Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/zk_EJfgXLWpaC18an5MuvwV8OKs.roa
File:                     zk_EJfgXLWpaC18an5MuvwV8OKs.roa (raw, json)
Hash identifier:          wzovCTkGHILtaaQx2CMxLRmIpGMJ+5P2KmVoWuwJuRI=
Subject key identifier:   CE:4F:C4:25:F8:17:2D:6A:5A:0B:5F:1A:9F:93:2E:BF:05:7C:38:AB
Certificate issuer:       /CN=7dd1b5b42dc3d846c2ad2549664e34f72d1cb4a6
Certificate serial:       024A201E
Authority key identifier: 7D:D1:B5:B4:2D:C3:D8:46:C2:AD:25:49:66:4E:34:F7:2D:1C:B4:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fdG1tC3D2EbCrSVJZk409y0ctKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/zk_EJfgXLWpaC18an5MuvwV8OKs.roa
Signing time:             Sat 01 Jan 2022 13:05:02 +0000
ROA not before:           Sat 01 Jan 2022 13:05:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210602
IP address blocks:        185.203.40.0/22 maxlen: 22
                          195.128.164.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 38412318 (0x24a201e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dd1b5b42dc3d846c2ad2549664e34f72d1cb4a6
        Validity
            Not Before: Jan  1 13:05:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ce4fc425f8172d6a5a0b5f1a9f932ebf057c38ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1a:14:a1:b9:3a:35:25:e8:48:ba:73:ee:91:
                    66:2e:9a:13:b6:bc:b9:46:86:52:29:bd:b5:14:7b:
                    d1:96:d2:9c:c7:6b:37:f9:5e:c4:d6:84:81:2d:8d:
                    cf:e5:de:35:6e:40:e0:cf:ad:79:a5:be:65:9c:e6:
                    17:7d:c0:48:2f:19:fa:ca:4d:91:90:22:10:fd:ab:
                    d7:b0:1f:39:2a:43:f0:34:de:80:bd:85:f9:ba:a8:
                    ff:a7:33:d7:a2:97:2c:7b:54:ee:37:1b:b4:e6:4d:
                    04:cf:84:17:80:2d:03:80:08:ec:76:34:4b:b5:b4:
                    64:3e:a3:e7:c3:68:a1:62:2d:05:25:91:5f:10:bb:
                    76:8c:fc:08:5c:80:f1:19:c2:de:7a:b2:bf:ba:7a:
                    14:42:aa:f8:ef:f5:2f:9a:4c:2e:c0:70:1b:b6:fb:
                    28:9b:d6:18:24:95:d7:8a:cb:d7:0e:c0:ee:6d:0e:
                    23:bc:6a:ed:c7:4a:0b:ee:56:34:cb:8d:f9:02:4e:
                    3c:f5:d5:23:34:0b:b2:0c:24:83:5c:11:c1:85:69:
                    20:4c:e9:f8:2e:94:9d:c2:56:c1:4d:25:5f:3b:0b:
                    f8:46:5b:4b:bb:7c:c5:e9:33:14:66:93:b3:26:10:
                    88:c5:f3:10:35:13:4b:14:6c:9e:af:5a:72:39:b3:
                    83:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4F:C4:25:F8:17:2D:6A:5A:0B:5F:1A:9F:93:2E:BF:05:7C:38:AB
            X509v3 Authority Key Identifier:
                keyid:7D:D1:B5:B4:2D:C3:D8:46:C2:AD:25:49:66:4E:34:F7:2D:1C:B4:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fdG1tC3D2EbCrSVJZk409y0ctKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/zk_EJfgXLWpaC18an5MuvwV8OKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/fdG1tC3D2EbCrSVJZk409y0ctKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.40.0/22
                  195.128.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:2f:f6:f8:e7:38:c3:3a:6b:1a:24:ac:f8:b2:35:36:e3:1c:
         fd:96:c9:98:01:d4:b1:e8:04:ca:ec:f8:8f:9e:89:07:3e:e6:
         3c:2d:48:ad:c4:58:cf:be:33:f4:da:0f:38:0f:d4:e7:d6:59:
         ef:03:12:55:91:8e:13:e8:bb:5b:8c:e3:e7:22:6a:e7:9a:de:
         30:c5:e1:b7:99:8e:41:91:d9:52:08:76:22:b9:6a:5a:b1:2d:
         e5:a9:9e:5e:26:13:e5:8d:39:a3:e9:7d:9b:ea:35:9c:54:6d:
         e1:71:de:ea:ea:e1:1f:51:11:76:71:f3:21:14:60:6c:21:67:
         ff:70:c8:fb:b9:ce:d5:16:77:96:7e:12:5d:d4:2a:4c:84:cd:
         4a:da:fc:f4:87:00:c7:ef:3a:1c:4c:61:36:06:66:51:72:55:
         85:83:5e:a7:1f:d3:1d:2d:4f:09:18:04:47:2b:28:1d:6a:fe:
         b5:a3:5a:f1:73:4a:23:f2:90:00:00:3d:27:85:3e:d4:70:92:
         bb:97:63:65:5f:14:e3:47:ee:42:cd:f0:69:0e:6a:32:4c:bb:
         f4:d9:7e:64:4e:c6:ee:d6:84:ef:9e:cc:f4:8d:33:65:21:13:
         af:26:11:34:ea:e5:e3:ff:9a:7d:56:d7:ac:fc:67:63:ee:7d:
         d8:9b:83:cc
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAkogHjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZGQxYjViNDJkYzNkODQ2YzJhZDI1NDk2NjRlMzRmNzJkMWNiNGE2MB4XDTIyMDEw
MTEzMDUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2U0ZmM0MjVmODE3
MmQ2YTVhMGI1ZjFhOWY5MzJlYmYwNTdjMzhhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKsaFKG5OjUl6Ei6c+6RZi6aE7a8uUaGUim9tRR70ZbSnMdr
N/lexNaEgS2Nz+XeNW5A4M+teaW+ZZzmF33ASC8Z+spNkZAiEP2r17AfOSpD8DTe
gL2F+bqo/6cz16KXLHtU7jcbtOZNBM+EF4AtA4AI7HY0S7W0ZD6j58NooWItBSWR
XxC7doz8CFyA8RnC3nqyv7p6FEKq+O/1L5pMLsBwG7b7KJvWGCSV14rL1w7A7m0O
I7xq7cdKC+5WNMuN+QJOPPXVIzQLsgwkg1wRwYVpIEzp+C6UncJWwU0lXzsL+EZb
S7t8xekzFGaTsyYQiMXzEDUTSxRsnq9acjmzg0cCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTOT8Ql+BctaloLXxqfky6/BXw4qzAfBgNVHSMEGDAWgBR90bW0LcPYRsKt
JUlmTjT3LRy0pjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZkRzF0QzNEMkViQ3JTVkpaazQwOXkwY3RLWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWMvNWY1ZDhmLTMzMmItNDJkNi1hOWJiLTJmNDA1ZDdmMWQ4Zi8x
L3prX0VKZmdYTFdwYUMxOGFuNU11dndWOE9Lcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMv
NWY1ZDhmLTMzMmItNDJkNi1hOWJiLTJmNDA1ZDdmMWQ4Zi8xL2ZkRzF0QzNEMkVi
Q3JTVkpaazQwOXkwY3RLWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArnLKAMEAcOApDANBgkqhkiG9w0B
AQsFAAOCAQEAVy/2+Oc4wzprGiSs+LI1NuMc/ZbJmAHUsegEyuz4j56JBz7mPC1I
rcRYz74z9NoPOA/U59ZZ7wMSVZGOE+i7W4zj5yJq55reMMXht5mOQZHZUgh2Irlq
WrEt5ameXiYT5Y05o+l9m+o1nFRt4XHe6urhH1ERdnHzIRRgbCFn/3DI+7nO1RZ3
ln4SXdQqTITNStr89IcAx+86HExhNgZmUXJVhYNepx/THS1PCRgERysoHWr+taNa
8XNKI/KQAAA9J4U+1HCSu5djZV8U40fuQs3waQ5qMky79Nl+ZE7G7taE757M9I0z
ZSETryYRNOrl4/+afVbXrPxnY+592JuDzA==
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:41:23 2025 by rpki-client