Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/1-gyxFvtsdFvYTZX0Y9fbT2PSGFM.roa
File:                     1-gyxFvtsdFvYTZX0Y9fbT2PSGFM.roa (raw, json)
Hash identifier:          EABdk5cioKlboVX+5roxKxOS78qf+VdGIdGNtobQ0pE=
Subject key identifier:   FA:0C:B1:16:FB:6C:74:5B:D8:4D:95:F4:63:D7:DB:4F:63:D2:18:53
Certificate issuer:       /CN=36574be6ae76cd523b33787cfbdb69264263d074
Certificate serial:       019427B5D08CCA1079921838A72F5CF97793
Authority key identifier: 36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/1-gyxFvtsdFvYTZX0Y9fbT2PSGFM.roa
Signing time:             Thu 02 Jan 2025 15:50:14 +0000
ROA not before:           Thu 02 Jan 2025 15:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62007
IP address blocks:        37.221.96.0/22 maxlen: 22
                          37.221.96.0/24 maxlen: 24
                          37.221.97.0/24 maxlen: 24
                          37.221.98.0/24 maxlen: 24
                          84.246.144.0/22 maxlen: 22
                          84.246.144.0/24 maxlen: 24
                          84.246.145.0/24 maxlen: 24
                          84.246.146.0/24 maxlen: 24
                          84.246.147.0/24 maxlen: 24
                          84.246.148.0/22 maxlen: 22
                          84.246.148.0/24 maxlen: 24
                          84.246.149.0/24 maxlen: 24
                          84.246.150.0/24 maxlen: 24
                          84.246.151.0/24 maxlen: 24
                          185.36.52.0/22 maxlen: 22
                          185.36.52.0/24 maxlen: 24
                          185.36.53.0/24 maxlen: 24
                          185.36.54.0/24 maxlen: 24
                          185.36.55.0/24 maxlen: 24
                          185.67.239.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d0:8c:ca:10:79:92:18:38:a7:2f:5c:f9:77:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36574be6ae76cd523b33787cfbdb69264263d074
        Validity
            Not Before: Jan  2 15:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa0cb116fb6c745bd84d95f463d7db4f63d21853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a2:0d:15:37:fe:aa:1d:66:0c:df:a8:61:09:
                    88:41:14:2d:2d:a6:69:67:ad:21:b7:d8:ea:88:7f:
                    b3:cd:76:c7:2d:a2:44:d2:3a:89:47:c1:b7:5b:bc:
                    3a:51:56:39:d9:dc:cc:ed:8d:d5:ee:14:18:9a:d7:
                    07:ac:5d:ee:6d:e6:7c:90:1c:fa:fe:9b:5d:26:39:
                    12:4a:62:9c:a2:af:1b:96:e0:c0:de:fc:00:63:1c:
                    ed:e6:aa:da:f5:fc:78:8f:57:76:98:71:cc:d7:2c:
                    0e:fa:4c:82:a5:d8:e8:a7:5a:05:e0:f2:a9:d4:23:
                    99:ad:e5:76:5b:b4:5a:a7:5f:7f:66:81:70:96:68:
                    c7:45:74:40:d3:c6:90:31:a3:2f:92:b2:87:5e:98:
                    cc:e2:07:e0:2f:8e:a6:1f:b2:21:d8:e2:4b:00:df:
                    92:d3:7f:67:5a:81:fa:f8:30:06:44:95:97:55:dc:
                    24:b0:f8:12:36:51:b1:e3:4c:de:19:d9:e9:fa:71:
                    1f:78:d8:bb:f5:53:f5:93:95:1d:52:70:63:a1:3f:
                    28:90:cd:05:53:f7:47:93:7a:05:32:9c:86:5c:48:
                    34:6c:b2:ff:40:be:08:fd:78:a2:34:00:fe:fe:34:
                    2b:0c:74:5d:b8:73:9e:9b:11:9b:65:ab:04:74:c4:
                    ed:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:0C:B1:16:FB:6C:74:5B:D8:4D:95:F4:63:D7:DB:4F:63:D2:18:53
            X509v3 Authority Key Identifier:
                keyid:36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/1-gyxFvtsdFvYTZX0Y9fbT2PSGFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.96.0/22
                  84.246.144.0/21
                  185.36.52.0/22
                  185.67.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:70:6d:d7:3d:ec:49:6f:80:2c:4b:8e:45:b9:c8:37:36:cb:
         b7:0b:8f:14:8b:ab:46:47:ba:5f:45:39:4a:d0:24:74:05:ef:
         8b:65:84:49:bc:e8:48:2e:7d:85:59:97:95:fe:aa:fa:9b:b3:
         18:68:aa:be:25:37:86:28:f0:a6:be:77:58:25:18:a1:b5:7e:
         fd:4e:d2:9b:11:7b:47:a1:dd:e4:be:95:8a:d3:17:76:77:fb:
         b8:5d:63:b6:e1:08:46:e9:a9:f6:ed:f9:ab:45:bd:e8:54:5f:
         75:d7:65:bc:3a:c3:ed:83:b4:31:61:3e:fe:7e:d4:b3:c6:ca:
         e7:81:13:66:49:15:39:13:0d:4e:eb:f3:4c:14:ad:ea:c4:64:
         0d:63:a3:68:cb:f6:94:3c:64:cf:b6:e1:53:63:6d:db:6f:c3:
         1f:16:63:fc:9c:19:7f:0b:4a:e2:e2:02:72:0f:59:c4:85:7d:
         08:d9:a3:ba:93:85:52:8c:3d:a6:cb:5e:1e:13:cd:ab:0c:4b:
         7b:c4:f8:e2:68:64:e6:e4:26:08:f1:bc:8d:71:ac:84:bc:17:
         da:5d:65:ec:fe:a5:e9:87:93:ca:00:6a:2f:4e:b5:eb:5d:60:
         f0:17:ff:9d:34:21:96:04:59:d4:cc:3f:ad:5d:a1:45:ae:3e:
         23:ff:65:d6
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQntdCMyhB5khg4py9c+XeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NTc0YmU2YWU3NmNkNTIzYjMzNzg3Y2ZiZGI2OTI2NDI2
M2QwNzQwHhcNMjUwMTAyMTU1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTBjYjExNmZiNmM3NDViZDg0ZDk1ZjQ2M2Q3ZGI0ZjYzZDIxODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKINFTf+qh1mDN+oYQmIQRQtLaZp
Z60ht9jqiH+zzXbHLaJE0jqJR8G3W7w6UVY52dzM7Y3V7hQYmtcHrF3ubeZ8kBz6
/ptdJjkSSmKcoq8bluDA3vwAYxzt5qra9fx4j1d2mHHM1ywO+kyCpdjop1oF4PKp
1COZreV2W7Rap19/ZoFwlmjHRXRA08aQMaMvkrKHXpjM4gfgL46mH7Ih2OJLAN+S
039nWoH6+DAGRJWXVdwksPgSNlGx40zeGdnp+nEfeNi79VP1k5UdUnBjoT8okM0F
U/dHk3oFMpyGXEg0bLL/QL4I/XiiNAD+/jQrDHRduHOemxGbZasEdMTteQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPoMsRb7bHRb2E2V9GPX209j0hhTMB8GA1UdIwQY
MBaAFDZXS+auds1SOzN4fPvbaSZCY9B0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMt
MThkZWQ4MGI0YjVkLzEvMS1neXhGdnRzZEZ2WVRaWDBZOWZiVDJQU0dGTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTkvN2UxZDk0LTE4NTQtNDczZC04NzUzLTE4ZGVkODBiNGI1
ZC8xL05sZEw1cTUyelZJN00zaDgtOXRwSmtKajBIUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAiXdYAME
A1T2kAMEArkkNAMEALlD7zANBgkqhkiG9w0BAQsFAAOCAQEAw3Bt1z3sSW+ALEuO
RbnINzbLtwuPFIurRke6X0U5StAkdAXvi2WESbzoSC59hVmXlf6q+puzGGiqviU3
hijwpr53WCUYobV+/U7SmxF7R6Hd5L6VitMXdnf7uF1jtuEIRump9u35q0W96FRf
dddlvDrD7YO0MWE+/n7Us8bK54ETZkkVORMNTuvzTBSt6sRkDWOjaMv2lDxkz7bh
U2Nt22/DHxZj/JwZfwtK4uICcg9ZxIV9CNmjupOFUow9psteHhPNqwxLe8T44mhk
5uQmCPG8jXGshLwX2l1l7P6l6YeTygBqL061611g8Bf/nTQhlgRZ1Mw/rV2hRa4+
I/9l1g==
-----END CERTIFICATE-----