Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/t8ZbUm_iDsslRmYrrXIDvbxIG3o.roa
File:                     t8ZbUm_iDsslRmYrrXIDvbxIG3o.roa (raw, json)
Hash identifier:          5gVtsMrH5fp0xLK+z+5yoBZwUXid2JWOPqGbaKNflP0=
Subject key identifier:   B7:C6:5B:52:6F:E2:0E:CB:25:46:66:2B:AD:72:03:BD:BC:48:1B:7A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521EE75423FCE5F5F079ACEC6CC1DC2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/t8ZbUm_iDsslRmYrrXIDvbxIG3o.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149977
IP address blocks:        85.202.203.0/24 maxlen: 24
                          2a0e:97c0:aa0::/44 maxlen: 48
                          2a0f:e404:105::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ee:75:42:3f:ce:5f:5f:07:9a:ce:c6:cc:1d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7c65b526fe20ecb2546662bad7203bdbc481b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:03:34:41:91:7c:24:8b:0d:65:61:23:67:44:
                    25:8a:19:a5:b3:c1:a8:00:90:b5:f8:00:1a:36:b4:
                    a2:1b:f0:8f:94:0a:2e:a0:5f:cc:01:24:58:77:cb:
                    54:e1:0e:7f:26:be:7d:da:08:1c:cc:8c:e9:53:48:
                    7b:5f:50:b4:d2:b5:a7:51:35:a1:f7:e3:3e:49:ba:
                    e7:90:3a:98:e5:d2:1c:4b:1e:34:84:e3:c7:d0:73:
                    ad:bc:d1:6e:68:9d:d5:0d:fd:a0:43:b6:97:e6:db:
                    13:71:31:db:3e:35:84:57:1b:ff:fc:02:e2:77:ea:
                    be:fc:7f:c2:91:5a:bc:6b:b8:bd:b6:0b:97:74:16:
                    99:e5:3d:9c:a9:b4:d6:b1:7f:e7:45:14:d1:dd:42:
                    59:7b:7a:28:cc:b4:f6:cc:61:27:a1:71:1a:0f:35:
                    2b:cf:f8:bc:92:5b:5e:80:74:99:62:20:39:d1:5a:
                    eb:99:f5:e2:4f:1a:df:bc:d5:55:09:10:93:53:89:
                    fc:14:ff:4d:ce:6b:95:f3:b6:b0:d2:07:88:0d:dd:
                    d1:5c:db:b4:77:61:bb:15:dc:15:13:8f:7d:b2:78:
                    ec:69:e4:76:13:92:11:1d:b0:27:04:e5:ff:45:04:
                    39:1e:bd:58:5d:d8:31:5e:5f:95:3c:1b:6e:f6:c2:
                    cf:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C6:5B:52:6F:E2:0E:CB:25:46:66:2B:AD:72:03:BD:BC:48:1B:7A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/t8ZbUm_iDsslRmYrrXIDvbxIG3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.203.0/24
                IPv6:
                  2a0e:97c0:aa0::/44
                  2a0f:e404:105::/48

    Signature Algorithm: sha256WithRSAEncryption
         cc:32:2b:75:7a:17:09:53:96:ba:dc:e4:03:03:fa:fb:11:13:
         bb:01:12:c7:40:94:d3:b5:f9:b0:6f:0d:f5:bc:78:04:b8:27:
         28:3c:8e:24:82:1f:dc:08:e9:c3:11:b6:1d:1c:ad:93:a7:0c:
         27:73:78:1e:f7:95:c9:1d:8c:1a:03:c9:91:4b:36:21:dd:4f:
         33:43:15:9c:9a:33:b8:b9:dc:79:c9:6a:1b:6a:33:cb:ad:4d:
         bf:40:1e:1b:a2:ed:31:06:c4:90:04:35:ce:c7:62:bf:0b:8e:
         df:3a:54:7b:35:0c:95:85:e6:f7:b5:f0:3b:7b:9f:6f:80:dd:
         47:ee:c2:d2:67:66:19:5a:2d:af:62:ca:fa:c1:e2:2c:9f:e3:
         76:50:b0:47:20:4e:89:37:9a:5b:d6:3a:64:35:5e:03:83:e7:
         83:18:23:30:b2:f7:69:d4:db:10:29:04:a4:73:1b:b8:f9:23:
         b4:bb:a9:3e:64:d6:3b:90:48:82:45:91:bb:45:fb:70:20:ca:
         73:6d:a4:c8:28:5e:6c:02:b3:ba:48:e2:8c:d5:3b:08:df:33:
         e5:34:43:fb:43:e8:da:53:05:80:45:98:ff:6e:aa:53:f0:47:
         12:26:7b:44:e6:fe:98:ed:33:9b:8a:eb:53:03:1f:a0:f9:0c:
         03:89:63:bb
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQlIe51Qj/OX18Hms7GzB3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2M2NWI1MjZmZTIwZWNiMjU0NjY2MmJhZDcyMDNiZGJjNDgxYjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgM0QZF8JIsNZWEjZ0Qlihmls8Go
AJC1+AAaNrSiG/CPlAouoF/MASRYd8tU4Q5/Jr592ggczIzpU0h7X1C00rWnUTWh
9+M+SbrnkDqY5dIcSx40hOPH0HOtvNFuaJ3VDf2gQ7aX5tsTcTHbPjWEVxv//ALi
d+q+/H/CkVq8a7i9tguXdBaZ5T2cqbTWsX/nRRTR3UJZe3oozLT2zGEnoXEaDzUr
z/i8kltegHSZYiA50VrrmfXiTxrfvNVVCRCTU4n8FP9NzmuV87aw0geIDd3RXNu0
d2G7FdwVE499snjsaeR2E5IRHbAnBOX/RQQ5Hr1YXdgxXl+VPBtu9sLPhQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLfGW1Jv4g7LJUZmK61yA728SBt6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdDhaYlVtX2lEc3NsUm1ZcnJYSUR2YnhJRzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAVcrLMBgE
AgACMBIDBwQqDpfACqADBwAqD+QEAQUwDQYJKoZIhvcNAQELBQADggEBAMwyK3V6
FwlTlrrc5AMD+vsRE7sBEsdAlNO1+bBvDfW8eAS4Jyg8jiSCH9wI6cMRth0crZOn
DCdzeB73lckdjBoDyZFLNiHdTzNDFZyaM7i53HnJahtqM8utTb9AHhui7TEGxJAE
Nc7HYr8Ljt86VHs1DJWF5ve18Dt7n2+A3UfuwtJnZhlaLa9iyvrB4iyf43ZQsEcg
Tok3mlvWOmQ1XgOD54MYIzCy92nU2xApBKRzG7j5I7S7qT5k1juQSIJFkbtF+3Ag
ynNtpMgoXmwCs7pI4ozVOwjfM+U0Q/tD6NpTBYBFmP9uqlPwRxIme0Tm/pjtM5uK
61MDH6D5DAOJY7s=
-----END CERTIFICATE-----
Generated at Fri Apr 25 18:59:52 2025 by rpki-client