Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/LrywKY1LoY8GcXIWOHBLAQsaGY4.roa
File:                     LrywKY1LoY8GcXIWOHBLAQsaGY4.roa (raw, json)
Hash identifier:          Eu2nYI6rwtsPGEbi0djos1VvrTBV/RR6ROpQa4PsnQA=
Subject key identifier:   2E:BC:B0:29:8D:4B:A1:8F:06:71:72:16:38:70:4B:01:0B:1A:19:8E
Certificate issuer:       /CN=464dcfa96399716692d245a804887c09da451f8f
Certificate serial:       0194252230E7D94E6521A9D9B936220D4BE8
Authority key identifier: 46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/LrywKY1LoY8GcXIWOHBLAQsaGY4.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51173
IP address blocks:        37.203.48.0/24 maxlen: 24
                          37.203.49.0/24 maxlen: 24
                          37.203.50.0/24 maxlen: 24
                          37.203.51.0/24 maxlen: 24
                          37.203.52.0/24 maxlen: 24
                          37.203.53.0/24 maxlen: 24
                          37.203.54.0/24 maxlen: 24
                          89.106.136.0/24 maxlen: 24
                          89.106.137.0/24 maxlen: 24
                          89.106.138.0/24 maxlen: 24
                          89.106.139.0/24 maxlen: 24
                          89.106.140.0/24 maxlen: 24
                          89.106.141.0/24 maxlen: 24
                          89.106.142.0/24 maxlen: 24
                          89.106.143.0/24 maxlen: 24
                          185.94.46.0/24 maxlen: 24
                          185.94.47.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:30:e7:d9:4e:65:21:a9:d9:b9:36:22:0d:4b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464dcfa96399716692d245a804887c09da451f8f
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ebcb0298d4ba18f0671721638704b010b1a198e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:35:6b:39:11:01:c3:f8:c0:b7:d9:09:7c:c0:
                    13:68:b2:a5:45:aa:e8:a6:b4:c2:91:f5:6c:ba:8e:
                    0f:31:9c:86:0f:66:fd:17:f2:cf:fc:84:21:49:12:
                    57:20:50:0b:57:79:26:c6:d2:86:6e:a6:20:b1:ff:
                    3b:fb:d2:fe:19:be:e5:b0:49:8a:04:8c:1e:bc:0f:
                    f2:66:33:7d:ed:f3:6d:c8:90:81:e0:b8:d6:aa:17:
                    6b:f9:db:0d:95:88:33:5c:53:e0:40:a7:e4:24:a0:
                    93:29:e0:7e:52:c6:3e:43:8a:0f:f7:1f:13:87:aa:
                    0f:39:11:01:61:55:74:87:e0:c9:6e:06:6d:25:d3:
                    82:a7:ed:05:41:96:1d:f2:3d:97:2e:34:3a:1a:15:
                    68:dc:b4:7f:3f:2d:33:05:b5:24:ab:84:7f:1c:3a:
                    3b:96:05:c7:0f:d0:2a:04:88:b1:7b:4f:59:6a:e2:
                    9b:01:e6:e8:db:7f:f1:1e:2f:df:06:e8:93:6c:eb:
                    c3:2b:85:37:2f:01:5f:b8:db:7b:1e:06:8e:26:45:
                    f3:69:98:a8:22:97:53:71:9e:11:46:ea:8e:20:91:
                    70:59:76:b0:4a:48:6d:1e:a4:e4:5f:57:4c:b8:de:
                    68:41:d6:bf:a6:cb:60:23:e9:6f:8c:95:0e:d2:2c:
                    04:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:BC:B0:29:8D:4B:A1:8F:06:71:72:16:38:70:4B:01:0B:1A:19:8E
            X509v3 Authority Key Identifier:
                keyid:46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/LrywKY1LoY8GcXIWOHBLAQsaGY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.48.0-37.203.54.255
                  89.106.136.0/21
                  185.94.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:ff:81:23:06:68:64:e8:57:7e:6c:75:b2:50:2f:36:4d:a0:
         01:b5:d3:7b:eb:44:69:8d:7a:ac:af:86:56:f2:ac:1c:fc:50:
         42:a4:e9:73:50:81:6d:2c:8c:c3:b9:25:ff:9a:f6:0d:06:a8:
         ce:81:41:d1:a7:d0:19:1a:39:c7:03:88:c0:ea:a6:05:a6:70:
         6e:eb:58:b9:eb:66:72:cd:02:58:08:cc:dc:78:22:b3:5e:9e:
         d3:c8:da:7c:15:1e:c9:7c:0b:b0:ad:b4:0c:2b:e5:9d:9d:1b:
         e4:0b:63:65:af:a2:2b:88:4b:ac:53:61:d1:c1:3b:5c:fc:a1:
         f9:4e:94:66:01:9f:0f:88:16:3a:f0:63:d0:0c:a6:01:6a:6a:
         91:f9:72:32:c2:71:9b:a2:b3:c3:c2:da:37:83:af:64:31:1a:
         42:71:76:ef:c6:f8:53:5d:27:26:c0:f2:b6:cb:14:58:66:d5:
         07:56:89:c0:8f:0d:b1:eb:e3:6d:03:e0:cb:46:f9:0f:52:aa:
         12:cb:7a:bb:22:3b:a6:f9:5c:56:7d:1b:e2:ff:82:a8:55:34:
         55:d2:b2:4d:8a:c5:cd:b0:ae:c7:18:5b:c7:c1:d1:ee:32:df:
         7e:03:9d:03:ed:ce:fc:0b:44:88:19:13:8c:b9:90:1e:b0:6a:
         31:63:46:59
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQlIjDn2U5lIanZuTYiDUvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGRjZmE5NjM5OTcxNjY5MmQyNDVhODA0ODg3YzA5ZGE0
NTFmOGYwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWJjYjAyOThkNGJhMThmMDY3MTcyMTYzODcwNGIwMTBiMWExOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjVrOREBw/jAt9kJfMATaLKlRaro
prTCkfVsuo4PMZyGD2b9F/LP/IQhSRJXIFALV3kmxtKGbqYgsf87+9L+Gb7lsEmK
BIwevA/yZjN97fNtyJCB4LjWqhdr+dsNlYgzXFPgQKfkJKCTKeB+UsY+Q4oP9x8T
h6oPOREBYVV0h+DJbgZtJdOCp+0FQZYd8j2XLjQ6GhVo3LR/Py0zBbUkq4R/HDo7
lgXHD9AqBIixe09ZauKbAebo23/xHi/fBuiTbOvDK4U3LwFfuNt7HgaOJkXzaZio
IpdTcZ4RRuqOIJFwWXawSkhtHqTkX1dMuN5oQda/pstgI+lvjJUO0iwEnQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFC68sCmNS6GPBnFyFjhwSwELGhmOMB8GA1UdIwQY
MBaAFEZNz6ljmXFmktJFqASIfAnaRR+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTct
YWYxZjM2ODExMDk4LzEvTHJ5d0tZMUxvWThHY1hJV09IQkxBUXNhR1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTctYWYxZjM2ODExMDk4
LzEvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAQlyzAD
BAAlyzYDBANZaogDBAG5Xi4wDQYJKoZIhvcNAQELBQADggEBACP/gSMGaGToV35s
dbJQLzZNoAG103vrRGmNeqyvhlbyrBz8UEKk6XNQgW0sjMO5Jf+a9g0GqM6BQdGn
0BkaOccDiMDqpgWmcG7rWLnrZnLNAlgIzNx4IrNentPI2nwVHsl8C7CttAwr5Z2d
G+QLY2WvoiuIS6xTYdHBO1z8oflOlGYBnw+IFjrwY9AMpgFqapH5cjLCcZuis8PC
2jeDr2QxGkJxdu/G+FNdJybA8rbLFFhm1QdWicCPDbHr420D4MtG+Q9SqhLLersi
O6b5XFZ9G+L/gqhVNFXSsk2Kxc2wrscYW8fB0e4y334DnQPtzvwLRIgZE4y5kB6w
ajFjRlk=
-----END CERTIFICATE-----