Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/fs1SpTJQ3Ua-v5MMeiTFkCRILZ8.roa
File:                     fs1SpTJQ3Ua-v5MMeiTFkCRILZ8.roa (raw, json)
Hash identifier:          9T2oQtZgX5BeEzvkAIF4DdBodXbFGCDLIx33PP2gn3c=
Subject key identifier:   7E:CD:52:A5:32:50:DD:46:BE:BF:93:0C:7A:24:C5:90:24:48:2D:9F
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018F62A2A320AFD207389621F5F25DA8D9E4
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/fs1SpTJQ3Ua-v5MMeiTFkCRILZ8.roa
Signing time:             Fri 10 May 2024 13:12:56 +0000
ROA not before:           Fri 10 May 2024 13:12:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:a2:a3:20:af:d2:07:38:96:21:f5:f2:5d:a8:d9:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: May 10 13:12:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ecd52a53250dd46bebf930c7a24c59024482d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:57:3e:25:d3:ee:0d:1e:3e:48:7f:b7:ec:64:
                    25:d6:c5:c6:cb:f2:90:c3:7d:cf:21:7f:c2:23:31:
                    a8:3c:6a:58:ed:da:2e:ea:52:7a:c0:be:a0:69:a5:
                    c8:83:71:50:f0:bd:c1:f8:e4:7d:03:f0:24:42:7b:
                    75:df:6e:cb:a1:dc:22:8c:2d:19:8a:4f:9a:3d:a2:
                    80:3f:20:87:36:bc:2d:86:4e:6b:89:58:e8:f7:c3:
                    03:9f:12:12:6a:31:86:a0:6a:c8:1c:23:0c:77:ef:
                    ca:31:42:ca:fd:6d:3f:8b:5f:aa:15:72:98:4a:37:
                    a7:92:3d:c5:8f:8d:b9:bb:df:ec:88:55:7b:8d:b7:
                    2b:ec:aa:64:f6:78:44:56:18:e9:1e:95:a7:12:87:
                    06:77:ec:27:2f:1f:71:42:7d:35:33:af:31:63:7a:
                    d9:78:f9:49:a3:14:d2:d7:ad:c9:9d:f0:5c:c1:bc:
                    31:b3:67:f5:ff:1a:21:a0:05:4e:22:9c:eb:ca:0e:
                    86:c5:c7:e1:a2:bf:17:5c:c2:ad:7e:d7:92:db:be:
                    99:c8:6e:92:19:2c:27:0e:69:90:6a:e5:36:33:e4:
                    f2:2c:60:f6:43:59:f3:7f:46:3d:34:47:2a:4f:d5:
                    53:25:44:4f:f8:38:d6:6c:a1:65:54:41:79:5d:a2:
                    8f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CD:52:A5:32:50:DD:46:BE:BF:93:0C:7A:24:C5:90:24:48:2D:9F
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/fs1SpTJQ3Ua-v5MMeiTFkCRILZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:6d:c7:30:89:96:da:ab:09:6f:fe:d6:d6:af:cf:c2:2e:46:
         39:f2:91:d0:34:02:ed:37:93:94:c9:46:87:5c:0b:81:9f:52:
         b5:42:dd:6b:3c:3d:22:5a:cf:82:56:53:2b:16:b6:1e:de:f4:
         e5:3c:2d:ec:05:a2:f9:a9:84:ec:70:c5:fa:ee:37:be:f2:5c:
         fd:01:2a:24:24:75:1c:5c:4a:99:d1:ad:59:20:a4:f3:a7:98:
         6b:8b:4d:da:a8:a5:0e:dc:89:04:c2:07:ad:4d:46:1d:68:dc:
         5e:d5:a0:5b:1d:94:88:b9:e9:5b:19:c5:37:31:6d:7f:05:b5:
         16:97:1b:97:f2:89:4b:c4:2c:b4:af:bf:f7:9e:f0:d0:58:28:
         e2:52:a7:8f:d0:55:c5:8a:03:65:eb:5e:10:91:2b:83:5c:90:
         5b:20:dd:39:2a:34:a4:2b:bb:e1:e9:1c:0a:33:8c:cf:59:2e:
         d4:c1:fd:77:12:9d:eb:50:38:b4:c3:1f:8d:9b:45:43:3c:44:
         6d:8b:3a:d2:57:e2:d9:e9:bf:19:0d:b4:0e:99:2d:62:76:8e:
         92:ec:92:7f:01:8b:54:60:31:5f:12:c1:7e:fb:a1:43:9d:0b:
         db:58:af:09:27:ee:cb:04:73:c7:18:42:74:69:59:3d:1d:c8:
         7a:fc:39:a7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY9ioqMgr9IHOJYh9fJdqNnkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTEwMTMxMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNkNTJhNTMyNTBkZDQ2YmViZjkzMGM3YTI0YzU5MDI0NDgyZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFc+JdPuDR4+SH+37GQl1sXGy/KQ
w33PIX/CIzGoPGpY7dou6lJ6wL6gaaXIg3FQ8L3B+OR9A/AkQnt1327LodwijC0Z
ik+aPaKAPyCHNrwthk5riVjo98MDnxISajGGoGrIHCMMd+/KMULK/W0/i1+qFXKY
Sjenkj3Fj425u9/siFV7jbcr7Kpk9nhEVhjpHpWnEocGd+wnLx9xQn01M68xY3rZ
ePlJoxTS163JnfBcwbwxs2f1/xohoAVOIpzryg6Gxcfhor8XXMKtfteS276ZyG6S
GSwnDmmQauU2M+TyLGD2Q1nzf0Y9NEcqT9VTJURP+DjWbKFlVEF5XaKPPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH7NUqUyUN1Gvr+TDHokxZAkSC2fMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvZnMxU3BUSlEzVWEtdjVNTWVpVEZrQ1JJTFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABptxzCJltqrCW/+1tav
z8IuRjnykdA0Au03k5TJRodcC4GfUrVC3Ws8PSJaz4JWUysWth7e9OU8LewFovmp
hOxwxfruN77yXP0BKiQkdRxcSpnRrVkgpPOnmGuLTdqopQ7ciQTCB61NRh1o3F7V
oFsdlIi56VsZxTcxbX8FtRaXG5fyiUvELLSvv/ee8NBYKOJSp4/QVcWKA2XrXhCR
K4NckFsg3TkqNKQru+HpHAozjM9ZLtTB/XcSnetQOLTDH42bRUM8RG2LOtJX4tnp
vxkNtA6ZLWJ2jpLskn8Bi1RgMV8SwX77oUOdC9tYrwkn7ssEc8cYQnRpWT0dyHr8
Oac=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:59 2024 by rpki-client on console-ams.rpki-client.org