Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/yAPFTHuBSG8S3cBogTgaLXQHsIA.roa
File:                     yAPFTHuBSG8S3cBogTgaLXQHsIA.roa (raw, json)
Hash identifier:          Dghvk7oUxYxn4x3kqmECJ3G0zYv5Ok/s1CWEsFSe7A0=
Subject key identifier:   C8:03:C5:4C:7B:81:48:6F:12:DD:C0:68:81:38:1A:2D:74:07:B0:80
Certificate issuer:       /CN=6665dd97665a23b1b183e223822b66b5ae536a2f
Certificate serial:       0194266B2F2163B6F1DE752C4D67E69E22D9
Authority key identifier: 66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/yAPFTHuBSG8S3cBogTgaLXQHsIA.roa
Signing time:             Thu 02 Jan 2025 09:49:06 +0000
ROA not before:           Thu 02 Jan 2025 09:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     786
IP address blocks:        81.87.0.0/16 maxlen: 24
                          83.138.32.0/21 maxlen: 21
                          89.207.208.0/21 maxlen: 21
                          193.60.0.0/14 maxlen: 24
                          194.66.0.0/16 maxlen: 24
                          194.80.0.0/14 maxlen: 24
                          195.194.0.0/15 maxlen: 24
                          212.121.0.0/19 maxlen: 19
                          212.121.192.0/19 maxlen: 19
                          212.219.0.0/16 maxlen: 24
                          2001:630::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:2f:21:63:b6:f1:de:75:2c:4d:67:e6:9e:22:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6665dd97665a23b1b183e223822b66b5ae536a2f
        Validity
            Not Before: Jan  2 09:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c803c54c7b81486f12ddc06881381a2d7407b080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:50:88:ac:ad:49:33:ab:f5:b4:0e:60:58:c2:
                    03:e1:4e:20:b9:a4:2f:67:e8:d3:86:4e:c7:e4:a5:
                    87:94:fc:7b:c0:4c:84:99:eb:f9:9f:65:c0:81:cc:
                    52:fb:ed:c9:83:25:7f:ba:96:8e:a4:2d:c6:1f:c8:
                    5b:3e:f0:f9:4d:f4:49:89:e4:8d:b2:ba:42:4f:9d:
                    7b:e1:34:24:d0:29:52:74:dd:0e:12:d1:c0:02:62:
                    a9:85:30:a1:62:c1:08:a7:58:b6:c4:08:02:82:29:
                    6b:a8:be:99:59:67:7c:41:3b:0d:bf:89:64:31:8e:
                    63:85:73:e6:ad:1a:0b:74:79:3a:34:50:09:58:98:
                    58:0e:05:0a:38:a8:d2:14:01:33:df:e6:82:85:12:
                    84:82:4d:5b:89:d7:c2:33:eb:92:cd:85:fd:6e:10:
                    37:d7:f2:7e:76:36:ac:b2:94:84:8f:e5:a2:46:9f:
                    44:e8:cc:ce:30:80:84:a6:3c:96:57:75:54:91:d8:
                    25:53:43:e3:52:fd:d2:74:6d:d9:6a:82:59:60:ff:
                    a4:5b:2b:bb:25:5e:2f:ff:70:dc:5a:f2:92:55:76:
                    a7:15:af:11:f2:17:e0:bb:66:0d:2e:c6:f7:c1:72:
                    87:ed:91:0d:dc:c7:15:75:1a:4f:7b:99:26:0f:0c:
                    41:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:03:C5:4C:7B:81:48:6F:12:DD:C0:68:81:38:1A:2D:74:07:B0:80
            X509v3 Authority Key Identifier:
                keyid:66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/yAPFTHuBSG8S3cBogTgaLXQHsIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.87.0.0/16
                  83.138.32.0/21
                  89.207.208.0/21
                  193.60.0.0/14
                  194.66.0.0/16
                  194.80.0.0/14
                  195.194.0.0/15
                  212.121.0.0/19
                  212.121.192.0/19
                  212.219.0.0/16
                IPv6:
                  2001:630::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:da:f7:26:d9:2e:08:61:31:bd:93:5b:12:0f:b5:8c:df:57:
         9f:d8:2f:7d:53:ba:06:98:c9:60:13:35:3d:87:5b:5b:1e:1e:
         1a:a1:cb:67:8e:c9:2a:f2:7d:c6:1d:42:85:c3:58:e5:3b:4b:
         4e:12:ce:c6:ef:56:65:ad:ea:cb:e3:f5:fe:19:ec:0e:68:ac:
         07:77:8b:10:d9:7b:5d:76:50:7d:dd:84:72:d7:39:89:f0:a5:
         c9:5f:ab:96:32:fb:08:db:03:0d:8b:7f:c2:79:72:a2:06:62:
         92:33:f6:c5:9f:3f:9b:4a:b6:9d:cb:ec:1b:54:4f:bd:f3:97:
         47:36:47:e1:11:34:bb:aa:13:e9:bf:e6:77:2e:e1:e0:93:be:
         d4:b6:45:5b:c1:d1:13:1b:36:8e:47:db:f6:da:57:e3:fb:84:
         98:3b:e4:fc:88:b6:06:ea:65:68:a5:aa:4b:a1:f1:8c:10:ab:
         3d:e7:44:e3:48:b4:14:bc:b4:29:ed:21:37:46:42:f9:47:ac:
         90:00:57:31:e2:b3:40:29:66:b7:c8:47:1c:1e:f8:3a:af:60:
         c6:22:d1:c5:ce:4b:6d:7d:7d:80:f0:0c:9f:60:2d:43:b5:29:
         95:dc:3c:55:20:68:53:da:33:f0:75:4a:8a:0b:7a:df:8c:96:
         ae:f1:d9:72
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQmay8hY7bx3nUsTWfmniLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjVkZDk3NjY1YTIzYjFiMTgzZTIyMzgyMmI2NmI1YWU1
MzZhMmYwHhcNMjUwMTAyMDk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODAzYzU0YzdiODE0ODZmMTJkZGMwNjg4MTM4MWEyZDc0MDdiMDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFCIrK1JM6v1tA5gWMID4U4guaQv
Z+jThk7H5KWHlPx7wEyEmev5n2XAgcxS++3JgyV/upaOpC3GH8hbPvD5TfRJieSN
srpCT5174TQk0ClSdN0OEtHAAmKphTChYsEIp1i2xAgCgilrqL6ZWWd8QTsNv4lk
MY5jhXPmrRoLdHk6NFAJWJhYDgUKOKjSFAEz3+aChRKEgk1bidfCM+uSzYX9bhA3
1/J+djasspSEj+WiRp9E6MzOMICEpjyWV3VUkdglU0PjUv3SdG3ZaoJZYP+kWyu7
JV4v/3DcWvKSVXanFa8R8hfgu2YNLsb3wXKH7ZEN3McVdRpPe5kmDwxB2QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMgDxUx7gUhvEt3AaIE4Gi10B7CAMB8GA1UdIwQY
MBaAFGZl3ZdmWiOxsYPiI4IrZrWuU2ovMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWIt
ZThkNzA3MTdmZjhhLzEveUFQRlRIdUJTRzhTM2NCb2dUZ2FMWFFIc0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWItZThkNzA3MTdmZjhh
LzEvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwMAUVcDBANT
iiADBANZz9ADAwLBPAMDAMJCAwMCwlADAwHDwgMEBdR5AAMEBdR5wAMDANTbMA0E
AgACMAcDBQAgAQYwMA0GCSqGSIb3DQEBCwUAA4IBAQCy2vcm2S4IYTG9k1sSD7WM
31ef2C99U7oGmMlgEzU9h1tbHh4aoctnjskq8n3GHUKFw1jlO0tOEs7G71ZlrerL
4/X+GewOaKwHd4sQ2XtddlB93YRy1zmJ8KXJX6uWMvsI2wMNi3/CeXKiBmKSM/bF
nz+bSrady+wbVE+985dHNkfhETS7qhPpv+Z3LuHgk77UtkVbwdETGzaOR9v22lfj
+4SYO+T8iLYG6mVopapLofGMEKs950TjSLQUvLQp7SE3RkL5R6yQAFcx4rNAKWa3
yEccHvg6r2DGItHFzkttfX2A8AyfYC1DtSmV3DxVIGhT2jPwdUqKC3rfjJau8dly
-----END CERTIFICATE-----