Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/604346-c97c-4097-8997-55c3d129ec28/1/bQ3rdpybFWSSg24nniUWCWtv9Z0.roa
File:                     bQ3rdpybFWSSg24nniUWCWtv9Z0.roa (raw, json)
Hash identifier:          Udp019RNIUS5kM1bsNno1+vbsm4XNBOuegHKERqhO0U=
Subject key identifier:   6D:0D:EB:76:9C:9B:15:64:92:83:6E:27:9E:25:16:09:6B:6F:F5:9D
Certificate issuer:       /CN=646579561eca5879a747025e5798487b19cd2a97
Certificate serial:       019421446B5F871129091F6BBEDFE461B862
Authority key identifier: 64:65:79:56:1E:CA:58:79:A7:47:02:5E:57:98:48:7B:19:CD:2A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZGV5Vh7KWHmnRwJeV5hIexnNKpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/604346-c97c-4097-8997-55c3d129ec28/1/bQ3rdpybFWSSg24nniUWCWtv9Z0.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51409
IP address blocks:        45.146.156.0/24 maxlen: 24
                          45.146.157.0/24 maxlen: 24
                          45.146.158.0/24 maxlen: 24
                          45.146.159.0/24 maxlen: 24
                          178.255.56.0/21 maxlen: 21
                          178.255.56.0/24 maxlen: 24
                          178.255.57.0/24 maxlen: 24
                          178.255.58.0/24 maxlen: 24
                          178.255.59.0/24 maxlen: 24
                          178.255.60.0/24 maxlen: 24
                          178.255.61.0/24 maxlen: 24
                          178.255.62.0/24 maxlen: 24
                          178.255.63.0/24 maxlen: 24
                          185.41.224.0/22 maxlen: 22
                          185.41.224.0/24 maxlen: 24
                          185.41.225.0/24 maxlen: 24
                          185.41.226.0/24 maxlen: 24
                          185.41.227.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6b:5f:87:11:29:09:1f:6b:be:df:e4:61:b8:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=646579561eca5879a747025e5798487b19cd2a97
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d0deb769c9b156492836e279e2516096b6ff59d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:91:dc:49:64:e6:e6:d3:08:be:bc:f3:03:e4:
                    14:af:7a:c4:41:89:c5:13:4c:55:81:4c:28:7d:61:
                    a6:85:c7:ed:25:ff:7d:70:0b:8c:b6:87:76:4a:b7:
                    36:e6:8b:63:7f:2b:8c:f0:f4:75:20:b8:c8:46:ae:
                    b6:7d:48:70:f4:99:79:18:ca:47:67:1d:dd:2f:f1:
                    f4:a6:e2:8d:23:ca:f0:c1:6f:d5:7c:0d:3c:f1:9e:
                    d7:0b:75:a7:76:79:e6:de:d5:63:ed:bf:70:f4:32:
                    d3:a2:31:88:51:dc:96:98:c2:5c:f6:0f:2d:74:0e:
                    17:44:87:fd:3f:1c:19:0e:be:99:7d:34:97:e4:90:
                    21:5c:e4:ea:14:b9:65:dd:27:53:aa:b5:75:74:e8:
                    a9:5b:be:15:4e:7e:d8:14:80:03:2c:9e:28:c0:72:
                    4a:25:39:bd:8d:a6:68:4c:50:77:bb:7f:af:04:45:
                    ac:c6:e8:74:10:d5:d5:ae:ef:f8:84:d7:92:44:93:
                    f4:53:51:41:e5:4f:d5:23:52:d7:d9:64:5f:79:c2:
                    da:d8:b8:64:65:7d:e7:a6:4c:fc:76:a0:02:12:82:
                    38:c8:36:0c:d4:c2:76:3a:d7:85:37:a4:4d:35:e3:
                    4c:7a:08:9d:21:56:eb:00:c5:43:d7:e0:97:11:f3:
                    8b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0D:EB:76:9C:9B:15:64:92:83:6E:27:9E:25:16:09:6B:6F:F5:9D
            X509v3 Authority Key Identifier:
                keyid:64:65:79:56:1E:CA:58:79:A7:47:02:5E:57:98:48:7B:19:CD:2A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZGV5Vh7KWHmnRwJeV5hIexnNKpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/604346-c97c-4097-8997-55c3d129ec28/1/bQ3rdpybFWSSg24nniUWCWtv9Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/604346-c97c-4097-8997-55c3d129ec28/1/ZGV5Vh7KWHmnRwJeV5hIexnNKpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.156.0/22
                  178.255.56.0/21
                  185.41.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:25:08:a8:55:b2:9d:8f:a2:d0:35:f3:93:6b:10:e5:f5:bb:
         b4:f7:e9:96:91:97:20:06:37:32:ba:06:69:7a:cc:b8:52:e1:
         c2:fd:ef:be:77:bb:95:fa:f2:db:8d:68:32:98:62:d4:83:a7:
         22:14:b2:7a:8d:e8:bb:17:25:e4:d3:c0:f1:00:6d:51:fa:c0:
         7c:ae:84:54:f9:20:f5:09:b3:78:98:34:a6:64:aa:0c:44:60:
         3d:b1:09:d7:f3:5e:98:79:fd:10:f9:04:e0:ab:85:32:8b:9c:
         2f:89:ae:d9:b1:c7:59:5c:7c:82:b0:85:5f:16:44:24:4f:0e:
         b7:70:38:e1:90:d9:71:eb:f6:55:b0:2c:21:22:62:c3:c4:b6:
         75:7b:0c:7f:63:c8:de:0c:c8:7e:ce:80:23:b4:83:13:70:3c:
         0d:01:7c:b8:f1:6b:c7:f0:a5:07:9a:03:7e:2a:68:ab:5a:97:
         7a:4d:c7:31:77:35:60:a6:49:05:c6:5f:7e:8e:6a:21:f2:cf:
         42:15:0e:3f:04:0a:f9:a2:0f:b7:fc:9f:98:7e:e7:10:78:1f:
         8c:70:c8:87:1f:84:01:81:7f:e0:8f:42:4e:e6:9a:4a:eb:0e:
         7e:aa:60:a1:8e:1e:01:80:b3:a7:b7:3c:7e:e9:c9:32:f3:d4:
         aa:d7:52:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRGtfhxEpCR9rvt/kYbhiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NjU3OTU2MWVjYTU4NzlhNzQ3MDI1ZTU3OTg0ODdiMTlj
ZDJhOTcwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBkZWI3NjljOWIxNTY0OTI4MzZlMjc5ZTI1MTYwOTZiNmZmNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5HcSWTm5tMIvrzzA+QUr3rEQYnF
E0xVgUwofWGmhcftJf99cAuMtod2Src25otjfyuM8PR1ILjIRq62fUhw9Jl5GMpH
Zx3dL/H0puKNI8rwwW/VfA088Z7XC3Wndnnm3tVj7b9w9DLTojGIUdyWmMJc9g8t
dA4XRIf9PxwZDr6ZfTSX5JAhXOTqFLll3SdTqrV1dOipW74VTn7YFIADLJ4owHJK
JTm9jaZoTFB3u3+vBEWsxuh0ENXVru/4hNeSRJP0U1FB5U/VI1LX2WRfecLa2Lhk
ZX3npkz8dqACEoI4yDYM1MJ2OteFN6RNNeNMegidIVbrAMVD1+CXEfOLkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG0N63acmxVkkoNuJ54lFglrb/WdMB8GA1UdIwQY
MBaAFGRleVYeylh5p0cCXleYSHsZzSqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkdWNVZoN0tXSG1uUndKZVY1aElleG5OS3BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MDQzNDYtYzk3Yy00MDk3LTg5OTct
NTVjM2QxMjllYzI4LzEvYlEzcmRweWJGV1NTZzI0bm5pVVdDV3R2OVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MDQzNDYtYzk3Yy00MDk3LTg5OTctNTVjM2QxMjllYzI4
LzEvWkdWNVZoN0tXSG1uUndKZVY1aElleG5OS3BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZKcAwQD
sv84AwQCuSngMA0GCSqGSIb3DQEBCwUAA4IBAQAKJQioVbKdj6LQNfOTaxDl9bu0
9+mWkZcgBjcyugZpesy4UuHC/e++d7uV+vLbjWgymGLUg6ciFLJ6jei7FyXk08Dx
AG1R+sB8roRU+SD1CbN4mDSmZKoMRGA9sQnX816Yef0Q+QTgq4Uyi5wvia7ZscdZ
XHyCsIVfFkQkTw63cDjhkNlx6/ZVsCwhImLDxLZ1ewx/Y8jeDMh+zoAjtIMTcDwN
AXy48WvH8KUHmgN+KmirWpd6TccxdzVgpkkFxl9+jmoh8s9CFQ4/BAr5og+3/J+Y
fucQeB+McMiHH4QBgX/gj0JO5ppK6w5+qmChjh4BgLOntzx+6cky89Sq11I6
-----END CERTIFICATE-----