Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/094180-0171-4252-afea-923546ed3e8a/1/I-9nosZK401CQpJRuAshZHnP0fo.roa
File:                     I-9nosZK401CQpJRuAshZHnP0fo.roa (raw, json)
Hash identifier:          sHINKyYTD0p7P3wLfwbfJarXpMyVbCmBvI+x77nGqx0=
Subject key identifier:   23:EF:67:A2:C6:4A:E3:4D:42:42:92:51:B8:0B:21:64:79:CF:D1:FA
Certificate issuer:       /CN=0f47ec73bceecedd541efb73525d61232fa80219
Certificate serial:       19AAD653
Authority key identifier: 0F:47:EC:73:BC:EE:CE:DD:54:1E:FB:73:52:5D:61:23:2F:A8:02:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D0fsc7zuzt1UHvtzUl1hIy-oAhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/094180-0171-4252-afea-923546ed3e8a/1/I-9nosZK401CQpJRuAshZHnP0fo.roa
Signing time:             Sat 01 Jan 2022 07:03:23 +0000
ROA not before:           Sat 01 Jan 2022 07:03:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29247
IP address blocks:        149.210.0.0/18 maxlen: 18
                          109.178.0.0/16 maxlen: 16
                          178.146.0.0/16 maxlen: 16
                          5.203.0.0/16 maxlen: 16
                          5.144.192.0/20 maxlen: 20
                          5.144.192.0/18 maxlen: 18
                          5.144.208.0/20 maxlen: 20
                          149.210.64.0/18 maxlen: 18
                          31.217.160.0/19 maxlen: 19
                          5.144.224.0/20 maxlen: 20
                          31.217.176.0/23 maxlen: 23
                          31.217.178.0/23 maxlen: 23
                          31.152.0.0/16 maxlen: 16
                          31.217.184.0/22 maxlen: 22
                          31.217.180.0/23 maxlen: 23
                          178.147.0.0/16 maxlen: 16
                          94.143.177.0/24 maxlen: 24
                          94.143.176.0/24 maxlen: 24
                          94.143.178.0/24 maxlen: 24
                          94.143.183.0/24 maxlen: 24
                          94.143.180.0/24 maxlen: 24
                          2a02:1388:2000::/36 maxlen: 36
                          2a02:1388::/36 maxlen: 36
                          2a02:1388:4000::/36 maxlen: 36
                          2a02:1388::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 430626387 (0x19aad653)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f47ec73bceecedd541efb73525d61232fa80219
        Validity
            Not Before: Jan  1 07:03:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=23ef67a2c64ae34d42429251b80b216479cfd1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:61:bc:9f:c6:b6:da:4d:ac:04:83:74:3c:6d:
                    77:fa:f0:e7:08:63:91:5e:68:b1:b7:dd:ea:06:a4:
                    60:de:93:a5:be:aa:5a:a7:99:36:11:99:9a:98:25:
                    c9:91:f3:47:49:bb:fa:17:86:60:cf:fe:ee:ef:bf:
                    e3:82:d1:7a:e6:ff:ef:12:db:a2:a8:c6:a5:94:98:
                    d9:c4:42:69:10:ee:cb:4e:90:fb:67:5b:c4:6a:6b:
                    bc:1c:fb:07:ba:1e:61:c2:b1:ac:36:c5:c2:d4:e3:
                    d6:d9:f1:f3:e9:4d:31:4f:2c:b3:96:ea:82:df:ac:
                    c0:0f:29:98:df:7d:d4:9e:55:13:6a:8d:6b:aa:00:
                    0c:ff:5e:00:b1:15:a0:2a:fa:e7:ce:6e:7f:cc:e8:
                    64:30:98:5c:54:95:e7:50:f0:a9:37:11:e8:22:da:
                    fb:c2:43:15:ea:3b:fa:8e:ee:e1:54:2b:5e:8e:d0:
                    45:57:26:f1:31:14:46:70:2a:a6:82:fc:36:ab:a3:
                    3f:f6:7a:bb:38:51:7d:78:6d:2a:11:ca:33:bc:71:
                    5d:7a:f4:94:dc:51:39:ef:37:13:4b:b4:15:ab:be:
                    f7:26:c5:c7:d2:91:c7:a1:83:bb:63:4e:c0:06:6f:
                    73:41:73:4e:05:5a:ec:76:1d:5f:7b:30:e0:fe:60:
                    3c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EF:67:A2:C6:4A:E3:4D:42:42:92:51:B8:0B:21:64:79:CF:D1:FA
            X509v3 Authority Key Identifier:
                keyid:0F:47:EC:73:BC:EE:CE:DD:54:1E:FB:73:52:5D:61:23:2F:A8:02:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D0fsc7zuzt1UHvtzUl1hIy-oAhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/094180-0171-4252-afea-923546ed3e8a/1/I-9nosZK401CQpJRuAshZHnP0fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/094180-0171-4252-afea-923546ed3e8a/1/D0fsc7zuzt1UHvtzUl1hIy-oAhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.192.0/18
                  5.203.0.0/16
                  31.152.0.0/16
                  31.217.160.0/19
                  94.143.176.0-94.143.178.255
                  94.143.180.0/24
                  94.143.183.0/24
                  109.178.0.0/16
                  149.210.0.0/17
                  178.146.0.0/15
                IPv6:
                  2a02:1388::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:fc:73:f0:b2:a4:38:c5:1b:b1:c0:b0:1c:ed:cf:a9:4b:4d:
         09:97:c1:b5:37:b0:0b:cb:01:4b:8b:29:4b:9c:7b:2c:93:b9:
         b4:95:0a:73:d1:a5:c1:09:ea:4c:0a:a0:7d:79:89:22:bc:97:
         57:41:3d:9a:8d:43:d3:8c:e0:3a:90:59:c1:0c:61:c4:86:54:
         9a:74:05:e6:0d:4a:1a:04:d4:d2:8c:28:c8:f3:e5:fa:52:a6:
         74:d0:7a:eb:7d:bc:d6:d4:42:a3:5b:9d:86:9c:76:d1:3a:3d:
         da:80:bd:85:48:8c:6b:74:06:26:2b:bc:c1:39:b0:8d:de:72:
         33:6f:17:13:6a:02:41:d4:79:d1:62:93:44:ed:60:8b:9f:4d:
         85:f6:75:33:46:2a:1f:bb:58:0b:3f:4d:24:6c:3c:b9:19:1a:
         7e:cb:e2:cf:11:b1:5e:27:bb:d6:34:30:a5:e7:e7:8f:77:d5:
         40:f9:7d:83:20:41:0d:02:10:de:a2:43:93:f7:9a:80:6e:3b:
         75:76:a6:43:0d:26:10:ca:77:fb:69:d7:63:f7:9e:10:3d:92:
         84:0e:39:39:a4:70:37:98:0d:7b:ee:53:26:5a:65:0b:27:52:
         cf:5a:0f:e7:18:e6:83:30:26:dd:6f:84:48:fa:14:77:28:fa:
         fe:ce:ce:d8
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIEGarWUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZjQ3ZWM3M2JjZWVjZWRkNTQxZWZiNzM1MjVkNjEyMzJmYTgwMjE5MB4XDTIyMDEw
MTA3MDMyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjNlZjY3YTJjNjRh
ZTM0ZDQyNDI5MjUxYjgwYjIxNjQ3OWNmZDFmYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALxhvJ/GttpNrASDdDxtd/rw5whjkV5osbfd6gakYN6Tpb6q
WqeZNhGZmpglyZHzR0m7+heGYM/+7u+/44LReub/7xLboqjGpZSY2cRCaRDuy06Q
+2dbxGprvBz7B7oeYcKxrDbFwtTj1tnx8+lNMU8ss5bqgt+swA8pmN991J5VE2qN
a6oADP9eALEVoCr6585uf8zoZDCYXFSV51DwqTcR6CLa+8JDFeo7+o7u4VQrXo7Q
RVcm8TEURnAqpoL8NqujP/Z6uzhRfXhtKhHKM7xxXXr0lNxROe83E0u0Fau+9ybF
x9KRx6GDu2NOwAZvc0FzTgVa7HYdX3sw4P5gPJsCAwEAAaOCAlIwggJOMB0GA1Ud
DgQWBBQj72eixkrjTUJCklG4CyFkec/R+jAfBgNVHSMEGDAWgBQPR+xzvO7O3VQe
+3NSXWEjL6gCGTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0QwZnNjN3p1enQxVUh2dHpVbDFoSXktb0Foay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2YvMDk0MTgwLTAxNzEtNDI1Mi1hZmVhLTkyMzU0NmVkM2U4YS8x
L0ktOW5vc1pLNDAxQ1FwSlJ1QXNoWkhuUDBmby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Yv
MDk0MTgwLTAxNzEtNDI1Mi1hZmVhLTkyMzU0NmVkM2U4YS8xL0QwZnNjN3p1enQx
VUh2dHpVbDFoSXktb0Foay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBo
BggrBgEFBQcBBwEB/wRZMFcwRgQCAAEwQAMEBgWQwAMDAAXLAwMAH5gDBAUf2aAw
DAMEBF6PsAMEAF6PsgMEAF6PtAMEAF6PtwMDAG2yAwQHldIAAwMBspIwDQQCAAIw
BwMFAyoCE4gwDQYJKoZIhvcNAQELBQADggEBAJn8c/CypDjFG7HAsBztz6lLTQmX
wbU3sAvLAUuLKUuceyyTubSVCnPRpcEJ6kwKoH15iSK8l1dBPZqNQ9OM4DqQWcEM
YcSGVJp0BeYNShoE1NKMKMjz5fpSpnTQeut9vNbUQqNbnYacdtE6PdqAvYVIjGt0
BiYrvME5sI3ecjNvFxNqAkHUedFik0TtYIufTYX2dTNGKh+7WAs/TSRsPLkZGn7L
4s8RsV4nu9Y0MKXn54931UD5fYMgQQ0CEN6iQ5P3moBuO3V2pkMNJhDKd/tp12P3
nhA9koQOOTmkcDeYDXvuUyZaZQsnUs9aD+cY5oMwJt1vhEj6FHco+v7Oztg=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:37:28 2025 by rpki-client