Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/e4U8yl2fAVY2sT3p5fbr_erY7oA.roa
File:                     e4U8yl2fAVY2sT3p5fbr_erY7oA.roa (raw, json)
Hash identifier:          2KHYehyUkqT72mAQaz7HDc/red7uQn+krX6/aXcIZtE=
Subject key identifier:   7B:85:3C:CA:5D:9F:01:56:36:B1:3D:E9:E5:F6:EB:FD:EA:D8:EE:80
Certificate issuer:       /CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
Certificate serial:       01960F1581D4F0C4F5AA1D41E0469E344D3C
Authority key identifier: 89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/e4U8yl2fAVY2sT3p5fbr_erY7oA.roa
Signing time:             Mon 07 Apr 2025 07:09:49 +0000
ROA not before:           Mon 07 Apr 2025 07:09:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207147
IP address blocks:        45.11.68.0/22 maxlen: 24
                          45.88.128.0/22 maxlen: 24
                          84.247.4.0/22 maxlen: 24
                          85.204.148.0/22 maxlen: 24
                          85.204.148.0/24 maxlen: 24
                          85.204.149.0/24 maxlen: 24
                          85.204.150.0/24 maxlen: 24
                          85.204.151.0/24 maxlen: 24
                          89.37.228.0/22 maxlen: 24
                          130.0.88.0/22 maxlen: 24
                          176.223.176.0/22 maxlen: 24
                          185.164.212.0/22 maxlen: 24
                          185.178.88.0/22 maxlen: 24
                          185.178.91.0/24 maxlen: 24
                          185.194.120.0/22 maxlen: 24
                          185.237.40.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0f:15:81:d4:f0:c4:f5:aa:1d:41:e0:46:9e:34:4d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
        Validity
            Not Before: Apr  7 07:09:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b853cca5d9f015636b13de9e5f6ebfdead8ee80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9f:46:5c:b3:dd:a0:f5:5b:1f:cc:52:75:94:
                    ef:bd:fe:6c:a4:68:9e:15:95:75:92:48:46:d9:04:
                    0b:02:ae:d8:d9:c6:e2:af:40:32:e9:9d:d2:62:6f:
                    3f:bf:b1:c6:83:0a:0a:f4:1d:93:70:c1:a6:e7:a2:
                    bb:37:61:d3:f6:62:1d:ba:ef:cc:37:ef:25:ff:43:
                    a5:b3:e4:6f:04:50:6a:48:d6:46:38:ea:9e:fc:c1:
                    4b:d0:3d:4a:54:fa:62:d4:08:21:4a:f2:4d:4a:9c:
                    95:a8:9e:3e:60:fa:c7:61:dc:90:c0:dc:1e:71:cf:
                    81:36:01:06:db:4d:1d:e9:f3:2d:23:2d:f5:f7:34:
                    72:3a:70:5a:1a:f8:6a:93:66:c9:da:41:d9:80:1f:
                    b4:59:03:be:20:67:cc:db:98:84:12:cb:b4:a9:30:
                    74:76:08:81:3e:17:32:9a:1e:b4:57:ee:36:5e:ed:
                    b9:b8:07:13:cc:c0:56:ec:98:97:3a:ca:d3:58:a0:
                    2e:e7:3d:ae:f2:50:a4:6c:2e:81:e8:62:2e:7d:8d:
                    0f:02:b3:d0:f7:eb:45:7d:d6:dc:c1:c3:32:f6:f0:
                    32:d7:a6:7e:68:e4:a9:6f:2e:ee:05:a8:ae:cc:23:
                    3b:c1:55:38:f0:21:23:34:07:0c:8a:c2:fc:d7:17:
                    c8:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:85:3C:CA:5D:9F:01:56:36:B1:3D:E9:E5:F6:EB:FD:EA:D8:EE:80
            X509v3 Authority Key Identifier:
                keyid:89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/e4U8yl2fAVY2sT3p5fbr_erY7oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.68.0/22
                  45.88.128.0/22
                  84.247.4.0/22
                  85.204.148.0/22
                  89.37.228.0/22
                  130.0.88.0/22
                  176.223.176.0/22
                  185.164.212.0/22
                  185.178.88.0/22
                  185.194.120.0/22
                  185.237.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:3a:46:76:a9:54:3d:a4:2f:22:71:18:38:ca:d6:f2:d0:ef:
         83:48:a1:e8:a4:44:3c:bb:9d:b8:74:9c:63:e9:11:f1:bc:e3:
         8a:6a:71:cb:01:a9:9d:af:61:5d:77:27:7b:81:3a:b2:2a:78:
         24:67:0f:95:36:ce:b3:d9:f3:30:83:7e:64:13:3a:33:d3:66:
         24:4e:c1:2c:3e:6d:cf:53:d9:b1:19:47:9f:82:cc:69:4f:89:
         59:b9:7e:91:a5:08:19:0c:20:70:36:34:73:dc:8b:16:61:62:
         27:e6:2d:ce:c4:66:12:73:98:9b:05:c5:2a:41:72:b5:52:a0:
         43:ba:e6:f4:4d:f6:50:07:69:e2:3f:17:db:fb:3d:eb:05:8b:
         75:d0:ef:75:69:1d:c8:ff:de:0a:04:d6:3d:ea:f9:e7:d0:46:
         b5:fc:bb:bc:02:44:31:fe:fb:2e:06:65:04:80:f6:5c:09:cd:
         9f:4f:ca:3c:cc:f8:c0:60:48:b1:82:5d:5d:c3:8d:63:25:9d:
         f8:b3:6e:57:04:ea:25:6b:05:5b:11:1b:dc:d4:db:a4:4d:8b:
         b2:a1:07:9b:c0:f9:76:32:36:20:35:2c:01:c8:7b:60:c1:80:
         b0:7a:18:97:c3:66:f8:db:2b:e8:fc:de:24:78:6a:a2:a4:92:
         3a:76:56:48
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZYPFYHU8MT1qh1B4EaeNE08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NzhmZjVkYWIzM2M0MmRhNjVmZTRlMWFiZmJjYTRlYWZi
ZGQyYWEwHhcNMjUwNDA3MDcwOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjg1M2NjYTVkOWYwMTU2MzZiMTNkZTllNWY2ZWJmZGVhZDhlZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr59GXLPdoPVbH8xSdZTvvf5spGie
FZV1kkhG2QQLAq7Y2cbir0Ay6Z3SYm8/v7HGgwoK9B2TcMGm56K7N2HT9mIduu/M
N+8l/0Ols+RvBFBqSNZGOOqe/MFL0D1KVPpi1AghSvJNSpyVqJ4+YPrHYdyQwNwe
cc+BNgEG200d6fMtIy319zRyOnBaGvhqk2bJ2kHZgB+0WQO+IGfM25iEEsu0qTB0
dgiBPhcymh60V+42Xu25uAcTzMBW7JiXOsrTWKAu5z2u8lCkbC6B6GIufY0PArPQ
9+tFfdbcwcMy9vAy16Z+aOSpby7uBaiuzCM7wVU48CEjNAcMisL81xfIDQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHuFPMpdnwFWNrE96eX26/3q2O6AMB8GA1UdIwQY
MBaAFIl4/12rM8Qtpl/k4av7yk6vvdKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQt
ZDAyZDk2YzM2Y2EzLzEvZTRVOHlsMmZBVlkyc1QzcDVmYnJfZXJZN29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQtZDAyZDk2YzM2Y2Ez
LzEvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLQtEAwQC
LViAAwQCVPcEAwQCVcyUAwQCWSXkAwQCggBYAwQCsN+wAwQCuaTUAwQCubJYAwQC
ucJ4AwQCue0oMA0GCSqGSIb3DQEBCwUAA4IBAQAMOkZ2qVQ9pC8icRg4ytby0O+D
SKHopEQ8u524dJxj6RHxvOOKanHLAamdr2Fddyd7gTqyKngkZw+VNs6z2fMwg35k
Ezoz02YkTsEsPm3PU9mxGUefgsxpT4lZuX6RpQgZDCBwNjRz3IsWYWIn5i3OxGYS
c5ibBcUqQXK1UqBDuub0TfZQB2niPxfb+z3rBYt10O91aR3I/94KBNY96vnn0Ea1
/Lu8AkQx/vsuBmUEgPZcCc2fT8o8zPjAYEixgl1dw41jJZ34s25XBOolawVbERvc
1NukTYuyoQebwPl2MjYgNSwByHtgwYCwehiXw2b42yvo/N4keGqipJI6dlZI
-----END CERTIFICATE-----