Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/pQFGC5CY6Q3iX2x51hzr-w2jML0.roa
File:                     pQFGC5CY6Q3iX2x51hzr-w2jML0.roa (raw, json)
Hash identifier:          tv5HNfmAd+Uzn3EcPHjOZnqepn05T+wi7IbllUopDWg=
Subject key identifier:   A5:01:46:0B:90:98:E9:0D:E2:5F:6C:79:D6:1C:EB:FB:0D:A3:30:BD
Certificate issuer:       /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial:       018BB98DC4288FE13293E4861E3F39CFCA1B
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/pQFGC5CY6Q3iX2x51hzr-w2jML0.roa
Signing time:             Fri 10 Nov 2023 14:05:57 +0000
ROA not before:           Fri 10 Nov 2023 14:05:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/96 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18b:b98d:804/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b9:8d:c4:28:8f:e1:32:93:e4:86:1e:3f:39:cf:ca:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
        Validity
            Not Before: Nov 10 14:05:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a501460b9098e90de25f6c79d61cebfb0da330bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ae:2a:02:bd:89:a2:07:a8:11:80:f5:b6:7a:
                    d9:66:51:f5:f0:8e:05:e2:20:37:6a:99:7f:cd:3a:
                    47:04:67:ff:c8:62:bd:19:fc:90:a0:a0:65:08:b9:
                    52:66:2f:93:b7:26:f6:b4:3c:72:fb:15:cc:68:29:
                    ff:aa:7a:f3:d7:c3:8b:43:4c:57:ff:ac:1c:9c:66:
                    63:ec:51:bc:e1:2c:a3:17:13:ad:72:ed:cf:6e:ff:
                    a0:b8:01:14:69:5a:0a:45:52:da:1d:e5:06:58:ca:
                    b6:94:f4:99:13:28:0e:ae:81:bb:4a:39:ec:ef:b2:
                    2c:5e:d4:d8:3a:fa:2a:e7:21:fc:ff:80:c2:4b:10:
                    15:c1:56:06:f0:b7:e7:91:f8:a0:e1:80:a0:4f:e0:
                    61:6c:13:8e:f3:bc:af:42:16:0c:f5:46:7c:33:a9:
                    10:0f:85:ea:fe:9c:df:f3:63:93:6f:7c:2e:88:f1:
                    39:8a:c6:75:68:0c:cb:3e:81:0a:31:c5:e2:5c:27:
                    86:5f:87:18:75:59:c1:3f:e3:2e:93:5c:07:bb:06:
                    2b:ce:9a:f2:e4:cd:74:cf:fc:8b:9a:4e:e1:41:4b:
                    11:c7:63:3e:58:97:da:52:64:65:14:e7:d7:10:66:
                    65:c0:29:e1:cd:8c:04:37:67:33:92:6c:a0:76:ac:
                    3d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:01:46:0B:90:98:E9:0D:E2:5F:6C:79:D6:1C:EB:FB:0D:A3:30:BD
            X509v3 Authority Key Identifier:
                keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/pQFGC5CY6Q3iX2x51hzr-w2jML0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:bf:2f:34:4f:34:99:4a:4a:bc:dd:85:db:ed:22:57:16:f1:
         d0:29:66:5d:c9:22:ce:84:67:92:7c:14:17:0b:55:c3:c3:4c:
         a9:0a:92:e2:04:d6:3c:e0:27:e0:39:c1:f1:4e:11:34:2b:c9:
         c9:c0:ff:94:62:e0:dc:04:a5:c0:0b:23:bb:04:01:88:a4:35:
         bb:52:19:cb:dd:32:3f:4c:3c:65:89:ec:24:bb:fe:93:38:03:
         70:c7:3f:92:72:83:08:98:f5:44:1c:46:9a:80:b3:0c:9b:39:
         e3:a2:e6:a4:c2:00:3e:e5:d7:4d:a5:4c:e8:8b:be:4f:ec:4d:
         10:87:3d:73:e1:c9:3f:70:26:38:a8:0e:ec:ff:d2:eb:64:0b:
         5d:bf:c9:b3:7c:37:37:65:c9:f5:4f:6e:66:0c:d6:3d:f0:93:
         60:63:2c:68:43:8f:c1:63:64:9c:a9:ef:05:18:1d:5b:8c:2e:
         f0:0f:23:5b:ac:2b:35:bb:99:bc:6a:52:66:0c:57:1c:25:a2:
         1c:8b:08:af:25:1f:fd:ab:ec:f3:42:60:ef:93:98:ea:2b:15:
         76:24:90:e7:7b:dc:79:54:e7:6b:a5:ce:c6:20:3c:09:ed:d7:
         2e:95:8f:3d:21:2f:9c:12:28:47:ac:67:82:c2:9c:15:89:a1:
         e5:7d:61:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYu5jcQoj+Eyk+SGHj85z8obMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTEwMTQwNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAxNDYwYjkwOThlOTBkZTI1ZjZjNzlkNjFjZWJmYjBkYTMzMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkq4qAr2JogeoEYD1tnrZZlH18I4F
4iA3apl/zTpHBGf/yGK9GfyQoKBlCLlSZi+Ttyb2tDxy+xXMaCn/qnrz18OLQ0xX
/6wcnGZj7FG84SyjFxOtcu3Pbv+guAEUaVoKRVLaHeUGWMq2lPSZEygOroG7Sjns
77IsXtTYOvoq5yH8/4DCSxAVwVYG8Lfnkfig4YCgT+BhbBOO87yvQhYM9UZ8M6kQ
D4Xq/pzf82OTb3wuiPE5isZ1aAzLPoEKMcXiXCeGX4cYdVnBP+Muk1wHuwYrzpry
5M10z/yLmk7hQUsRx2M+WJfaUmRlFOfXEGZlwCnhzYwEN2czkmygdqw9gwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKUBRguQmOkN4l9sedYc6/sNozC9MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvcFFGR0M1Q1k2UTNpWDJ4NTFoenItdzJqTUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAC/LzRPNJlKSrzdhdvt
IlcW8dApZl3JIs6EZ5J8FBcLVcPDTKkKkuIE1jzgJ+A5wfFOETQrycnA/5Ri4NwE
pcALI7sEAYikNbtSGcvdMj9MPGWJ7CS7/pM4A3DHP5JygwiY9UQcRpqAswybOeOi
5qTCAD7l102lTOiLvk/sTRCHPXPhyT9wJjioDuz/0utkC12/ybN8NzdlyfVPbmYM
1j3wk2BjLGhDj8FjZJyp7wUYHVuMLvAPI1usKzW7mbxqUmYMVxwlohyLCK8lH/2r
7PNCYO+TmOorFXYkkOd73HlU52ulzsYgPAnt1y6Vjz0hL5wSKEesZ4LCnBWJoeV9
YUU=
-----END CERTIFICATE-----
Generated at Mon Jul 28 21:48:58 2025 by rpki-client