Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3cb89db2-798b-44f0-9c56-1067803111c0/0/38372e3234382e3133362e302f32342d3234203d3e20343030303339.roa
File:                     38372e3234382e3133362e302f32342d3234203d3e20343030303339.roa (raw, json)
Hash identifier:          MUQL8Tjz/+mLDdRHOFOmC3ASCF35wkq8THYns8qrQfM=
Subject key identifier:   7E:2B:B9:14:EA:F1:C0:32:3F:50:96:44:B3:8D:EB:31:EA:1E:CD:E8
Certificate issuer:       /CN=0b832d69bec9266b0e83cc7182595cbe2671c483
Certificate serial:       53CEB16EF2D6C394CCBDA824F4444E5184B7390D
Authority key identifier: 0B:83:2D:69:BE:C9:26:6B:0E:83:CC:71:82:59:5C:BE:26:71:C4:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C4Mtab7JJmsOg8xxgllcviZxxIM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3cb89db2-798b-44f0-9c56-1067803111c0/0/38372e3234382e3133362e302f32342d3234203d3e20343030303339.roa
Signing time:             Mon 07 Jul 2025 14:13:00 +0000
ROA not before:           Mon 07 Jul 2025 14:08:00 +0000
ROA not after:            Mon 06 Jul 2026 14:13:00 +0000
asID:                     400039
IP address blocks:        87.248.136.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ce:b1:6e:f2:d6:c3:94:cc:bd:a8:24:f4:44:4e:51:84:b7:39:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b832d69bec9266b0e83cc7182595cbe2671c483
        Validity
            Not Before: Jul  7 14:08:00 2025 GMT
            Not After : Jul  6 14:13:00 2026 GMT
        Subject: CN=7E2BB914EAF1C0323F509644B38DEB31EA1ECDE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8a:48:70:64:74:4b:14:49:df:e7:37:15:80:
                    b6:ac:da:b6:a2:8c:35:5c:83:0c:f3:55:27:79:58:
                    f3:8d:88:18:2d:6a:17:2d:20:11:27:43:3c:0b:64:
                    02:be:d8:ae:de:26:17:85:2c:fc:ff:0e:6b:60:59:
                    1f:82:90:81:9b:57:c7:2c:a5:f0:a1:6e:3b:17:86:
                    99:f8:88:6c:dd:f6:3e:7d:a8:da:a1:89:f6:92:04:
                    3a:3f:3f:6d:44:cb:98:94:90:8b:e5:a2:5c:cf:63:
                    f6:cf:aa:c5:02:ee:f3:38:57:3d:6f:8c:e3:8f:4e:
                    95:27:5e:9e:de:24:bd:f3:d5:4c:05:e4:29:4b:ef:
                    35:3e:75:80:9b:2b:ec:de:c9:d0:0c:91:57:5b:e1:
                    70:cc:67:06:d9:ce:ea:3a:bf:04:91:09:6d:c5:69:
                    c5:ff:87:b5:4d:70:7b:06:c8:93:00:f8:9d:87:29:
                    37:68:41:34:0f:03:71:e2:17:aa:05:25:69:c2:26:
                    03:31:fc:68:15:96:fc:72:d4:df:14:09:93:09:65:
                    7f:15:76:3b:0d:1a:54:f9:36:99:74:16:15:ea:a4:
                    a9:3d:61:86:80:b3:59:2d:ba:78:c6:0a:34:73:f6:
                    ad:dd:84:88:b5:67:9d:a4:bc:e5:d3:7c:1e:41:cf:
                    fb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:2B:B9:14:EA:F1:C0:32:3F:50:96:44:B3:8D:EB:31:EA:1E:CD:E8
            X509v3 Authority Key Identifier:
                keyid:0B:83:2D:69:BE:C9:26:6B:0E:83:CC:71:82:59:5C:BE:26:71:C4:83

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3cb89db2-798b-44f0-9c56-1067803111c0/0/0B832D69BEC9266B0E83CC7182595CBE2671C483.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C4Mtab7JJmsOg8xxgllcviZxxIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3cb89db2-798b-44f0-9c56-1067803111c0/0/38372e3234382e3133362e302f32342d3234203d3e20343030303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:8d:43:cd:51:e4:bb:a1:6d:0f:c7:6c:dc:bc:50:c3:83:fe:
         b2:51:e0:53:12:8b:3c:b5:b9:50:b8:26:76:20:15:08:0a:4f:
         06:b1:ca:b2:be:92:25:f3:89:80:fb:58:dc:80:ce:57:54:c5:
         76:32:3a:fe:d4:46:80:93:31:05:53:05:95:1b:b9:cd:ff:e6:
         37:be:be:f1:26:bc:15:9c:6d:f5:38:3d:c8:68:ed:e7:22:b4:
         dd:1b:14:97:ab:dd:f2:16:67:c3:2f:33:1b:81:65:50:c0:6a:
         b1:82:c7:f8:a8:af:5d:b8:45:ea:6a:b2:44:05:30:18:59:55:
         8f:18:a7:24:47:3e:32:77:27:36:16:e5:3e:b0:6d:0b:8c:16:
         86:e7:8b:7e:ed:f7:3b:c1:a2:81:e7:a3:06:75:3b:4d:db:2d:
         65:1d:9b:41:6b:58:4c:67:b9:84:2c:fe:fc:36:86:c6:7f:70:
         ae:ca:c1:e2:32:33:7b:b3:c5:8c:4e:f5:f5:b5:87:c5:81:e0:
         37:b9:6f:f7:3e:9e:f9:f4:3c:0f:76:1e:89:f8:05:01:72:ae:
         02:d4:c2:a6:23:ab:a7:0e:30:46:6a:62:15:37:90:24:df:41:
         b4:1e:68:87:5b:00:53:2b:ed:28:74:c2:27:4f:06:9d:48:ca:
         e6:0f:c4:1d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUU86xbvLWw5TMvagk9EROUYS3OQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGI4MzJkNjliZWM5MjY2YjBlODNjYzcxODI1OTVjYmUy
NjcxYzQ4MzAeFw0yNTA3MDcxNDA4MDBaFw0yNjA3MDYxNDEzMDBaMDMxMTAvBgNV
BAMTKDdFMkJCOTE0RUFGMUMwMzIzRjUwOTY0NEIzOERFQjMxRUExRUNERTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHikhwZHRLFEnf5zcVgLas2rai
jDVcgwzzVSd5WPONiBgtahctIBEnQzwLZAK+2K7eJheFLPz/DmtgWR+CkIGbV8cs
pfChbjsXhpn4iGzd9j59qNqhifaSBDo/P21Ey5iUkIvlolzPY/bPqsUC7vM4Vz1v
jOOPTpUnXp7eJL3z1UwF5ClL7zU+dYCbK+zeydAMkVdb4XDMZwbZzuo6vwSRCW3F
acX/h7VNcHsGyJMA+J2HKTdoQTQPA3HiF6oFJWnCJgMx/GgVlvxy1N8UCZMJZX8V
djsNGlT5Npl0FhXqpKk9YYaAs1ktunjGCjRz9q3dhIi1Z52kvOXTfB5Bz/sdAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUfiu5FOrxwDI/UJZEs43rMeoezegwHwYDVR0j
BBgwFoAUC4Mtab7JJmsOg8xxgllcviZxxIMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvM2NiODlkYjItNzk4Yi00NGYwLTljNTYtMTA2NzgwMzEx
MWMwLzAvMEI4MzJENjlCRUM5MjY2QjBFODNDQzcxODI1OTVDQkUyNjcxQzQ4My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0M0TXRhYjdKSm1zT2c4eHhnbGxjdmla
eHhJTS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvM2NiODlkYjIt
Nzk4Yi00NGYwLTljNTYtMTA2NzgwMzExMWMwLzAvMzgzNzJlMzIzNDM4MmUzMTMz
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzAzMDMzMzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABX+IgwDQYJKoZIhvcNAQELBQADggEBAFONQ81R5LuhbQ/HbNy8UMOD/rJR4FMS
izy1uVC4JnYgFQgKTwaxyrK+kiXziYD7WNyAzldUxXYyOv7URoCTMQVTBZUbuc3/
5je+vvEmvBWcbfU4Pcho7ecitN0bFJer3fIWZ8MvMxuBZVDAarGCx/ior124Repq
skQFMBhZVY8YpyRHPjJ3JzYW5T6wbQuMFobni37t9zvBooHnowZ1O03bLWUdm0Fr
WExnuYQs/vw2hsZ/cK7KweIyM3uzxYxO9fW1h8WB4De5b/c+nvn0PA92Hon4BQFy
rgLUwqYjq6cOMEZqYhU3kCTfQbQeaIdbAFMr7Sh0widPBp1IyuYPxB0=
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:54:14 2025 by rpki-client