Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/37b64a-cc5e-4630-96f2-7218a31790f3/1/UsGWlIi-7uiN8zG8NI59NtV5c7I.roa
File:                     UsGWlIi-7uiN8zG8NI59NtV5c7I.roa (raw, json)
Hash identifier:          2oRhDUdkNy5+apDfmRqRD6+hJvX2S16eZftFWdMCk1k=
Subject key identifier:   52:C1:96:94:88:BE:EE:E8:8D:F3:31:BC:34:8E:7D:36:D5:79:73:B2
Certificate issuer:       /CN=25abe67b21d323b2b2b442c6b06ae32cc280358d
Certificate serial:       019427487929A959CE4A23F0C4EE992E7726
Authority key identifier: 25:AB:E6:7B:21:D3:23:B2:B2:B4:42:C6:B0:6A:E3:2C:C2:80:35:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JavmeyHTI7KytELGsGrjLMKANY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/37b64a-cc5e-4630-96f2-7218a31790f3/1/UsGWlIi-7uiN8zG8NI59NtV5c7I.roa
Signing time:             Thu 02 Jan 2025 13:50:48 +0000
ROA not before:           Thu 02 Jan 2025 13:50:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13170
IP address blocks:        46.254.96.0/21 maxlen: 21
                          62.145.160.0/19 maxlen: 19
                          77.223.32.0/19 maxlen: 19
                          85.29.64.0/18 maxlen: 18
                          185.69.36.0/22 maxlen: 22
                          185.69.72.0/22 maxlen: 22
                          212.116.32.0/19 maxlen: 19
                          213.143.160.0/19 maxlen: 19
                          213.145.192.0/19 maxlen: 19
                          2a04:25c0::/29 maxlen: 29
                          2a05:1f40::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:79:29:a9:59:ce:4a:23:f0:c4:ee:99:2e:77:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25abe67b21d323b2b2b442c6b06ae32cc280358d
        Validity
            Not Before: Jan  2 13:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52c1969488beeee88df331bc348e7d36d57973b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0d:a1:88:62:16:93:09:fd:31:53:37:78:0d:
                    42:ba:1c:c3:ba:b7:66:ca:d1:10:df:a2:8e:41:ba:
                    c0:15:3d:d5:45:77:4d:60:ca:c5:ed:5e:96:44:55:
                    ad:35:25:5f:c9:96:de:98:f3:73:95:13:48:32:3c:
                    89:7a:17:ce:d0:38:98:35:8d:d9:b0:35:39:9f:e7:
                    c3:44:28:24:20:d1:8b:93:74:9b:de:fd:64:54:29:
                    85:d6:98:d3:35:02:f2:93:03:78:01:56:9d:64:18:
                    c1:2e:d1:af:18:3f:f8:d2:4f:29:ed:6c:a9:45:07:
                    54:b8:d5:f7:bc:c0:9b:2e:8e:30:43:75:3f:dd:28:
                    ad:82:1c:30:c8:d9:67:98:b7:7a:f1:f4:25:d1:5b:
                    c2:4c:81:50:4a:21:7a:0b:f8:1c:a2:91:53:44:05:
                    63:13:46:7c:ae:98:0e:e6:31:8b:5e:35:4a:4d:ac:
                    66:88:70:47:22:16:f2:ed:24:a5:e6:f1:cb:d0:98:
                    53:e0:51:86:c3:da:b6:9a:83:02:8e:91:b7:b9:ac:
                    db:69:c4:4d:2a:ce:b7:55:69:3c:1f:e6:20:aa:9c:
                    df:23:2f:ae:b3:2b:24:6d:ea:d7:dc:90:7c:a9:e1:
                    3e:75:98:ae:34:c6:03:d6:f4:54:63:c5:1e:07:55:
                    33:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C1:96:94:88:BE:EE:E8:8D:F3:31:BC:34:8E:7D:36:D5:79:73:B2
            X509v3 Authority Key Identifier:
                keyid:25:AB:E6:7B:21:D3:23:B2:B2:B4:42:C6:B0:6A:E3:2C:C2:80:35:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JavmeyHTI7KytELGsGrjLMKANY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/37b64a-cc5e-4630-96f2-7218a31790f3/1/UsGWlIi-7uiN8zG8NI59NtV5c7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/37b64a-cc5e-4630-96f2-7218a31790f3/1/JavmeyHTI7KytELGsGrjLMKANY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.96.0/21
                  62.145.160.0/19
                  77.223.32.0/19
                  85.29.64.0/18
                  185.69.36.0/22
                  185.69.72.0/22
                  212.116.32.0/19
                  213.143.160.0/19
                  213.145.192.0/19
                IPv6:
                  2a04:25c0::/29
                  2a05:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:3f:4b:91:29:ba:0a:af:7d:70:10:e2:58:3c:85:eb:45:22:
         58:ec:7e:b9:8c:28:af:f4:d8:ff:8d:88:7b:42:92:81:6d:16:
         0b:f1:65:91:9e:f3:80:d1:4c:a0:f7:58:39:1a:be:6c:97:ae:
         7f:6b:c8:ac:4b:02:38:cd:8d:22:50:77:18:19:bb:86:be:60:
         67:f5:c0:24:bc:45:59:fc:9c:55:fd:e0:62:0a:dd:31:dc:60:
         3f:93:4f:42:06:fa:f2:6a:ef:e9:8e:8d:94:dd:2a:31:79:d9:
         73:a6:c2:2c:ec:d0:08:02:23:ad:d6:34:ec:13:ad:a8:23:fb:
         d9:cb:b0:db:86:34:5c:0c:4d:d8:ff:0b:fb:17:24:ce:ad:a4:
         18:ff:c7:e0:95:e3:63:a6:22:de:e6:f8:71:8d:19:d7:08:67:
         30:77:90:c8:e1:40:69:04:a1:7e:e2:88:8e:21:d2:53:a2:c8:
         b9:f9:cc:77:67:c6:79:52:23:a9:c0:53:f9:2d:d6:50:ec:57:
         36:a9:2a:2d:b4:fb:c1:b1:6f:ef:74:59:af:fc:b4:96:2b:90:
         d8:bf:a0:f6:8c:58:60:02:52:d7:e6:97:eb:17:52:b5:51:69:
         01:99:96:72:b9:2e:bd:b1:26:9a:bd:89:44:07:ad:10:01:48:
         74:40:9f:7f
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQnSHkpqVnOSiPwxO6ZLncmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWJlNjdiMjFkMzIzYjJiMmI0NDJjNmIwNmFlMzJjYzI4
MDM1OGQwHhcNMjUwMTAyMTM1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmMxOTY5NDg4YmVlZWU4OGRmMzMxYmMzNDhlN2QzNmQ1Nzk3M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA2hiGIWkwn9MVM3eA1CuhzDurdm
ytEQ36KOQbrAFT3VRXdNYMrF7V6WRFWtNSVfyZbemPNzlRNIMjyJehfO0DiYNY3Z
sDU5n+fDRCgkINGLk3Sb3v1kVCmF1pjTNQLykwN4AVadZBjBLtGvGD/40k8p7Wyp
RQdUuNX3vMCbLo4wQ3U/3SitghwwyNlnmLd68fQl0VvCTIFQSiF6C/gcopFTRAVj
E0Z8rpgO5jGLXjVKTaxmiHBHIhby7SSl5vHL0JhT4FGGw9q2moMCjpG3uazbacRN
Ks63VWk8H+YgqpzfIy+usyskberX3JB8qeE+dZiuNMYD1vRUY8UeB1UzyQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFFLBlpSIvu7ojfMxvDSOfTbVeXOyMB8GA1UdIwQY
MBaAFCWr5nsh0yOysrRCxrBq4yzCgDWNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmF2bWV5SFRJN0t5dEVMR3NHcmpMTUtBTlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8zN2I2NGEtY2M1ZS00NjMwLTk2ZjIt
NzIxOGEzMTc5MGYzLzEvVXNHV2xJaS03dWlOOHpHOE5JNTlOdFY1YzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8zN2I2NGEtY2M1ZS00NjMwLTk2ZjItNzIxOGEzMTc5MGYz
LzEvSmF2bWV5SFRJN0t5dEVMR3NHcmpMTUtBTlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDLv5gAwQF
PpGgAwQFTd8gAwQGVR1AAwQCuUUkAwQCuUVIAwQF1HQgAwQF1Y+gAwQF1ZHAMBQE
AgACMA4DBQMqBCXAAwUDKgUfQDANBgkqhkiG9w0BAQsFAAOCAQEAEz9LkSm6Cq99
cBDiWDyF60UiWOx+uYwor/TY/42Ie0KSgW0WC/FlkZ7zgNFMoPdYORq+bJeuf2vI
rEsCOM2NIlB3GBm7hr5gZ/XAJLxFWfycVf3gYgrdMdxgP5NPQgb68mrv6Y6NlN0q
MXnZc6bCLOzQCAIjrdY07BOtqCP72cuw24Y0XAxN2P8L+xckzq2kGP/H4JXjY6Yi
3ub4cY0Z1whnMHeQyOFAaQShfuKIjiHSU6LIufnMd2fGeVIjqcBT+S3WUOxXNqkq
LbT7wbFv73RZr/y0liuQ2L+g9oxYYAJS1+aX6xdStVFpAZmWcrkuvbEmmr2JRAet
EAFIdECffw==
-----END CERTIFICATE-----