Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/VT12JuRFcoVGC8oZRdWC3SDp70o.roa
File:                     VT12JuRFcoVGC8oZRdWC3SDp70o.roa (raw, json)
Hash identifier:          Lru0OpyKSjF2etyXsefDw1zokYApfi/6DaSATZlbm+w=
Subject key identifier:   55:3D:76:26:E4:45:72:85:46:0B:CA:19:45:D5:82:DD:20:E9:EF:4A
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       0194228D7A6317BBFD6468C06FC177B874C3
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/VT12JuRFcoVGC8oZRdWC3SDp70o.roa
Signing time:             Wed 01 Jan 2025 15:48:04 +0000
ROA not before:           Wed 01 Jan 2025 15:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20765
IP address blocks:        139.3.0.0/16 maxlen: 16
                          185.84.216.0/22 maxlen: 24
                          193.96.96.0/21 maxlen: 24
                          194.45.0.0/22 maxlen: 22
                          194.45.6.0/23 maxlen: 23
                          194.115.4.0/24 maxlen: 24
                          2a05:a880:8000::/40 maxlen: 40
                          2a05:a880:de10::/48 maxlen: 48
                          2a05:a880:de52::/48 maxlen: 48
                          2a05:a880:de56::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:7a:63:17:bb:fd:64:68:c0:6f:c1:77:b8:74:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Jan  1 15:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=553d7626e4457285460bca1945d582dd20e9ef4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d0:fd:e1:5e:80:ff:82:34:18:a2:61:3c:84:
                    bf:f8:0f:63:bf:2e:3b:c5:9b:90:41:a6:02:a0:db:
                    4e:51:30:04:12:11:e2:6d:3d:92:67:01:c7:c9:62:
                    64:f0:71:9b:c0:ce:0e:35:d8:14:4a:9d:42:07:d1:
                    a1:9a:30:2b:9e:fc:da:b1:7f:9b:cc:f7:d1:c3:df:
                    4e:17:05:34:a2:8d:c3:d4:54:83:6a:e4:e2:cb:e7:
                    b8:fc:89:0c:2f:24:f5:5b:11:fe:9e:a3:1e:05:6a:
                    3c:60:42:7e:c6:ee:81:1c:d3:fb:72:dc:f5:1b:18:
                    f7:8f:81:64:73:b4:95:c0:65:e7:ea:86:bd:1b:29:
                    83:b3:72:57:93:17:47:ce:16:be:f3:ec:98:fe:19:
                    04:23:07:26:c7:8c:ed:62:55:2a:28:4c:ad:bb:3a:
                    e2:27:88:da:91:ac:4c:76:d0:73:03:f9:89:54:c2:
                    70:2b:b7:c7:53:3e:b4:b8:e7:6d:4a:e4:5d:03:21:
                    44:b6:1d:14:16:23:d5:b4:da:e0:cb:68:bd:2f:c8:
                    0a:ed:b3:52:cb:54:53:a4:72:43:ea:f1:88:51:68:
                    bd:d0:9b:09:56:ef:c6:e9:fb:00:2a:84:8b:f6:c4:
                    cc:60:cd:63:a7:c9:1c:12:11:91:12:ab:0d:55:cf:
                    37:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:3D:76:26:E4:45:72:85:46:0B:CA:19:45:D5:82:DD:20:E9:EF:4A
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/VT12JuRFcoVGC8oZRdWC3SDp70o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.3.0.0/16
                  185.84.216.0/22
                  193.96.96.0/21
                  194.45.0.0/22
                  194.45.6.0/23
                  194.115.4.0/24
                IPv6:
                  2a05:a880:8000::/40
                  2a05:a880:de10::/48
                  2a05:a880:de52::/48
                  2a05:a880:de56::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:71:c9:db:8a:e1:06:b8:5f:b7:76:22:1c:4a:de:de:89:3b:
         a2:5e:b8:59:a7:1e:a5:74:54:49:d4:6e:f7:af:7a:76:ef:98:
         35:e5:88:51:6c:29:26:0f:7d:d1:64:10:b5:58:6e:18:f0:fc:
         95:f2:0c:d5:ee:67:71:6a:2d:b2:93:ea:22:0a:4c:86:78:84:
         59:e7:97:b9:5f:df:d5:ac:11:48:71:79:1d:4f:ac:e0:29:65:
         d9:b6:bc:a7:c6:09:9b:9f:d4:3c:27:02:6d:a9:5e:4e:48:8e:
         a6:20:b4:80:b1:d7:74:0a:23:d7:75:de:4f:0b:b3:fc:7e:90:
         8d:66:5f:07:b6:0a:ba:c6:0a:aa:5f:4f:a8:f9:7f:67:2e:21:
         c8:4c:40:ab:80:54:f7:66:4f:52:a9:f2:74:37:7b:6f:a0:60:
         95:67:e7:88:4c:68:11:4f:f1:d4:d9:68:9a:6b:25:ec:3e:72:
         5b:88:68:54:0e:ee:b0:64:f5:19:11:84:0b:9a:80:80:91:93:
         2e:28:93:e2:14:51:39:89:66:cd:e1:f7:cd:5b:32:f8:dd:8a:
         dc:ed:a9:b2:ee:b6:66:50:78:35:36:22:bd:eb:fb:69:d4:c6:
         1c:4c:fb:fc:8b:fe:e4:f0:48:87:e6:c8:c9:17:13:19:1f:5c:
         17:8a:5a:09
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQijXpjF7v9ZGjAb8F3uHTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjUwMTAxMTU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTNkNzYyNmU0NDU3Mjg1NDYwYmNhMTk0NWQ1ODJkZDIwZTllZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9D94V6A/4I0GKJhPIS/+A9jvy47
xZuQQaYCoNtOUTAEEhHibT2SZwHHyWJk8HGbwM4ONdgUSp1CB9GhmjArnvzasX+b
zPfRw99OFwU0oo3D1FSDauTiy+e4/IkMLyT1WxH+nqMeBWo8YEJ+xu6BHNP7ctz1
Gxj3j4Fkc7SVwGXn6oa9GymDs3JXkxdHzha+8+yY/hkEIwcmx4ztYlUqKEytuzri
J4jakaxMdtBzA/mJVMJwK7fHUz60uOdtSuRdAyFEth0UFiPVtNrgy2i9L8gK7bNS
y1RTpHJD6vGIUWi90JsJVu/G6fsAKoSL9sTMYM1jp8kcEhGREqsNVc83kQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFFU9dibkRXKFRgvKGUXVgt0g6e9KMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvVlQxMkp1UkZjb1ZHQzhvWlJkV0MzU0RwNzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjApBAIAATAjAwMAiwMDBAK5
VNgDBAPBYGADBALCLQADBAHCLQYDBADCcwQwKQQCAAIwIwMGACoFqICAAwcAKgWo
gN4QAwcAKgWogN5SAwcAKgWogN5WMA0GCSqGSIb3DQEBCwUAA4IBAQAsccnbiuEG
uF+3diIcSt7eiTuiXrhZpx6ldFRJ1G73r3p275g15YhRbCkmD33RZBC1WG4Y8PyV
8gzV7mdxai2yk+oiCkyGeIRZ55e5X9/VrBFIcXkdT6zgKWXZtrynxgmbn9Q8JwJt
qV5OSI6mILSAsdd0CiPXdd5PC7P8fpCNZl8Htgq6xgqqX0+o+X9nLiHITECrgFT3
Zk9SqfJ0N3tvoGCVZ+eITGgRT/HU2WiaayXsPnJbiGhUDu6wZPUZEYQLmoCAkZMu
KJPiFFE5iWbN4ffNWzL43Yrc7amy7rZmUHg1NiK96/tp1MYcTPv8i/7k8EiH5sjJ
FxMZH1wXiloJ
-----END CERTIFICATE-----