Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nlrssf/w86h1mlWrPm8XmXGPACEELIWXdU.roa
File:                     w86h1mlWrPm8XmXGPACEELIWXdU.roa (raw, json)
Hash identifier:          rZ0S75zoyuwhev09qNhGzVlA1Cg5Hm5z356p3RGU9Vo=
Subject key identifier:   C3:CE:A1:D6:69:56:AC:F9:BC:5E:65:C6:3C:00:84:10:B2:16:5D:D5
Certificate issuer:       /CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
Certificate serial:       0CAB
Authority key identifier: 71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/w86h1mlWrPm8XmXGPACEELIWXdU.roa
Signing time:             Mon 03 Feb 2025 07:55:03 +0000
ROA not before:           Mon 03 Feb 2025 07:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15562
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3243 (0xcab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
        Validity
            Not Before: Feb  3 07:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=C3CEA1D66956ACF9BC5E65C63C008410B2165DD5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:61:82:2c:5d:00:63:37:28:db:5d:ca:8c:1a:
                    84:84:af:1e:3c:ee:a1:20:22:da:16:99:92:0d:27:
                    18:9b:0e:d5:bf:f2:fc:b9:c6:c9:58:91:8f:c1:4c:
                    01:d1:93:04:a2:2d:24:1d:53:b6:bd:70:00:31:54:
                    2e:be:d1:dd:7a:58:62:46:51:e9:93:25:bc:c1:9d:
                    d4:59:26:fb:b9:3a:74:e2:17:8e:f4:9b:53:c5:c3:
                    95:86:72:f7:b7:e5:9a:e0:9f:b4:df:c4:d8:6b:8c:
                    27:f5:96:83:e0:15:70:d2:3c:b1:3a:af:e1:63:46:
                    97:64:0c:b5:47:fc:e1:50:a3:16:21:dc:e9:38:af:
                    b2:fe:28:cf:95:e5:f5:d2:a2:09:6e:30:73:4e:02:
                    67:6c:eb:bf:69:3a:80:63:85:d4:0c:e5:70:17:d1:
                    65:ef:50:2e:37:7a:11:88:81:e2:3f:6f:7b:c1:ff:
                    2c:c3:4e:b9:77:39:89:6e:2d:ae:a8:24:96:38:ba:
                    76:8a:00:6b:d2:b0:96:fd:0e:6a:3e:73:9b:dc:b4:
                    b7:d9:ad:6b:5b:ad:25:05:93:83:3b:b0:c2:89:01:
                    cd:8b:dc:38:3f:8e:22:8e:f9:b5:c8:ac:ed:7e:9d:
                    b1:e1:0d:e5:42:90:a3:9a:3e:0e:07:d9:fb:04:f7:
                    41:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:CE:A1:D6:69:56:AC:F9:BC:5E:65:C6:3C:00:84:10:B2:16:5D:D5
            X509v3 Authority Key Identifier:
                keyid:71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/w86h1mlWrPm8XmXGPACEELIWXdU.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:fa:df:58:d5:62:31:3b:92:b3:e4:da:9d:f8:f7:13:49:b3:
         04:2a:89:21:78:a5:e6:87:eb:ee:a1:64:65:2f:57:37:90:7c:
         b9:2e:a8:f8:94:04:9f:bb:fc:8c:89:49:90:c2:61:d4:1b:55:
         5f:c4:60:8e:a8:b6:ed:48:6a:f9:78:61:48:e6:5c:7f:c7:93:
         35:55:29:da:ad:01:8f:c7:94:4e:9c:7d:d5:8e:5f:9a:a7:4a:
         cb:a5:33:14:4f:48:b8:74:7b:34:89:d8:88:77:e7:13:12:6b:
         f3:a6:c6:d4:ce:da:81:56:56:14:4e:ef:2d:7d:85:33:ff:1c:
         37:68:54:61:5c:a1:4e:76:c4:f9:fc:8c:50:57:2b:83:a5:c4:
         ae:2b:51:57:07:2d:f3:39:72:07:be:e1:4f:dc:23:08:94:ce:
         7a:71:19:c8:22:57:db:0f:66:dd:e9:f2:b2:87:6a:03:d4:f1:
         7b:b4:b2:42:56:de:f9:49:08:af:5a:58:59:72:0f:85:c8:19:
         aa:8c:89:c9:6b:a8:09:7d:49:5a:c0:96:64:a6:19:0b:f1:bf:
         6c:07:0b:8a:1c:9f:43:df:f4:e7:9c:c6:c5:27:84:43:e3:49:
         f0:97:58:7f:fc:0a:49:5a:36:cd:c4:96:0a:65:b1:e9:31:b6:
         2e:2a:28:ad
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgICDKswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzFk
MTRlYmIyNTVkYzA1OGQ0YmZhNWE1MWM5M2Y3M2Y4MzBhYjg4ZjAeFw0yNTAyMDMw
NzU1MDNaFw0yNjA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKEMzQ0VBMUQ2Njk1NkFD
RjlCQzVFNjVDNjNDMDA4NDEwQjIxNjVERDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjYYIsXQBjNyjbXcqMGoSErx487qEgItoWmZINJxibDtW/8vy5
xslYkY/BTAHRkwSiLSQdU7a9cAAxVC6+0d16WGJGUemTJbzBndRZJvu5OnTiF470
m1PFw5WGcve35Zrgn7TfxNhrjCf1loPgFXDSPLE6r+FjRpdkDLVH/OFQoxYh3Ok4
r7L+KM+V5fXSogluMHNOAmds679pOoBjhdQM5XAX0WXvUC43ehGIgeI/b3vB/yzD
Trl3OYluLa6oJJY4unaKAGvSsJb9Dmo+c5vctLfZrWtbrSUFk4M7sMKJAc2L3Dg/
jiKO+bXIrO1+nbHhDeVCkKOaPg4H2fsE90H7AgMBAAGjggG+MIIBujAdBgNVHQ4E
FgQUw86h1mlWrPm8XmXGPACEELIWXdUwHwYDVR0jBBgwFoAUcdFOuyVdwFjUv6Wl
HJP3P4MKuI8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL2NobG9lLnNvYm9ybm9zdC5uZXQvcnBraS9SSVBFLW5scnNz
Zi9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY2VyMA4GA1UdDwEB
/wQEAwIHgDBoBggrBgEFBQcBCwRcMFowWAYIKwYBBQUHMAuGTHJzeW5jOi8vY2hs
b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxyc3NmL3c4NmgxbWxXclBtOFht
WEdQQUNFRUxJV1hkVS5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADC
aIEwDQYJKoZIhvcNAQELBQADggEBAJj631jVYjE7krPk2p349xNJswQqiSF4peaH
6+6hZGUvVzeQfLkuqPiUBJ+7/IyJSZDCYdQbVV/EYI6otu1Iavl4YUjmXH/HkzVV
KdqtAY/HlE6cfdWOX5qnSsulMxRPSLh0ezSJ2Ih35xMSa/OmxtTO2oFWVhRO7y19
hTP/HDdoVGFcoU52xPn8jFBXK4OlxK4rUVcHLfM5cge+4U/cIwiUznpxGcgiV9sP
Zt3p8rKHagPU8Xu0skJW3vlJCK9aWFlyD4XIGaqMiclrqAl9SVrAlmSmGQvxv2wH
C4ocn0Pf9OecxsUnhEPjSfCXWH/8CklaNs3Elgplsekxti4qKK0=
-----END CERTIFICATE-----
Generated at Mon Jun 9 21:15:28 2025 by rpki-client