Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/yu9wHeNN9TadONpdFJDPVyyoWGY.roa
File:                     yu9wHeNN9TadONpdFJDPVyyoWGY.roa (raw, json)
Hash identifier:          PEOTovTwm3OBSyT0paVn7ex6UZ0Hs/vcgcpTRm80FKY=
Subject key identifier:   CA:EF:70:1D:E3:4D:F5:36:9D:38:DA:5D:14:90:CF:57:2C:A8:58:66
Certificate issuer:       /CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
Certificate serial:       019422FB21C6288683F4CAB29A183F02E07E
Authority key identifier: 45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/yu9wHeNN9TadONpdFJDPVyyoWGY.roa
Signing time:             Wed 01 Jan 2025 17:47:50 +0000
ROA not before:           Wed 01 Jan 2025 17:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24679
IP address blocks:        81.3.0.0/18 maxlen: 24
                          83.246.0.0/17 maxlen: 24
                          185.148.168.0/22 maxlen: 24
                          193.201.52.0/22 maxlen: 24
                          193.238.228.0/22 maxlen: 24
                          195.47.229.0/24 maxlen: 24
                          217.175.224.0/19 maxlen: 24
                          217.195.32.0/20 maxlen: 24
                          2a02:790::/32 maxlen: 48
                          2a07:60c0::/29 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:21:c6:28:86:83:f4:ca:b2:9a:18:3f:02:e0:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
        Validity
            Not Before: Jan  1 17:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caef701de34df5369d38da5d1490cf572ca85866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d5:02:3a:23:23:5c:20:bc:48:80:bc:d0:03:
                    33:a7:30:cd:ed:93:43:b0:a8:38:26:c9:df:0f:e7:
                    9d:fa:21:29:1e:a4:08:47:ed:20:e2:7a:00:51:9a:
                    fc:1a:43:31:ea:b1:5a:74:da:e3:de:ca:c9:4e:82:
                    22:17:52:11:55:42:4d:83:d2:ae:41:db:4b:47:e3:
                    1d:48:aa:e6:6e:1e:a5:d4:f1:83:2a:ed:da:9c:2a:
                    18:4e:5a:20:e3:bd:26:d3:0a:4d:25:34:16:4a:84:
                    ed:68:87:79:0b:fe:1b:e9:99:25:e6:f1:f0:94:c5:
                    c4:0a:a0:9f:ab:46:59:54:7a:87:ae:d9:91:86:a9:
                    2f:17:ae:58:13:01:d4:e1:7e:8f:03:b0:79:05:4c:
                    09:ce:b8:01:0c:f1:39:7f:7d:dd:24:53:41:73:b8:
                    a0:4c:8e:70:0d:1f:25:fc:f1:a1:a2:a0:8c:28:65:
                    1d:29:b5:f9:f2:da:dc:95:bb:3d:f3:b3:38:d4:a0:
                    b0:a9:49:da:a6:4c:f3:ff:99:32:43:34:34:05:4c:
                    86:56:13:fd:2d:d9:4d:6c:ff:56:a2:73:fa:53:e8:
                    03:5e:da:9c:f8:98:bb:e1:e2:c6:2b:6a:1d:7e:2e:
                    a3:24:38:fc:f1:1e:c0:7f:f1:4b:b4:3b:69:60:a4:
                    ab:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EF:70:1D:E3:4D:F5:36:9D:38:DA:5D:14:90:CF:57:2C:A8:58:66
            X509v3 Authority Key Identifier:
                keyid:45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/yu9wHeNN9TadONpdFJDPVyyoWGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.3.0.0/18
                  83.246.0.0/17
                  185.148.168.0/22
                  193.201.52.0/22
                  193.238.228.0/22
                  195.47.229.0/24
                  217.175.224.0/19
                  217.195.32.0/20
                IPv6:
                  2a02:790::/32
                  2a07:60c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:42:6a:fc:72:b0:49:a8:4f:f3:08:ce:6e:e9:3a:4a:69:f4:
         29:0e:91:09:9e:09:3a:25:4b:a9:96:27:11:1e:04:97:99:ed:
         e1:26:53:d7:1f:41:8e:80:d0:f7:25:ef:3b:2f:b0:3d:85:42:
         ae:36:bd:7b:76:50:32:b5:ad:fb:2a:86:9d:23:7f:fe:b1:a0:
         f5:d3:f8:a2:89:93:50:3f:f4:b4:e1:8b:28:ed:c6:80:ad:fd:
         c4:70:23:f0:34:8f:99:4b:35:12:96:af:d5:63:43:8c:cf:de:
         36:95:21:30:f0:52:4c:52:fc:c2:5e:c5:a5:e7:0e:f9:e8:08:
         9c:a2:8d:b0:1b:75:81:36:e5:16:18:f1:ae:a1:b7:b6:c1:8a:
         7f:74:37:12:9e:6c:41:6a:81:68:94:b4:6c:7d:6d:ec:65:7b:
         d8:69:73:a2:ef:f3:2e:0e:5b:b3:65:45:b3:eb:40:97:9d:cd:
         00:3d:f9:6c:3c:40:32:af:64:5d:28:f0:42:1a:95:75:42:6d:
         e7:cf:46:58:0a:40:28:0f:b2:11:fd:e0:4d:71:a7:2b:57:d6:
         de:50:0a:99:a5:04:46:80:a9:0d:98:58:63:b8:bc:3e:f4:cc:
         32:45:0b:d3:c7:a4:e2:e4:f1:45:45:47:16:7c:9c:4c:ed:eb:
         d8:01:b0:3c
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQi+yHGKIaD9Mqymhg/AuB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1Yjk4NTRiMDQ0NTk0ZTZjZjA4NDZmYjQxZGU3YjA5MDhm
YjVmNzIwHhcNMjUwMTAxMTc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVmNzAxZGUzNGRmNTM2OWQzOGRhNWQxNDkwY2Y1NzJjYTg1ODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdUCOiMjXCC8SIC80AMzpzDN7ZND
sKg4JsnfD+ed+iEpHqQIR+0g4noAUZr8GkMx6rFadNrj3srJToIiF1IRVUJNg9Ku
QdtLR+MdSKrmbh6l1PGDKu3anCoYTlog470m0wpNJTQWSoTtaId5C/4b6Zkl5vHw
lMXECqCfq0ZZVHqHrtmRhqkvF65YEwHU4X6PA7B5BUwJzrgBDPE5f33dJFNBc7ig
TI5wDR8l/PGhoqCMKGUdKbX58trclbs987M41KCwqUnapkzz/5kyQzQ0BUyGVhP9
LdlNbP9WonP6U+gDXtqc+Ji74eLGK2odfi6jJDj88R7Af/FLtDtpYKSruwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMrvcB3jTfU2nTjaXRSQz1csqFhmMB8GA1UdIwQY
MBaAFEW5hUsERZTmzwhG+0HeewkI+19yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMt
NGIyMmZjNTE4NGEyLzEveXU5d0hlTk45VGFkT05wZEZKRFBWeXlvV0dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMtNGIyMmZjNTE4NGEy
LzEvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQGUQMAAwQH
U/YAAwQCuZSoAwQCwck0AwQCwe7kAwQAwy/lAwQF2a/gAwQE2cMgMBQEAgACMA4D
BQAqAgeQAwUDKgdgwDANBgkqhkiG9w0BAQsFAAOCAQEApEJq/HKwSahP8wjObuk6
Smn0KQ6RCZ4JOiVLqZYnER4El5nt4SZT1x9BjoDQ9yXvOy+wPYVCrja9e3ZQMrWt
+yqGnSN//rGg9dP4oomTUD/0tOGLKO3GgK39xHAj8DSPmUs1Epav1WNDjM/eNpUh
MPBSTFL8wl7FpecO+egInKKNsBt1gTblFhjxrqG3tsGKf3Q3Ep5sQWqBaJS0bH1t
7GV72Glzou/zLg5bs2VFs+tAl53NAD35bDxAMq9kXSjwQhqVdUJt589GWApAKA+y
Ef3gTXGnK1fW3lAKmaUERoCpDZhYY7i8PvTMMkUL08ek4uTxRUVHFnycTO3r2AGw
PA==
-----END CERTIFICATE-----