Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/RSdOaSCVA6ogR36fNmSEfGUHdAQ.roa
File:                     RSdOaSCVA6ogR36fNmSEfGUHdAQ.roa (raw, json)
Hash identifier:          IUUzQDet8SkqHV+8ZTZJqpqrDR0834YedORjDV1jlUQ=
Subject key identifier:   45:27:4E:69:20:95:03:AA:20:47:7E:9F:36:64:84:7C:65:07:74:04
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019427B559248820DCACC0B6E99D49DC0B43
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/RSdOaSCVA6ogR36fNmSEfGUHdAQ.roa
Signing time:             Thu 02 Jan 2025 15:49:43 +0000
ROA not before:           Thu 02 Jan 2025 15:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198961
IP address blocks:        37.221.176.0/24 maxlen: 24
                          37.221.177.0/24 maxlen: 24
                          37.221.178.0/24 maxlen: 24
                          37.221.179.0/24 maxlen: 24
                          37.221.181.0/24 maxlen: 24
                          37.221.182.0/24 maxlen: 24
                          37.221.183.0/24 maxlen: 24
                          188.255.131.0/24 maxlen: 24
                          188.255.132.0/24 maxlen: 24
                          188.255.237.0/24 maxlen: 24
                          212.69.22.0/23 maxlen: 23
                          212.69.24.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:59:24:88:20:dc:ac:c0:b6:e9:9d:49:dc:0b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 15:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45274e69209503aa20477e9f3664847c65077404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:78:50:bf:df:1e:8a:0d:46:8e:0b:20:3b:05:
                    df:04:fc:28:af:41:03:4c:9a:d7:d1:2e:3e:14:a4:
                    68:6a:f6:4e:f8:65:65:b5:ef:34:e1:64:a4:9e:ed:
                    ca:f3:0d:bd:f5:c6:dc:5b:a3:dd:e1:c2:05:44:d0:
                    fc:78:b2:a3:4e:a6:b8:9f:cf:4a:60:7c:00:ac:0a:
                    d6:4f:c2:a2:41:aa:dc:a6:8b:fa:89:30:49:e3:16:
                    a6:42:18:5d:53:c5:d9:57:39:46:cd:7e:9d:73:b5:
                    6f:53:9f:64:34:e5:59:72:df:b2:bc:b7:6e:a5:02:
                    d0:e9:36:e0:1b:83:ee:58:a8:0f:81:7d:25:a1:59:
                    e6:0f:62:6d:c1:88:6e:fc:52:da:e0:45:bd:56:b9:
                    9f:fb:50:e6:b3:ae:9d:29:66:f9:cd:3c:41:ab:70:
                    27:94:f3:a4:3c:30:23:f8:5b:36:f1:8f:3b:73:c9:
                    aa:bb:7b:09:5f:67:0c:16:e7:57:d8:3f:ad:f0:f1:
                    3e:3b:0d:96:35:b5:d3:da:64:18:04:53:bc:51:3f:
                    a1:ee:e3:59:bd:6e:b9:61:59:0c:9b:89:f1:04:f7:
                    0f:61:4c:3c:70:07:25:7c:e3:38:d8:f1:0b:5d:33:
                    3c:96:3b:29:05:a2:71:ea:ec:85:6f:e7:90:dd:05:
                    7a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:27:4E:69:20:95:03:AA:20:47:7E:9F:36:64:84:7C:65:07:74:04
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/RSdOaSCVA6ogR36fNmSEfGUHdAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.176.0/22
                  37.221.181.0-37.221.183.255
                  188.255.131.0-188.255.132.255
                  188.255.237.0/24
                  212.69.22.0-212.69.27.255

    Signature Algorithm: sha256WithRSAEncryption
         33:11:86:1c:85:98:64:91:8b:7c:f6:26:97:1f:fc:5e:7a:69:
         1b:ad:55:29:81:a8:bd:d9:4b:4d:23:61:1a:59:dd:e2:d3:d2:
         a2:64:58:39:a6:2f:5d:cc:fe:1f:86:9e:48:1f:95:45:67:bf:
         26:0d:b5:ae:ce:30:fa:26:6b:51:9c:cf:f6:cb:22:22:54:cf:
         28:8e:e2:1d:d4:0c:22:c2:de:97:9f:3d:fa:ec:b3:31:e9:55:
         f0:65:79:5a:ca:74:83:50:98:21:99:39:4b:1f:70:99:40:c1:
         b1:f9:aa:bd:2e:61:e4:17:8a:19:70:8c:54:29:a7:23:fe:cc:
         31:9d:db:fd:54:38:b9:de:9a:6d:aa:1e:74:f1:d5:5b:5e:d6:
         da:47:56:5e:90:8c:7c:5e:06:2a:85:ea:77:27:67:05:a5:14:
         f1:0d:b8:62:f1:2d:af:b4:39:dd:5a:d4:f2:0d:94:e4:27:f6:
         c5:bb:25:09:a3:78:45:41:f2:74:c0:bd:69:ff:63:3b:c9:08:
         3f:2b:78:55:65:9d:d7:b8:e5:52:34:0d:7b:04:16:0c:85:3b:
         d5:9b:62:b9:c8:24:47:49:b4:61:84:93:4c:4d:61:15:04:f0:
         d0:35:0f:90:ae:df:ac:80:4f:af:73:09:48:e1:bb:fb:0c:27:
         a4:4d:cc:17
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQntVkkiCDcrMC26Z1J3AtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTAyMTU0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTI3NGU2OTIwOTUwM2FhMjA0NzdlOWYzNjY0ODQ3YzY1MDc3NDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3hQv98eig1GjgsgOwXfBPwor0ED
TJrX0S4+FKRoavZO+GVlte804WSknu3K8w299cbcW6Pd4cIFRND8eLKjTqa4n89K
YHwArArWT8KiQarcpov6iTBJ4xamQhhdU8XZVzlGzX6dc7VvU59kNOVZct+yvLdu
pQLQ6TbgG4PuWKgPgX0loVnmD2JtwYhu/FLa4EW9Vrmf+1Dms66dKWb5zTxBq3An
lPOkPDAj+Fs28Y87c8mqu3sJX2cMFudX2D+t8PE+Ow2WNbXT2mQYBFO8UT+h7uNZ
vW65YVkMm4nxBPcPYUw8cAclfOM42PELXTM8ljspBaJx6uyFb+eQ3QV6wQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEUnTmkglQOqIEd+nzZkhHxlB3QEMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvUlNkT2FTQ1ZBNm9nUjM2Zk5tU0VmR1VIZEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCJd2wMAwD
BAAl3bUDBAMl3bAwDAMEALz/gwMEALz/hAMEALz/7TAMAwQB1EUWAwQC1EUYMA0G
CSqGSIb3DQEBCwUAA4IBAQAzEYYchZhkkYt89iaXH/xeemkbrVUpgai92UtNI2Ea
Wd3i09KiZFg5pi9dzP4fhp5IH5VFZ78mDbWuzjD6JmtRnM/2yyIiVM8ojuId1Awi
wt6Xnz367LMx6VXwZXlaynSDUJghmTlLH3CZQMGx+aq9LmHkF4oZcIxUKacj/swx
ndv9VDi53pptqh508dVbXtbaR1ZekIx8XgYqhep3J2cFpRTxDbhi8S2vtDndWtTy
DZTkJ/bFuyUJo3hFQfJ0wL1p/2M7yQg/K3hVZZ3XuOVSNA17BBYMhTvVm2K5yCRH
SbRhhJNMTWEVBPDQNQ+Qrt+sgE+vcwlI4bv7DCekTcwX
-----END CERTIFICATE-----