Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/603rn0H0FYudCPnEfxZroe0bEXY.roa
File:                     603rn0H0FYudCPnEfxZroe0bEXY.roa (raw, json)
Hash identifier:          ryXJM2FJX8+vLU53wfrhHbpkwDPlYGyu3Muoyu9cgv0=
Subject key identifier:   EB:4D:EB:9F:41:F4:15:8B:9D:08:F9:C4:7F:16:6B:A1:ED:1B:11:76
Certificate issuer:       /CN=30a55632ec9034c9b9a3f290aaecd9a07c1f26ab
Certificate serial:       01958789305CB8ED0AA7EF94A77B7673FBB5
Authority key identifier: 30:A5:56:32:EC:90:34:C9:B9:A3:F2:90:AA:EC:D9:A0:7C:1F:26:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MKVWMuyQNMm5o_KQquzZoHwfJqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/603rn0H0FYudCPnEfxZroe0bEXY.roa
Signing time:             Tue 11 Mar 2025 23:27:49 +0000
ROA not before:           Tue 11 Mar 2025 23:27:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199508
IP address blocks:        45.8.128.0/22 maxlen: 22
                          62.220.252.0/22 maxlen: 22
                          85.194.236.0/23 maxlen: 23
                          89.41.48.0/24 maxlen: 24
                          89.42.43.0/24 maxlen: 24
                          93.90.48.0/20 maxlen: 20
                          185.11.208.0/22 maxlen: 22
                          185.195.149.0/24 maxlen: 24
                          185.195.150.0/23 maxlen: 23
                          195.192.250.0/23 maxlen: 23
                          2a01:b5a0::/32 maxlen: 32
                          2a03:6f40::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:87:89:30:5c:b8:ed:0a:a7:ef:94:a7:7b:76:73:fb:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30a55632ec9034c9b9a3f290aaecd9a07c1f26ab
        Validity
            Not Before: Mar 11 23:27:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb4deb9f41f4158b9d08f9c47f166ba1ed1b1176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ac:8a:37:e9:5a:91:ff:8a:17:f0:70:a8:17:
                    03:14:71:4f:29:dc:9c:5c:bf:fa:9a:b4:98:7a:e2:
                    46:83:3b:f3:de:0e:5f:dc:3a:db:9e:92:38:1e:ca:
                    3a:c1:a2:da:36:da:80:01:bc:0d:1a:6e:2c:fb:78:
                    18:bd:01:2b:f8:41:c0:68:19:71:14:b1:54:5a:1a:
                    2e:8e:2d:64:10:d5:98:bb:4b:80:52:30:3f:7a:57:
                    d8:be:c4:57:5e:64:87:35:b8:c1:fe:fd:5e:6b:e3:
                    48:57:81:a4:9f:75:db:99:c6:a3:ec:56:f3:cc:96:
                    b8:50:ff:54:46:81:5a:27:fd:c2:99:05:e4:e4:0a:
                    35:b3:bf:30:17:3d:8e:50:35:46:cd:a0:ce:b4:8f:
                    08:1f:92:40:cf:f8:1a:01:00:ea:9e:e0:ef:45:63:
                    0d:16:dd:9e:6d:92:0e:92:23:01:aa:e8:08:ed:f9:
                    ba:08:16:09:18:ae:7f:46:ea:2c:59:25:62:c1:44:
                    e4:5e:bc:df:cb:50:55:49:be:42:96:06:bc:32:79:
                    e1:f6:78:f8:87:77:fe:b3:b2:cb:dc:3e:5b:50:8c:
                    9d:ce:96:5b:0a:dd:78:71:7f:26:04:33:91:25:73:
                    f9:78:dc:80:cd:cd:99:48:97:c1:04:3d:18:48:3e:
                    92:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:4D:EB:9F:41:F4:15:8B:9D:08:F9:C4:7F:16:6B:A1:ED:1B:11:76
            X509v3 Authority Key Identifier:
                keyid:30:A5:56:32:EC:90:34:C9:B9:A3:F2:90:AA:EC:D9:A0:7C:1F:26:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MKVWMuyQNMm5o_KQquzZoHwfJqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/603rn0H0FYudCPnEfxZroe0bEXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/MKVWMuyQNMm5o_KQquzZoHwfJqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.128.0/22
                  62.220.252.0/22
                  85.194.236.0/23
                  89.41.48.0/24
                  89.42.43.0/24
                  93.90.48.0/20
                  185.11.208.0/22
                  185.195.149.0-185.195.151.255
                  195.192.250.0/23
                IPv6:
                  2a01:b5a0::/32
                  2a03:6f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:84:2d:ec:d3:fb:4d:ab:d2:ac:b9:d7:ed:dd:3d:14:94:ce:
         75:39:4a:06:aa:3b:5b:ff:ad:19:10:06:13:95:a1:43:c8:a4:
         8f:d0:dc:3f:be:e8:93:af:32:e4:b9:b3:c7:5b:92:2a:d5:dd:
         82:37:ef:3e:94:c2:ab:8a:72:01:eb:f4:9e:d5:83:13:ae:3e:
         a7:2e:33:a6:f7:90:8f:da:93:e5:61:19:58:c5:86:64:e8:f2:
         09:31:0f:35:65:87:24:f8:8c:49:21:26:c0:e1:d5:bf:47:13:
         cd:99:a3:3e:d1:75:02:9b:cf:8e:fa:ad:6a:1d:99:a8:e3:74:
         aa:a5:18:4e:0f:9c:30:4d:dc:5a:37:ff:51:9d:d8:47:0e:09:
         a3:32:5a:7e:51:53:c0:6e:30:ef:24:e6:8c:e8:34:85:97:a0:
         67:aa:0d:58:f9:50:30:16:a1:be:87:df:a4:7d:43:2b:b0:1c:
         3f:76:b2:7d:14:6b:c1:20:3b:c6:29:3c:e1:3e:39:c9:ba:5e:
         bc:d1:18:f4:a1:94:d8:a7:56:07:0e:73:0b:de:6a:c5:c3:81:
         de:c7:2c:25:51:d6:a9:1b:08:cc:df:b7:c8:4e:69:99:40:4f:
         71:4a:72:2a:59:c4:87:f1:d8:9d:ab:18:e4:73:fd:91:2f:14:
         3a:68:86:2d
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZWHiTBcuO0Kp++Up3t2c/u1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYTU1NjMyZWM5MDM0YzliOWEzZjI5MGFhZWNkOWEwN2Mx
ZjI2YWIwHhcNMjUwMzExMjMyNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjRkZWI5ZjQxZjQxNThiOWQwOGY5YzQ3ZjE2NmJhMWVkMWIxMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KyKN+lakf+KF/BwqBcDFHFPKdyc
XL/6mrSYeuJGgzvz3g5f3DrbnpI4Hso6waLaNtqAAbwNGm4s+3gYvQEr+EHAaBlx
FLFUWhouji1kENWYu0uAUjA/elfYvsRXXmSHNbjB/v1ea+NIV4Gkn3Xbmcaj7Fbz
zJa4UP9URoFaJ/3CmQXk5Ao1s78wFz2OUDVGzaDOtI8IH5JAz/gaAQDqnuDvRWMN
Ft2ebZIOkiMBqugI7fm6CBYJGK5/RuosWSViwUTkXrzfy1BVSb5Clga8Mnnh9nj4
h3f+s7LL3D5bUIydzpZbCt14cX8mBDORJXP5eNyAzc2ZSJfBBD0YSD6SQwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFOtN659B9BWLnQj5xH8Wa6HtGxF2MB8GA1UdIwQY
MBaAFDClVjLskDTJuaPykKrs2aB8HyarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtWV011eVFOTW01b19LUXF1elpvSHdmSnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84NTAwMjQtODRlZS00NGM4LWIyZDkt
N2QyMGViMDYzNDU1LzEvNjAzcm4wSDBGWXVkQ1BuRWZ4WnJvZTBiRVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84NTAwMjQtODRlZS00NGM4LWIyZDktN2QyMGViMDYzNDU1
LzEvTUtWV011eVFOTW01b19LUXF1elpvSHdmSnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQCLQiAAwQC
Ptz8AwQBVcLsAwQAWSkwAwQAWSorAwQEXVowAwQCuQvQMAwDBAC5w5UDBAO5w5AD
BAHDwPowFAQCAAIwDgMFACoBtaADBQAqA29AMA0GCSqGSIb3DQEBCwUAA4IBAQBr
hC3s0/tNq9Ksudft3T0UlM51OUoGqjtb/60ZEAYTlaFDyKSP0Nw/vuiTrzLkubPH
W5Iq1d2CN+8+lMKrinIB6/Se1YMTrj6nLjOm95CP2pPlYRlYxYZk6PIJMQ81ZYck
+IxJISbA4dW/RxPNmaM+0XUCm8+O+q1qHZmo43SqpRhOD5wwTdxaN/9RndhHDgmj
Mlp+UVPAbjDvJOaM6DSFl6Bnqg1Y+VAwFqG+h9+kfUMrsBw/drJ9FGvBIDvGKTzh
PjnJul680Rj0oZTYp1YHDnML3mrFw4HexywlUdapGwjM37fITmmZQE9xSnIqWcSH
8didqxjkc/2RLxQ6aIYt
-----END CERTIFICATE-----