Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/VyN653hL4rAY_e2hdksKGUqIxbM.roa
File:                     VyN653hL4rAY_e2hdksKGUqIxbM.roa (raw, json)
Hash identifier:          VrgaTpIZV9tWUm9PEYZT3bNMzddxfH9mCTF1o6wKY4w=
Subject key identifier:   57:23:7A:E7:78:4B:E2:B0:18:FD:ED:A1:76:4B:0A:19:4A:88:C5:B3
Certificate issuer:       /CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
Certificate serial:       019424B3BB14DA50337C799D2E2948298496
Authority key identifier: 38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/VyN653hL4rAY_e2hdksKGUqIxbM.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32519
IP address blocks:        2a07:aec0::/29 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bb:14:da:50:33:7c:79:9d:2e:29:48:29:84:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57237ae7784be2b018fdeda1764b0a194a88c5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:68:71:9a:72:6a:fa:51:2d:b3:26:fe:5e:d2:
                    f3:a7:0d:78:1c:60:4b:57:f2:6f:bc:7c:09:a3:4f:
                    d8:6d:3b:8d:cd:94:38:37:68:43:e6:d9:58:93:45:
                    9e:82:50:ee:c6:a7:83:05:7a:98:79:3e:2c:a1:b9:
                    5f:fa:2e:02:45:39:d3:72:da:d6:5d:00:d9:61:42:
                    2e:3e:68:b5:c4:63:5b:96:13:35:36:de:0f:40:38:
                    cc:c4:3f:31:3c:c2:fc:7c:50:c9:57:e1:60:22:a9:
                    a9:1b:7f:ca:c0:33:44:1c:be:e5:89:e4:fb:50:2f:
                    7b:ff:65:d1:dd:e2:70:19:d3:45:3f:65:6c:f2:49:
                    d6:07:70:e5:1f:5d:c2:cb:38:00:e0:46:9b:ed:88:
                    53:e1:80:5a:aa:de:d7:92:73:b4:b3:0b:45:e8:01:
                    82:09:f1:b7:31:49:e8:ba:c5:84:f8:20:c1:85:44:
                    08:83:f7:80:51:9e:16:18:6f:61:5f:e3:6a:6b:6b:
                    db:ff:46:37:a7:0f:fe:7b:06:52:31:d8:46:12:7f:
                    5d:91:f5:8f:a3:46:bb:3e:cb:33:bc:0f:7b:ce:0a:
                    67:ea:13:da:ae:3f:2a:fd:4d:89:20:53:b8:c8:2b:
                    f0:98:3f:ce:d6:5e:d4:fe:b9:18:0b:5c:d3:e0:87:
                    c1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:23:7A:E7:78:4B:E2:B0:18:FD:ED:A1:76:4B:0A:19:4A:88:C5:B3
            X509v3 Authority Key Identifier:
                keyid:38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/VyN653hL4rAY_e2hdksKGUqIxbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:aec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:d9:9f:43:31:2f:0c:ab:d8:c2:43:37:c8:35:cf:44:8c:8a:
         9f:49:19:ad:95:3d:0e:fa:7b:34:df:8a:4d:48:c8:52:ff:f5:
         93:58:f3:ae:c5:57:a9:e1:ec:ce:71:02:ff:94:a0:02:2d:a8:
         f0:e5:0e:b0:76:aa:de:61:4e:c9:fd:f5:0c:f0:49:a0:7d:c5:
         10:de:6c:de:5b:70:7f:f0:e5:50:99:57:36:98:56:ba:a4:cb:
         fc:cc:2e:d6:02:81:76:bf:5b:15:77:3b:b7:b6:20:5f:c5:1a:
         c7:53:43:6e:83:69:2d:9d:eb:1c:94:f4:a3:bb:9c:48:82:04:
         ac:50:9f:39:33:f6:5c:e6:af:fb:0f:6d:d6:f9:b6:f1:bf:f4:
         0e:b0:f7:22:5b:e2:ee:65:c6:9a:1e:5c:79:df:16:37:94:f9:
         15:db:fd:8c:e6:17:2a:07:b8:c8:9d:a1:79:62:a1:0a:85:90:
         02:91:ea:e6:26:2a:11:e8:30:a4:81:9f:f8:a5:0b:9c:84:96:
         ac:49:3c:98:f4:0e:31:28:42:0b:5c:f2:7a:f7:70:b7:d3:08:
         58:37:d3:76:ac:17:c4:9c:c5:36:21:57:0b:8a:0e:1e:7b:a6:
         0f:2e:56:c5:91:a6:b9:36:f3:f8:fb:a9:38:42:71:55:22:d2:
         6a:54:12:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQks7sU2lAzfHmdLilIKYSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmQ2ZDhlYmI4MjQwNGQ1NzA5MzUxYmMyMzI5YTBlZTQz
YTlhNDMwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzIzN2FlNzc4NGJlMmIwMThmZGVkYTE3NjRiMGExOTRhODhjNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWhxmnJq+lEtsyb+XtLzpw14HGBL
V/JvvHwJo0/YbTuNzZQ4N2hD5tlYk0WeglDuxqeDBXqYeT4soblf+i4CRTnTctrW
XQDZYUIuPmi1xGNblhM1Nt4PQDjMxD8xPML8fFDJV+FgIqmpG3/KwDNEHL7lieT7
UC97/2XR3eJwGdNFP2Vs8knWB3DlH13CyzgA4Eab7YhT4YBaqt7XknO0swtF6AGC
CfG3MUnousWE+CDBhUQIg/eAUZ4WGG9hX+Nqa2vb/0Y3pw/+ewZSMdhGEn9dkfWP
o0a7PsszvA97zgpn6hParj8q/U2JIFO4yCvwmD/O1l7U/rkYC1zT4IfBhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFcjeud4S+KwGP3toXZLChlKiMWzMB8GA1UdIwQY
MBaAFDi9bY67gkBNVwk1G8Iymg7kOppDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUt
OGM5NTM5ZjQ0NGM2LzEvVnlONjUzaEw0ckFZX2UyaGRrc0tHVXFJeGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUtOGM5NTM5ZjQ0NGM2
LzEvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgeuwDAN
BgkqhkiG9w0BAQsFAAOCAQEArtmfQzEvDKvYwkM3yDXPRIyKn0kZrZU9Dvp7NN+K
TUjIUv/1k1jzrsVXqeHsznEC/5SgAi2o8OUOsHaq3mFOyf31DPBJoH3FEN5s3ltw
f/DlUJlXNphWuqTL/Mwu1gKBdr9bFXc7t7YgX8Uax1NDboNpLZ3rHJT0o7ucSIIE
rFCfOTP2XOav+w9t1vm28b/0DrD3Ilvi7mXGmh5ced8WN5T5Fdv9jOYXKge4yJ2h
eWKhCoWQApHq5iYqEegwpIGf+KULnISWrEk8mPQOMShCC1zyevdwt9MIWDfTdqwX
xJzFNiFXC4oOHnumDy5WxZGmuTbz+PupOEJxVSLSalQS8g==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:04:15 2025 by rpki-client