Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/dqQAzIzvtIz9fOnp9u-BzecNfmY.roa
File:                     dqQAzIzvtIz9fOnp9u-BzecNfmY.roa (raw, json)
Hash identifier:          fpprW/hgPlHahdEyQynlo9emToWc0ugRJ4uXLG0mqEA=
Subject key identifier:   76:A4:00:CC:8C:EF:B4:8C:FD:7C:E9:E9:F6:EF:81:CD:E7:0D:7E:66
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019542CCF342D15F444052A3C128CFD76558
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/dqQAzIzvtIz9fOnp9u-BzecNfmY.roa
Signing time:             Wed 26 Feb 2025 15:08:02 +0000
ROA not before:           Wed 26 Feb 2025 15:08:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.142.0/24 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          212.111.207.0/24 maxlen: 24
                          212.111.216.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:42:cc:f3:42:d1:5f:44:40:52:a3:c1:28:cf:d7:65:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Feb 26 15:08:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76a400cc8cefb48cfd7ce9e9f6ef81cde70d7e66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ed:1c:42:a9:33:c1:a4:29:13:d3:4d:4f:a1:
                    f6:9f:c1:fd:0c:4f:04:12:cf:a8:ba:4f:25:e6:33:
                    c1:ff:63:0f:aa:d1:2a:27:91:7c:58:1d:bf:75:7e:
                    21:4e:8b:24:ac:bd:e9:48:22:63:c6:9f:f0:7e:e3:
                    38:fb:80:49:69:40:a1:2c:b3:10:db:7f:8a:ba:21:
                    3c:4f:88:8e:63:75:9b:a9:58:6b:e8:c4:bc:6a:af:
                    9a:96:9f:ce:85:0a:2f:9c:e2:63:62:cf:5f:e9:96:
                    0a:d7:0d:54:cc:2a:16:47:d2:67:8a:4e:77:f4:2d:
                    be:c3:ae:f7:50:a0:3b:7d:b2:96:0a:b7:4f:98:89:
                    db:82:6d:93:fe:7e:fc:9a:a3:8c:1e:39:08:c2:5f:
                    66:1c:4f:8b:7e:60:bd:bf:a2:b5:06:cd:fb:65:b1:
                    eb:b6:1c:e4:a4:01:44:01:7c:7a:59:22:55:de:e3:
                    c8:66:b0:14:7f:eb:2f:d8:ee:3f:a3:30:bc:9a:99:
                    6a:0a:e1:8c:fd:8f:42:7a:24:c8:08:70:d4:9a:4a:
                    2e:e1:93:a5:fa:e5:6e:db:23:f5:88:ad:2e:ce:5f:
                    d0:38:a9:f7:aa:71:b5:38:7e:27:1b:eb:0b:6b:65:
                    9a:a2:07:2e:2a:b4:c8:63:0d:f7:21:f6:ae:77:7c:
                    e4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A4:00:CC:8C:EF:B4:8C:FD:7C:E9:E9:F6:EF:81:CD:E7:0D:7E:66
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/dqQAzIzvtIz9fOnp9u-BzecNfmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.142.0/24
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0/23
                  195.178.147.0/24
                  195.178.152.0/22
                  212.111.207.0/24
                  212.111.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:11:cb:ed:3b:4a:43:88:fa:fd:05:14:09:01:ab:32:cd:c9:
         af:f7:a5:6a:d2:66:df:05:51:47:78:85:20:d4:62:62:f3:24:
         c3:91:2d:39:b1:21:33:70:24:6c:d8:51:2b:66:72:d9:a2:24:
         d2:66:9e:31:42:02:10:ff:a8:ff:6c:8e:d1:4d:61:b4:b1:c5:
         54:7b:f4:5e:1c:ef:1d:2e:99:d1:32:51:42:8c:c8:c5:13:7b:
         d1:c0:80:93:a6:c2:b1:d9:83:d0:1b:43:82:37:a9:2f:36:65:
         9d:3e:1b:fe:d9:8c:a3:a9:bb:a5:90:28:e1:bc:65:59:b0:bb:
         bd:8e:f2:f3:2b:4b:a0:f6:d4:69:9b:f9:d4:3f:72:02:31:1e:
         a2:10:5e:e3:84:34:24:3d:ab:da:04:35:f8:02:c7:15:8c:f7:
         ff:c1:58:08:0c:be:7b:68:c4:44:04:19:d1:56:e9:25:da:d5:
         38:a4:a7:51:7c:f5:02:ac:9f:d1:18:71:71:32:7a:c0:3d:71:
         97:38:20:f1:c4:ce:94:28:08:5f:59:54:74:5c:96:12:ea:33:
         8c:e4:a3:c5:a9:b3:92:0f:87:a3:5b:55:2c:01:f7:6f:e9:51:
         8e:08:31:37:66:d8:a3:2e:c6:cc:8f:d6:49:6f:97:95:7e:bc:
         b2:50:30:dd
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZVCzPNC0V9EQFKjwSjP12VYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMjI2MTUwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmE0MDBjYzhjZWZiNDhjZmQ3Y2U5ZTlmNmVmODFjZGU3MGQ3ZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu0cQqkzwaQpE9NNT6H2n8H9DE8E
Es+ouk8l5jPB/2MPqtEqJ5F8WB2/dX4hToskrL3pSCJjxp/wfuM4+4BJaUChLLMQ
23+KuiE8T4iOY3WbqVhr6MS8aq+alp/OhQovnOJjYs9f6ZYK1w1UzCoWR9Jnik53
9C2+w673UKA7fbKWCrdPmInbgm2T/n78mqOMHjkIwl9mHE+LfmC9v6K1Bs37ZbHr
thzkpAFEAXx6WSJV3uPIZrAUf+sv2O4/ozC8mplqCuGM/Y9CeiTICHDUmkou4ZOl
+uVu2yP1iK0uzl/QOKn3qnG1OH4nG+sLa2WaogcuKrTIYw33Ifaud3zkvQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHakAMyM77SM/Xzp6fbvgc3nDX5mMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvZHFRQXpJenZ0SXo5Zk9ucDl1LUJ6ZWNOZm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATS+OAwQC
uY84AwQCw7KEAwQBw7KQAwQAw7KTAwQCw7KYAwQA1G/PAwQA1G/YMA0GCSqGSIb3
DQEBCwUAA4IBAQB5EcvtO0pDiPr9BRQJAasyzcmv96Vq0mbfBVFHeIUg1GJi8yTD
kS05sSEzcCRs2FErZnLZoiTSZp4xQgIQ/6j/bI7RTWG0scVUe/ReHO8dLpnRMlFC
jMjFE3vRwICTpsKx2YPQG0OCN6kvNmWdPhv+2YyjqbulkCjhvGVZsLu9jvLzK0ug
9tRpm/nUP3ICMR6iEF7jhDQkPavaBDX4AscVjPf/wVgIDL57aMREBBnRVukl2tU4
pKdRfPUCrJ/RGHFxMnrAPXGXOCDxxM6UKAhfWVR0XJYS6jOM5KPFqbOSD4ejW1Us
Afdv6VGOCDE3ZtijLsbMj9ZJb5eVfryyUDDd
-----END CERTIFICATE-----