Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/ca1cf4-acac-4555-bc40-e4322c9dde9c/1/vUK0PWq2rYFX03NpI4glIwcP-yw.roa
File:                     vUK0PWq2rYFX03NpI4glIwcP-yw.roa (raw, json)
Hash identifier:          7OmubHi4XYVC0tzd37LBLN6Yy8bTQM8VhrxlC/dBHqc=
Subject key identifier:   BD:42:B4:3D:6A:B6:AD:81:57:D3:73:69:23:88:25:23:07:0F:FB:2C
Certificate issuer:       /CN=e796ffbbdf44efc1e8e10200d49da8eed0a3b71e
Certificate serial:       01942369BBFB59C70A1BB0EA1E08A360A4CA
Authority key identifier: E7:96:FF:BB:DF:44:EF:C1:E8:E1:02:00:D4:9D:A8:EE:D0:A3:B7:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/55b_u99E78Ho4QIA1J2o7tCjtx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/ca1cf4-acac-4555-bc40-e4322c9dde9c/1/vUK0PWq2rYFX03NpI4glIwcP-yw.roa
Signing time:             Wed 01 Jan 2025 19:48:39 +0000
ROA not before:           Wed 01 Jan 2025 19:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8560
IP address blocks:        77.68.0.0/17 maxlen: 24
                          79.99.40.0/21 maxlen: 24
                          88.208.192.0/18 maxlen: 24
                          93.90.192.0/20 maxlen: 24
                          109.228.0.0/18 maxlen: 24
                          185.132.36.0/22 maxlen: 24
                          185.132.40.0/22 maxlen: 24
                          213.171.192.0/19 maxlen: 24
                          217.174.240.0/20 maxlen: 24
                          2a00:da00::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:bb:fb:59:c7:0a:1b:b0:ea:1e:08:a3:60:a4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e796ffbbdf44efc1e8e10200d49da8eed0a3b71e
        Validity
            Not Before: Jan  1 19:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd42b43d6ab6ad8157d3736923882523070ffb2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b3:d7:2e:0f:65:fc:0f:12:84:b1:36:4f:01:
                    18:af:f6:4f:9b:61:e6:af:0e:4d:6a:d9:c8:f8:d4:
                    00:58:07:89:cb:dc:d8:a4:01:36:26:c1:95:e8:05:
                    2a:b1:42:43:71:c6:2c:f8:82:82:7f:54:6b:0c:9f:
                    53:0c:32:da:34:c6:72:23:95:c7:a6:86:d9:e7:7d:
                    a5:2b:5c:22:35:84:90:27:2a:c3:18:5b:64:66:81:
                    6d:49:17:1a:4e:f4:56:0e:ac:42:a2:bf:bd:9e:22:
                    03:ef:2d:c5:50:37:d3:6b:33:85:ba:24:c8:6f:44:
                    c6:34:5c:ee:bc:04:7e:26:91:ef:6d:45:26:89:53:
                    de:9d:80:6d:cc:9d:66:42:ae:7e:42:38:e8:45:52:
                    ad:1f:d6:50:18:f1:a0:b5:8e:c8:86:9b:ad:60:d7:
                    21:18:0d:3a:46:ab:87:3a:9a:c9:91:96:a9:2e:61:
                    e8:f7:b1:e2:b6:24:25:06:b4:11:2b:8e:1c:1e:6c:
                    95:06:08:39:1d:2a:00:d2:f7:0d:51:14:f3:81:74:
                    62:be:a3:70:93:b4:f2:17:35:81:ab:bc:86:c9:b0:
                    1f:5b:56:ac:46:cc:9a:dc:1a:b5:9c:0b:79:81:dd:
                    88:b6:01:36:94:f9:8e:03:68:a2:2f:37:d8:93:2e:
                    e0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:42:B4:3D:6A:B6:AD:81:57:D3:73:69:23:88:25:23:07:0F:FB:2C
            X509v3 Authority Key Identifier:
                keyid:E7:96:FF:BB:DF:44:EF:C1:E8:E1:02:00:D4:9D:A8:EE:D0:A3:B7:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/55b_u99E78Ho4QIA1J2o7tCjtx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/ca1cf4-acac-4555-bc40-e4322c9dde9c/1/vUK0PWq2rYFX03NpI4glIwcP-yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/ca1cf4-acac-4555-bc40-e4322c9dde9c/1/55b_u99E78Ho4QIA1J2o7tCjtx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.68.0.0/17
                  79.99.40.0/21
                  88.208.192.0/18
                  93.90.192.0/20
                  109.228.0.0/18
                  185.132.36.0-185.132.43.255
                  213.171.192.0/19
                  217.174.240.0/20
                IPv6:
                  2a00:da00::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:72:ed:18:21:86:03:c6:f4:42:1e:5d:da:56:6d:6f:ff:64:
         8d:25:ce:68:7d:c8:35:bb:d9:21:9b:8d:5e:cf:89:d0:e5:f0:
         ff:e9:7e:d4:af:8c:49:3c:24:3d:19:b2:12:a5:1a:22:c8:f0:
         ca:ee:7a:64:b4:6a:c2:c9:b6:3a:96:ae:fb:96:c8:52:db:52:
         0b:0f:c9:d0:a5:05:a0:f7:6d:2e:c9:9b:22:fa:00:88:56:4b:
         a0:c5:2c:e4:b9:9c:00:48:ad:8a:25:85:b7:f4:89:65:66:66:
         37:57:57:b0:95:3f:9b:3c:54:c7:de:54:16:85:76:43:e5:62:
         92:22:c8:a3:97:01:ca:91:92:11:12:24:09:92:a8:44:a1:7e:
         14:ea:c3:41:c8:9c:57:78:41:8a:a4:6c:9b:8f:6e:47:d7:16:
         6d:e2:d1:c5:92:2e:87:bd:dd:9a:b6:19:b7:d7:3a:5e:dc:44:
         07:ac:41:e4:3d:ea:f2:b7:96:e7:45:b4:b7:be:c8:17:b0:0e:
         4f:60:ff:49:e1:29:03:2e:b2:9b:14:dc:51:56:c9:11:79:0a:
         92:e4:41:a9:18:f6:d7:cf:c1:5a:3f:19:3a:74:48:77:c7:94:
         fa:d2:9b:d7:f4:d4:d1:89:cc:5c:7c:fe:14:2f:72:34:11:43:
         e2:ec:93:3f
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQjabv7WccKG7DqHgijYKTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OTZmZmJiZGY0NGVmYzFlOGUxMDIwMGQ0OWRhOGVlZDBh
M2I3MWUwHhcNMjUwMTAxMTk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQyYjQzZDZhYjZhZDgxNTdkMzczNjkyMzg4MjUyMzA3MGZmYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbPXLg9l/A8ShLE2TwEYr/ZPm2Hm
rw5NatnI+NQAWAeJy9zYpAE2JsGV6AUqsUJDccYs+IKCf1RrDJ9TDDLaNMZyI5XH
pobZ532lK1wiNYSQJyrDGFtkZoFtSRcaTvRWDqxCor+9niID7y3FUDfTazOFuiTI
b0TGNFzuvAR+JpHvbUUmiVPenYBtzJ1mQq5+QjjoRVKtH9ZQGPGgtY7IhputYNch
GA06RquHOprJkZapLmHo97HitiQlBrQRK44cHmyVBgg5HSoA0vcNURTzgXRivqNw
k7TyFzWBq7yGybAfW1asRsya3Bq1nAt5gd2ItgE2lPmOA2iiLzfYky7g5QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL1CtD1qtq2BV9NzaSOIJSMHD/ssMB8GA1UdIwQY
MBaAFOeW/7vfRO/B6OECANSdqO7Qo7ceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTViX3U5OUU3OEhvNFFJQTFKMm83dENqdHg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jYTFjZjQtYWNhYy00NTU1LWJjNDAt
ZTQzMjJjOWRkZTljLzEvdlVLMFBXcTJyWUZYMDNOcEk0Z2xJd2NQLXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jYTFjZjQtYWNhYy00NTU1LWJjNDAtZTQzMjJjOWRkZTlj
LzEvNTViX3U5OUU3OEhvNFFJQTFKMm83dENqdHg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQHTUQAAwQD
T2MoAwQGWNDAAwQEXVrAAwQGbeQAMAwDBAK5hCQDBAK5hCgDBAXVq8ADBATZrvAw
DQQCAAIwBwMFACoA2gAwDQYJKoZIhvcNAQELBQADggEBAEJy7RghhgPG9EIeXdpW
bW//ZI0lzmh9yDW72SGbjV7PidDl8P/pftSvjEk8JD0ZshKlGiLI8MruemS0asLJ
tjqWrvuWyFLbUgsPydClBaD3bS7JmyL6AIhWS6DFLOS5nABIrYolhbf0iWVmZjdX
V7CVP5s8VMfeVBaFdkPlYpIiyKOXAcqRkhESJAmSqEShfhTqw0HInFd4QYqkbJuP
bkfXFm3i0cWSLoe93Zq2GbfXOl7cRAesQeQ96vK3ludFtLe+yBewDk9g/0nhKQMu
spsU3FFWyRF5CpLkQakY9tfPwVo/GTp0SHfHlPrSm9f01NGJzFx8/hQvcjQRQ+Ls
kz8=
-----END CERTIFICATE-----