFfNR4lYuGW2zSPczYcTT+dLC8As9UjED6c
P/xkpnV1GGiIVDZLHV1nMHvp/5KAh5nByoGCuahAclfbA+ab7l/qZhWE9wmy3RZq
qfoXfz4q45zoyXvDyZ8Iip6z0FgP+ZklzLmG4+rWgMi9n/Jn2VeTzxngLtHJhEbZ
2Wb2SAX27lHM7tHo2sHh7duIq+g7lneom9bzvlvMz45gDctWn6MSCjsNkusT22+a
+xve6GBgWwmn9MFqNzVRnqFgyheRkbz0Au0eiLS3DrG1QDtUtWI/U8uZM14ZAgMB
AAGjggJcMIICWDAdBgNVHQ4EFgQUxQubel4r1cXyftUy7pm84/ks/l0wHwYDVR0j
BBgwFoAU0S6mXe6Yc7Xc88bAIk+upvy4rqYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjhlN2Q4NjctYzM1ZS00ZTY5LWE4MTUtYmExZTliMzM2
ZDYyLzIvRDEyRUE2NURFRTk4NzNCNURDRjNDNkMwMjI0RkFFQTZGQ0I4QUVBNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBTNm1YZTZZYzdYYzg4YkFJay11cHZ5
NHJxWS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y4ZTdkODY3LWMzNWUt
NGU2OS1hODE1LWJhMWU5YjMzNmQ2Mi8yL0FTNjExMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwcgYIKwYBBQUHAQcBAf8EYzBhMEIEAgABMDwDBAIF/VQD
BAK5WjwDBAK5Y4QDBAK5eaADBAK5eagDBAK5ebADBAK5kyADBAK5w+wDBAK51qwD
BAK57NQwGwQCAAIwFQMFACoGEoADBQAqBqAEAwUAKgagBjANBgkqhkiG9w0BAQsF
AAOCAQEABLZBgSh+p96HEbeFkyjxpe4YtmiKEnAX8n5OWOcLQn7U812wedkUfSON
V3pPdL+f1qRUv+pRY7Nxngtn66YNLMRWvu1PguyhUxeLmAr1WFqnZQrOObrQVZwr
AqJB6llXQtJCkUBrc8nijaGrCyQuaFPdF3tGvUpAkpQqhvSUv4ZymiqD7qEbJz9q
Ly9q5cBokaXHVKi/uX8zw5vxYLuvlWssqygr5ZZa5k3mR2ox/XRyewR1p0jk8IAm
HsfmLXuBSauOk+5CqDrpY3skSpofba1uVH5Zi7QPcfYgYJR/zuEy6rJbHWqKRS1G
qZpBb/9Q/F3DMCZz/6QBE7JZBWj1HA==
-----END CERTIFICATE-----