Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nlrssf/phbLa0z13RWFNJg_xUBClJ8tdAM.roa
File:                     phbLa0z13RWFNJg_xUBClJ8tdAM.roa (raw, json)
Hash identifier:          V8Cy/eT9zOtTOTXeVxV0Nh+mW8hSyB0DBwjtx2mUcYE=
Subject key identifier:   A6:16:CB:6B:4C:F5:DD:15:85:34:98:3F:C5:40:42:94:9F:2D:74:03
Certificate issuer:       /CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
Certificate serial:       0B88
Authority key identifier: 71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/phbLa0z13RWFNJg_xUBClJ8tdAM.roa
Signing time:             Wed 01 Jan 2025 23:55:03 +0000
ROA not before:           Wed 01 Jan 2025 23:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15562
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2952 (0xb88)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
        Validity
            Not Before: Jan  1 23:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=A616CB6B4CF5DD158534983FC54042949F2D7403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d5:a7:23:9a:d6:38:e6:e7:0a:d1:0b:47:77:
                    69:ad:81:ed:7f:92:0d:4f:b1:4c:79:28:13:19:c8:
                    ca:ec:fe:7c:3c:14:26:a8:db:35:eb:52:05:66:83:
                    e2:d4:8d:93:ce:a9:a6:0c:62:4e:3c:59:80:44:a8:
                    22:9a:27:9b:7c:96:35:38:ad:07:b0:e3:85:39:9b:
                    33:8d:4f:65:2f:a5:a6:93:0a:f9:89:75:d2:04:5d:
                    3b:be:41:9b:d9:16:d9:19:cb:c6:3f:d8:20:95:dd:
                    a8:2e:6b:13:62:c1:06:a3:88:f5:22:1f:0c:9f:aa:
                    70:c0:90:d3:6c:e9:e4:13:a6:3b:bf:7e:7f:62:ac:
                    79:73:2f:4b:e3:3b:ab:59:15:79:a6:00:6f:47:97:
                    23:bd:f2:eb:68:34:15:83:81:9c:42:7c:96:1e:59:
                    f1:f1:a5:ae:8c:b5:6c:3e:52:65:d0:a4:92:3e:28:
                    d7:2c:ae:33:92:91:39:ca:c4:f0:2b:44:02:fb:1f:
                    d8:f3:9e:27:0d:90:4f:99:e2:2f:f2:c4:46:08:13:
                    14:f9:d0:01:74:66:21:f0:a0:1f:35:38:7e:60:9d:
                    01:6e:f4:2b:5f:8b:ee:b6:4e:e8:a1:31:72:f8:1f:
                    71:5b:79:ac:09:f4:97:0b:6e:67:75:68:60:af:8f:
                    1b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:16:CB:6B:4C:F5:DD:15:85:34:98:3F:C5:40:42:94:9F:2D:74:03
            X509v3 Authority Key Identifier:
                keyid:71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/phbLa0z13RWFNJg_xUBClJ8tdAM.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:08:e3:22:ff:92:6a:f4:59:d5:ee:c2:16:cb:5c:27:cb:46:
         bf:3c:e1:7a:f2:c9:19:8a:2a:94:ef:f9:cc:7c:2e:b0:07:a7:
         1b:b5:e0:b3:33:02:77:0c:94:87:6c:25:0a:50:19:16:9b:33:
         d1:aa:27:fd:49:15:bf:19:4f:e0:ae:47:7c:0d:09:c1:f2:f1:
         14:d3:bc:8a:60:73:fd:f0:5c:9b:1f:18:ac:83:73:67:32:8c:
         1a:5d:74:46:e9:99:9c:3b:99:b2:2a:fa:a2:ae:80:42:15:21:
         a7:85:9d:03:3e:34:61:6a:d2:e8:ab:62:af:78:40:97:d4:47:
         b4:9b:c1:67:54:dc:fd:ba:48:ec:25:90:b6:63:78:b0:85:f9:
         7e:ad:28:f9:41:78:76:ed:99:ed:af:11:90:e7:ac:4b:84:16:
         a3:8b:70:9c:3e:6e:71:7d:aa:5a:b4:51:f0:e4:9f:96:5d:f6:
         72:a9:6d:73:bf:28:51:9c:92:47:bc:02:fc:a4:42:01:e0:60:
         44:13:06:e0:09:ef:d8:76:e8:3e:f7:07:3d:c8:40:90:c8:8d:
         6a:be:d7:df:c0:88:55:8a:dd:64:28:be:87:be:7b:3e:66:88:
         43:90:56:c1:91:d7:9c:57:3f:f6:a2:a3:be:a3:d4:ff:30:91:
         2c:81:2c:c2
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgICC4gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzFk
MTRlYmIyNTVkYzA1OGQ0YmZhNWE1MWM5M2Y3M2Y4MzBhYjg4ZjAeFw0yNTAxMDEy
MzU1MDNaFw0yNjA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKEE2MTZDQjZCNENGNURE
MTU4NTM0OTgzRkM1NDA0Mjk0OUYyRDc0MDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCp1acjmtY45ucK0QtHd2mtge1/kg1PsUx5KBMZyMrs/nw8FCao
2zXrUgVmg+LUjZPOqaYMYk48WYBEqCKaJ5t8ljU4rQew44U5mzONT2UvpaaTCvmJ
ddIEXTu+QZvZFtkZy8Y/2CCV3aguaxNiwQajiPUiHwyfqnDAkNNs6eQTpju/fn9i
rHlzL0vjO6tZFXmmAG9HlyO98utoNBWDgZxCfJYeWfHxpa6MtWw+UmXQpJI+KNcs
rjOSkTnKxPArRAL7H9jznicNkE+Z4i/yxEYIExT50AF0ZiHwoB81OH5gnQFu9Ctf
i+62TuihMXL4H3FbeawJ9JcLbmd1aGCvjxsRAgMBAAGjggG+MIIBujAdBgNVHQ4E
FgQUphbLa0z13RWFNJg/xUBClJ8tdAMwHwYDVR0jBBgwFoAUcdFOuyVdwFjUv6Wl
HJP3P4MKuI8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL2NobG9lLnNvYm9ybm9zdC5uZXQvcnBraS9SSVBFLW5scnNz
Zi9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY2VyMA4GA1UdDwEB
/wQEAwIHgDBoBggrBgEFBQcBCwRcMFowWAYIKwYBBQUHMAuGTHJzeW5jOi8vY2hs
b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxyc3NmL3BoYkxhMHoxM1JXRk5K
Z194VUJDbEo4dGRBTS5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADC
aIEwDQYJKoZIhvcNAQELBQADggEBAI8I4yL/kmr0WdXuwhbLXCfLRr884XryyRmK
KpTv+cx8LrAHpxu14LMzAncMlIdsJQpQGRabM9GqJ/1JFb8ZT+CuR3wNCcHy8RTT
vIpgc/3wXJsfGKyDc2cyjBpddEbpmZw7mbIq+qKugEIVIaeFnQM+NGFq0uirYq94
QJfUR7SbwWdU3P26SOwlkLZjeLCF+X6tKPlBeHbtme2vEZDnrEuEFqOLcJw+bnF9
qlq0UfDkn5Zd9nKpbXO/KFGckke8AvykQgHgYEQTBuAJ79h26D73Bz3IQJDIjWq+
19/AiFWK3WQovoe+ez5miEOQVsGR15xXP/aio76j1P8wkSyBLMI=
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:40:05 2025 by rpki-client