Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/2UCbDoS3ycyYJJre1asZT-TvgMA.roa
File:                     2UCbDoS3ycyYJJre1asZT-TvgMA.roa (raw, json)
Hash identifier:          DT/mBjBdX0oTgiUzQgQuXZrljdo+CoIj0mpOVzjBOfI=
Subject key identifier:   D9:40:9B:0E:84:B7:C9:CC:98:24:9A:DE:D5:AB:19:4F:E4:EF:80:C0
Certificate issuer:       /CN=586936266e980dd203b2cbeb1c9c4570604b911b
Certificate serial:       019424B3EB29518950100D13C8B8C9DED5DF
Authority key identifier: 58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/2UCbDoS3ycyYJJre1asZT-TvgMA.roa
Signing time:             Thu 02 Jan 2025 01:49:18 +0000
ROA not before:           Thu 02 Jan 2025 01:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57768
IP address blocks:        5.187.8.0/21 maxlen: 21
                          5.187.9.0/24 maxlen: 24
                          5.187.10.0/24 maxlen: 24
                          5.187.11.0/24 maxlen: 24
                          5.187.12.0/24 maxlen: 24
                          5.187.13.0/24 maxlen: 24
                          5.187.14.0/24 maxlen: 24
                          5.187.15.0/24 maxlen: 24
                          37.75.128.0/21 maxlen: 21
                          37.75.128.0/24 maxlen: 24
                          37.75.129.0/24 maxlen: 24
                          37.75.130.0/24 maxlen: 24
                          37.75.131.0/24 maxlen: 24
                          37.75.132.0/24 maxlen: 24
                          37.75.133.0/24 maxlen: 24
                          37.75.134.0/24 maxlen: 24
                          37.75.135.0/24 maxlen: 24
                          185.46.176.0/24 maxlen: 24
                          185.46.177.0/24 maxlen: 24
                          185.46.178.0/24 maxlen: 24
                          185.46.179.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:eb:29:51:89:50:10:0d:13:c8:b8:c9:de:d5:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586936266e980dd203b2cbeb1c9c4570604b911b
        Validity
            Not Before: Jan  2 01:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9409b0e84b7c9cc98249aded5ab194fe4ef80c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:25:84:02:b7:59:c4:de:e0:1f:a8:18:52:13:
                    16:91:cb:93:84:45:d3:e7:f0:b2:9f:c5:70:61:20:
                    9c:1e:b2:27:8e:de:43:42:38:69:a3:28:11:3d:a7:
                    02:48:99:c5:64:9c:62:bc:94:ce:85:b7:0a:fc:29:
                    6f:32:f2:ab:2b:4c:b1:11:6e:a0:ed:97:41:d3:ff:
                    a5:c8:bc:21:5e:dc:4a:ed:88:af:4b:aa:9a:cf:ea:
                    c9:22:9a:71:65:29:68:6b:77:74:7e:b1:31:91:20:
                    6f:74:aa:24:4c:ad:6b:9c:93:f5:83:6a:48:d0:93:
                    90:21:5e:30:79:de:7a:32:87:c5:51:60:0b:56:52:
                    3f:46:64:06:ee:b1:70:31:56:e5:b6:02:16:fc:0c:
                    b8:de:29:03:50:24:17:03:af:61:b0:3c:08:ae:e5:
                    e7:10:d8:22:06:d9:b0:99:49:e2:8d:4c:39:0f:fa:
                    80:cd:8f:42:52:11:17:7d:e1:10:e5:c4:55:01:93:
                    e6:22:85:c2:6d:26:9f:e7:0e:1e:56:d5:79:67:d9:
                    13:b6:f7:36:3c:c7:82:c7:75:f4:25:6b:ac:69:1c:
                    18:f1:5e:5d:f7:87:01:c8:e2:ba:8e:f9:ee:cb:2e:
                    22:70:b2:4e:aa:7c:5e:57:91:db:8b:98:85:50:34:
                    0d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:40:9B:0E:84:B7:C9:CC:98:24:9A:DE:D5:AB:19:4F:E4:EF:80:C0
            X509v3 Authority Key Identifier:
                keyid:58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/2UCbDoS3ycyYJJre1asZT-TvgMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.187.8.0/21
                  37.75.128.0/21
                  185.46.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:e2:9e:ac:9b:13:d0:56:ff:6a:4c:72:dd:85:80:61:7b:94:
         19:40:25:ab:f9:d6:60:13:ba:a2:43:1a:29:96:84:74:c1:df:
         f7:71:03:b7:80:1e:b5:90:fd:be:d9:8d:18:b6:16:4e:fb:14:
         68:44:4b:05:a7:2c:fa:3f:56:04:e3:49:96:26:06:47:13:69:
         c0:c0:ee:61:0d:b8:d9:e9:a8:3d:4f:d3:37:c2:60:eb:de:d3:
         2b:60:8b:94:41:ab:b4:44:9b:b7:d8:aa:42:4a:29:aa:7c:cf:
         23:96:1f:dc:dc:4a:53:66:3f:f9:ac:0c:ec:c1:84:27:a9:f4:
         10:d1:72:c5:61:66:57:1c:ba:a8:37:02:26:1d:15:94:21:3e:
         41:0f:af:10:5c:8a:8a:fd:a6:a5:bd:10:b3:21:f1:ec:a6:80:
         85:4b:c3:98:af:97:ca:00:10:a1:7a:65:41:8b:a8:88:05:91:
         01:d3:06:56:55:43:c3:4f:7f:5d:06:23:eb:b2:04:d5:28:df:
         cb:50:b2:21:c1:fe:42:76:3a:ab:62:0a:6b:37:49:0f:b8:ae:
         8f:6e:e5:78:35:bd:12:1f:4e:2a:fa:4a:31:de:45:80:d7:c8:
         52:a7:d0:9e:d2:78:c8:4b:13:c4:6b:52:9e:87:83:80:14:bb:
         1e:39:6b:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQks+spUYlQEA0TyLjJ3tXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjkzNjI2NmU5ODBkZDIwM2IyY2JlYjFjOWM0NTcwNjA0
YjkxMWIwHhcNMjUwMTAyMDE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQwOWIwZTg0YjdjOWNjOTgyNDlhZGVkNWFiMTk0ZmU0ZWY4MGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iWEArdZxN7gH6gYUhMWkcuThEXT
5/Cyn8VwYSCcHrInjt5DQjhpoygRPacCSJnFZJxivJTOhbcK/ClvMvKrK0yxEW6g
7ZdB0/+lyLwhXtxK7YivS6qaz+rJIppxZSloa3d0frExkSBvdKokTK1rnJP1g2pI
0JOQIV4wed56MofFUWALVlI/RmQG7rFwMVbltgIW/Ay43ikDUCQXA69hsDwIruXn
ENgiBtmwmUnijUw5D/qAzY9CUhEXfeEQ5cRVAZPmIoXCbSaf5w4eVtV5Z9kTtvc2
PMeCx3X0JWusaRwY8V5d94cByOK6jvnuyy4icLJOqnxeV5Hbi5iFUDQN/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNlAmw6Et8nMmCSa3tWrGU/k74DAMB8GA1UdIwQY
MBaAFFhpNiZumA3SA7LL6xycRXBgS5EbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEt
N2RhMTgzZWZmMTE1LzEvMlVDYkRvUzN5Y3lZSkpyZTFhc1pULVR2Z01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEtN2RhMTgzZWZmMTE1
LzEvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBbsIAwQD
JUuAAwQCuS6wMA0GCSqGSIb3DQEBCwUAA4IBAQAI4p6smxPQVv9qTHLdhYBhe5QZ
QCWr+dZgE7qiQxoploR0wd/3cQO3gB61kP2+2Y0YthZO+xRoREsFpyz6P1YE40mW
JgZHE2nAwO5hDbjZ6ag9T9M3wmDr3tMrYIuUQau0RJu32KpCSimqfM8jlh/c3EpT
Zj/5rAzswYQnqfQQ0XLFYWZXHLqoNwImHRWUIT5BD68QXIqK/aalvRCzIfHspoCF
S8OYr5fKABChemVBi6iIBZEB0wZWVUPDT39dBiPrsgTVKN/LULIhwf5CdjqrYgpr
N0kPuK6PbuV4Nb0SH04q+kox3kWA18hSp9Ce0njISxPEa1Keh4OAFLseOWtb
-----END CERTIFICATE-----