Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/cOkjoAoWTIDQaL0ywuAoAieDRzY.roa
File:                     cOkjoAoWTIDQaL0ywuAoAieDRzY.roa (raw, json)
Hash identifier:          wF8+X1a0pjO8jPPafe7NoquJ9x3yfPoaflig4cJYXDI=
Subject key identifier:   70:E9:23:A0:0A:16:4C:80:D0:68:BD:32:C2:E0:28:02:27:83:47:36
Certificate issuer:       /CN=af3b13fc9a60400172561b0a520df16cb251cf95
Certificate serial:       01857169C7D35A18DEF26C15A9492D40878C
Authority key identifier: AF:3B:13:FC:9A:60:40:01:72:56:1B:0A:52:0D:F1:6C:B2:51:CF:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rzsT_JpgQAFyVhsKUg3xbLJRz5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/cOkjoAoWTIDQaL0ywuAoAieDRzY.roa
Signing time:             Mon 02 Jan 2023 07:37:15 +0000
ROA not before:           Mon 02 Jan 2023 07:37:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60631
IP address blocks:        212.23.201.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:c7:d3:5a:18:de:f2:6c:15:a9:49:2d:40:87:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af3b13fc9a60400172561b0a520df16cb251cf95
        Validity
            Not Before: Jan  2 07:37:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=70e923a00a164c80d068bd32c2e0280227834736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:92:89:bb:c0:53:b0:db:1b:ed:e8:46:08:35:
                    9e:cc:7a:a2:49:a2:f4:d7:a7:be:d3:0a:fe:b2:48:
                    3e:93:90:d9:15:b2:2f:a7:36:73:3d:88:8c:74:70:
                    fd:6d:44:5e:d4:75:c4:86:56:7a:2c:c3:31:62:0c:
                    c7:dd:77:ee:86:c0:9e:5c:31:31:09:09:b0:9f:58:
                    39:9b:15:b6:14:3a:bf:8a:5c:ad:a7:da:43:ca:67:
                    20:5a:aa:38:ca:2a:90:56:c2:4a:0d:ef:07:ab:f1:
                    d8:a5:f1:36:4b:91:bc:23:df:6e:c6:6f:90:80:2c:
                    ad:67:43:2f:99:bf:80:44:56:9a:52:57:f0:61:15:
                    63:0d:66:1a:c9:53:d8:a8:8b:f2:43:4a:c4:c7:99:
                    7b:51:05:0a:9f:d6:32:c6:3e:6f:da:21:a5:e4:05:
                    96:12:91:dc:77:cb:3e:f8:b2:82:2f:a4:5f:bc:e8:
                    73:9a:14:05:a0:4a:96:68:8e:01:22:65:63:44:9a:
                    1e:a7:6e:41:a7:68:45:4a:f5:43:40:a3:3f:df:8e:
                    66:f4:c0:e6:70:74:ba:8b:68:9e:3b:f9:dc:8b:eb:
                    30:71:ee:dd:19:e8:30:ff:04:8b:ed:1d:dc:e0:71:
                    2b:6f:be:42:01:9e:2b:c8:7b:50:1e:a7:78:28:8b:
                    c6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E9:23:A0:0A:16:4C:80:D0:68:BD:32:C2:E0:28:02:27:83:47:36
            X509v3 Authority Key Identifier:
                keyid:AF:3B:13:FC:9A:60:40:01:72:56:1B:0A:52:0D:F1:6C:B2:51:CF:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rzsT_JpgQAFyVhsKUg3xbLJRz5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/cOkjoAoWTIDQaL0ywuAoAieDRzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/653e8b-1f78-4c37-b254-73676526053b/1/rzsT_JpgQAFyVhsKUg3xbLJRz5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:4b:58:ba:90:e0:7d:d0:d8:1d:91:50:39:1c:29:19:e9:dc:
         50:6c:6c:f4:7c:c3:54:ae:7b:e1:0f:99:1f:96:14:2a:ca:bc:
         13:04:65:ef:04:55:fa:e2:83:31:47:40:72:b7:fd:01:1f:22:
         ec:cc:5f:f6:56:0b:d9:1b:de:c3:73:17:08:51:18:9c:e5:c2:
         e8:7b:c7:c6:62:be:37:5a:89:aa:33:5e:8f:19:83:a7:10:70:
         8a:13:f0:61:72:95:dc:6b:c8:3d:27:82:de:d2:e6:c8:15:aa:
         cf:3d:e2:12:7e:47:70:d4:2a:f9:0b:5b:49:a0:9b:03:02:da:
         4b:6c:c2:b7:64:ef:3b:c6:b7:86:4c:df:c4:d9:b8:cb:ce:b8:
         42:6b:df:84:37:49:4c:13:dc:48:42:1b:cc:6e:bc:c6:3c:5a:
         f2:2b:75:0e:a3:1a:57:c1:5f:6e:dd:c1:0b:c1:a4:8d:4a:a2:
         5f:de:f7:b2:73:6d:6d:54:00:0b:b7:cc:49:b9:24:4a:5b:b6:
         9d:5d:16:30:be:09:4e:a6:c6:c0:aa:99:10:c9:f3:9a:b9:8d:
         a4:fe:78:3e:23:d5:47:9c:05:b7:8c:c0:a4:a1:42:6f:fe:0e:
         5c:00:61:64:4e:0b:fc:e5:84:66:7b:77:0e:cc:2e:04:9e:46:
         54:f6:ed:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxacfTWhje8mwVqUktQIeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmM2IxM2ZjOWE2MDQwMDE3MjU2MWIwYTUyMGRmMTZjYjI1
MWNmOTUwHhcNMjMwMTAyMDczNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU5MjNhMDBhMTY0YzgwZDA2OGJkMzJjMmUwMjgwMjI3ODM0NzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZKJu8BTsNsb7ehGCDWezHqiSaL0
16e+0wr+skg+k5DZFbIvpzZzPYiMdHD9bURe1HXEhlZ6LMMxYgzH3XfuhsCeXDEx
CQmwn1g5mxW2FDq/ilytp9pDymcgWqo4yiqQVsJKDe8Hq/HYpfE2S5G8I99uxm+Q
gCytZ0Mvmb+ARFaaUlfwYRVjDWYayVPYqIvyQ0rEx5l7UQUKn9Yyxj5v2iGl5AWW
EpHcd8s++LKCL6RfvOhzmhQFoEqWaI4BImVjRJoep25Bp2hFSvVDQKM/345m9MDm
cHS6i2ieO/nci+swce7dGegw/wSL7R3c4HErb75CAZ4ryHtQHqd4KIvGzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDpI6AKFkyA0Gi9MsLgKAIng0c2MB8GA1UdIwQY
MBaAFK87E/yaYEABclYbClIN8WyyUc+VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnpzVF9KcGdRQUZ5VmhzS1VnM3hiTEpSejVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi82NTNlOGItMWY3OC00YzM3LWIyNTQt
NzM2NzY1MjYwNTNiLzEvY09ram9Bb1dUSURRYUwweXd1QW9BaWVEUnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi82NTNlOGItMWY3OC00YzM3LWIyNTQtNzM2NzY1MjYwNTNi
LzEvcnpzVF9KcGdRQUZ5VmhzS1VnM3hiTEpSejVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfJMA0G
CSqGSIb3DQEBCwUAA4IBAQDAS1i6kOB90NgdkVA5HCkZ6dxQbGz0fMNUrnvhD5kf
lhQqyrwTBGXvBFX64oMxR0Byt/0BHyLszF/2VgvZG97DcxcIURic5cLoe8fGYr43
WomqM16PGYOnEHCKE/BhcpXca8g9J4Le0ubIFarPPeISfkdw1Cr5C1tJoJsDAtpL
bMK3ZO87xreGTN/E2bjLzrhCa9+EN0lME9xIQhvMbrzGPFryK3UOoxpXwV9u3cEL
waSNSqJf3veyc21tVAALt8xJuSRKW7adXRYwvglOpsbAqpkQyfOauY2k/ng+I9VH
nAW3jMCkoUJv/g5cAGFkTgv85YRme3cOzC4EnkZU9u21
-----END CERTIFICATE-----
Generated at Thu Jun 12 10:41:52 2025 by rpki-client