Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/vmUg0yzYcnRJZC2n9pSGw6JlB2A.roa
File:                     vmUg0yzYcnRJZC2n9pSGw6JlB2A.roa (raw, json)
Hash identifier:          f45/pAD/SVLyT8PSsTHGZFNyd/9e/fwYtYXEyg22gkw=
Subject key identifier:   BE:65:20:D3:2C:D8:72:74:49:64:2D:A7:F6:94:86:C3:A2:65:07:60
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       019420D5C12CAA742266B0F3B48D4E61D0F5
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/vmUg0yzYcnRJZC2n9pSGw6JlB2A.roa
Signing time:             Wed 01 Jan 2025 07:47:47 +0000
ROA not before:           Wed 01 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210644
IP address blocks:        2a12:5940::/32 maxlen: 32
                          2a12:5940:1::/48 maxlen: 48
                          2a12:5940:1000::/36 maxlen: 36
                          2a12:5940:2000::/36 maxlen: 36
                          2a12:5940:3000::/36 maxlen: 36
                          2a12:5940:4000::/36 maxlen: 36
                          2a12:5940:5000::/36 maxlen: 36
                          2a12:5940:6000::/36 maxlen: 36
                          2a12:5940:7000::/36 maxlen: 36
                          2a12:5940:8000::/36 maxlen: 36
                          2a12:5940:9000::/36 maxlen: 36
                          2a12:5940:a000::/36 maxlen: 36
                          2a12:5940:b000::/36 maxlen: 36
                          2a12:5940:c000::/36 maxlen: 36
                          2a12:5940:d000::/36 maxlen: 36
                          2a12:5940:d000::/48 maxlen: 48
                          2a12:5940:e000::/36 maxlen: 36
                          2a12:5940:f000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c1:2c:aa:74:22:66:b0:f3:b4:8d:4e:61:d0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Jan  1 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be6520d32cd8727449642da7f69486c3a2650760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:50:36:5b:54:56:d4:70:7b:b9:05:f5:2e:1f:
                    4c:dd:6c:ac:e3:9f:fc:db:3b:83:d3:ab:3c:c5:8f:
                    64:cf:8b:fd:9a:85:9f:b4:47:4c:33:c4:e4:4f:02:
                    b8:52:23:e2:db:9c:a5:7f:6f:f2:41:88:a9:ba:22:
                    d4:c3:02:8d:20:c4:e7:5a:10:39:9f:e7:78:c9:ec:
                    6b:3f:09:f9:fb:bd:7a:d3:2b:03:36:25:d8:db:8b:
                    f2:18:3b:c5:cd:b8:1e:96:1a:c9:c5:4f:5c:fa:74:
                    f5:d9:a0:a7:b7:95:f7:4d:72:d4:6d:b7:2d:7d:f7:
                    5e:a2:e1:ef:e8:1b:81:6d:3c:5c:cd:56:08:21:0b:
                    0c:a4:b1:e4:82:e3:04:f9:23:47:43:d3:c2:d9:9e:
                    95:a3:92:c7:f8:bd:b2:90:55:dc:76:8b:6f:b4:54:
                    5c:09:b6:a7:2d:4a:16:f5:02:7b:93:15:c8:5b:b1:
                    e9:1b:f8:92:25:ef:48:50:1c:fb:b9:c0:a8:d2:f3:
                    35:77:a4:ff:e8:fc:47:28:38:c6:f6:c1:90:52:98:
                    aa:d5:6b:f4:b6:99:d0:0b:09:a9:59:9c:b7:0a:0e:
                    fe:b8:59:e8:c4:bc:58:61:e6:d4:83:c1:ae:7c:b5:
                    06:14:6c:dd:f9:99:8d:12:66:b1:6e:10:84:48:3d:
                    a6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:65:20:D3:2C:D8:72:74:49:64:2D:A7:F6:94:86:C3:A2:65:07:60
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/vmUg0yzYcnRJZC2n9pSGw6JlB2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5940::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:0b:cf:ee:10:91:3b:1b:66:e6:55:8f:9e:63:c1:99:9c:b1:
         02:bf:88:f9:58:1a:c0:9e:c5:14:9e:3f:74:ca:3a:8b:ea:37:
         3d:f4:04:e8:bc:a4:56:08:6e:e4:7c:89:eb:b7:4f:b0:58:4c:
         12:60:aa:6f:6a:43:a1:5f:cb:61:be:e5:bd:34:3f:4d:e9:97:
         df:85:83:97:d0:ad:b0:38:c1:7f:98:4b:d0:7b:07:b8:11:74:
         26:b6:4a:68:34:18:89:7b:78:72:96:a1:73:11:93:79:84:b3:
         35:8e:a1:92:5a:2d:0f:9f:ca:08:88:60:88:7b:38:64:2f:e3:
         51:fa:69:dc:6a:c9:9d:32:6c:9c:38:2f:a5:8e:98:a5:f6:bf:
         8c:d6:74:69:bf:e5:c8:ab:73:0c:68:a2:e1:bd:56:88:fc:f8:
         f0:6c:74:63:65:52:09:bb:6b:1f:b2:dc:ed:d5:f7:1e:b4:42:
         8b:ef:80:88:a6:5f:6d:76:1f:39:6f:24:d2:a5:da:40:30:16:
         fd:8b:75:c2:74:ec:04:50:f3:86:bc:27:4b:7a:b6:e6:13:42:
         f4:8b:75:90:53:60:80:e2:84:02:11:65:41:cb:ec:44:f6:5c:
         1f:e0:42:03:ba:f8:a7:c5:a0:31:92:5e:bc:9d:ce:4e:38:55:
         58:12:49:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1cEsqnQiZrDztI1OYdD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTY1MjBkMzJjZDg3Mjc0NDk2NDJkYTdmNjk0ODZjM2EyNjUwNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFA2W1RW1HB7uQX1Lh9M3Wys45/8
2zuD06s8xY9kz4v9moWftEdMM8TkTwK4UiPi25ylf2/yQYipuiLUwwKNIMTnWhA5
n+d4yexrPwn5+7160ysDNiXY24vyGDvFzbgelhrJxU9c+nT12aCnt5X3TXLUbbct
ffdeouHv6BuBbTxczVYIIQsMpLHkguME+SNHQ9PC2Z6Vo5LH+L2ykFXcdotvtFRc
CbanLUoW9QJ7kxXIW7HpG/iSJe9IUBz7ucCo0vM1d6T/6PxHKDjG9sGQUpiq1Wv0
tpnQCwmpWZy3Cg7+uFnoxLxYYebUg8GufLUGFGzd+ZmNEmaxbhCESD2mBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL5lINMs2HJ0SWQtp/aUhsOiZQdgMB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvdm1VZzB5elljblJKWkMybjlwU0d3NkpsQjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJZQDAN
BgkqhkiG9w0BAQsFAAOCAQEARwvP7hCROxtm5lWPnmPBmZyxAr+I+VgawJ7FFJ4/
dMo6i+o3PfQE6LykVghu5HyJ67dPsFhMEmCqb2pDoV/LYb7lvTQ/TemX34WDl9Ct
sDjBf5hL0HsHuBF0JrZKaDQYiXt4cpahcxGTeYSzNY6hklotD5/KCIhgiHs4ZC/j
Ufpp3GrJnTJsnDgvpY6Ypfa/jNZ0ab/lyKtzDGii4b1WiPz48Gx0Y2VSCbtrH7Lc
7dX3HrRCi++AiKZfbXYfOW8k0qXaQDAW/Yt1wnTsBFDzhrwnS3q25hNC9It1kFNg
gOKEAhFlQcvsRPZcH+BCA7r4p8WgMZJevJ3OTjhVWBJJKg==
-----END CERTIFICATE-----