Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa
File:                     eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa (raw, json)
Hash identifier:          VcAluyxQ8WpOAzJMGs8LDnsv8Z2KWmi3quZRoe9fH3I=
Subject key identifier:   78:71:93:33:0C:7B:53:47:20:0E:90:9A:1D:65:6E:9A:AE:71:E3:24
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0196E9B4EC908F3E5C4F67FCC055DB312960
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa
Signing time:             Mon 19 May 2025 18:01:10 +0000
ROA not before:           Mon 19 May 2025 18:01:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a09:af84::/32 maxlen: 32
                          2a09:cf05::/32 maxlen: 32
                          2a09:dd03::/32 maxlen: 32
                          2a09:e705::/32 maxlen: 32
                          2a09:ef00::/32 maxlen: 32
                          2a0b:9000::/32 maxlen: 32
                          2a0b:9003::/32 maxlen: 32
                          2a0e:5883::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e9:b4:ec:90:8f:3e:5c:4f:67:fc:c0:55:db:31:29:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: May 19 18:01:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=787193330c7b5347200e909a1d656e9aae71e324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c5:d3:ba:32:74:28:a2:e4:ab:10:2e:02:66:
                    de:c4:a2:83:cf:3b:8c:45:f8:f8:f3:b1:0a:f8:bd:
                    79:35:6d:09:81:1f:90:9a:7d:67:4a:0e:ab:93:68:
                    6c:6f:e4:46:0b:b6:2a:6b:75:3b:85:4a:ec:0d:ef:
                    ca:4d:a2:52:4a:bb:3e:42:44:7f:3f:ee:04:3c:1e:
                    24:c3:ef:33:09:73:fa:9b:7f:70:0a:f7:62:62:2c:
                    d4:f5:f2:30:0b:19:7e:af:68:44:fa:be:72:fe:5c:
                    4b:7a:0c:6c:d2:24:10:b0:4f:8c:19:fd:fe:d5:f2:
                    3b:e8:09:e6:f0:bd:ad:17:35:78:db:f5:d3:52:c1:
                    3a:f2:37:2c:03:a0:ef:7b:79:b5:56:27:ef:db:c1:
                    7f:57:b0:12:3b:02:9a:44:1b:19:54:35:ba:cd:17:
                    20:48:23:f5:c8:46:4c:5e:cd:e4:9b:fa:bd:3a:23:
                    93:0d:d0:df:4c:98:10:d8:56:e3:f8:0c:14:b1:bf:
                    f9:de:12:82:0b:23:30:31:7d:7b:ab:3b:89:46:f8:
                    8c:e7:12:55:4c:10:3e:9d:e7:65:82:9c:d5:95:a6:
                    2c:08:35:8a:54:23:c5:55:fc:ec:6b:0f:61:32:c6:
                    ba:8b:70:75:15:12:a9:67:bb:7f:7b:c2:f0:04:64:
                    6d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:71:93:33:0C:7B:53:47:20:0E:90:9A:1D:65:6E:9A:AE:71:E3:24
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:af84::/32
                  2a09:cf05::/32
                  2a09:dd03::/32
                  2a09:e705::/32
                  2a09:ef00::/32
                  2a0b:9000::/32
                  2a0b:9003::/32
                  2a0e:5883::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:d8:e1:95:66:72:73:c9:b7:4e:90:35:94:4e:e2:57:1f:48:
         0e:55:d2:04:3b:c6:4d:a9:d8:1e:3f:05:52:05:ab:c2:cf:2a:
         91:d5:a1:44:92:70:0f:4d:7b:bc:4a:20:13:74:c5:5c:f8:8a:
         65:29:5c:6b:55:ba:e2:c8:7c:c3:da:c9:3d:cf:6a:53:6e:64:
         67:97:bd:cd:67:61:68:ff:54:72:67:00:ec:5d:77:4b:50:5c:
         cd:c6:96:05:3a:3d:30:cf:d8:37:4d:1c:14:0e:a9:65:80:2c:
         25:84:5c:7c:95:23:23:ed:6a:76:62:97:06:c6:de:90:86:54:
         6d:29:3c:47:2a:37:70:e9:b4:3f:a4:65:5e:37:f8:82:6d:45:
         97:65:bd:e0:0e:c1:d5:39:35:09:aa:e5:fb:d0:64:21:90:ed:
         6f:da:e5:30:6e:ce:b2:ed:b2:de:0c:59:c7:cf:89:e3:9e:62:
         e6:55:c4:52:ef:0b:54:3c:2c:83:47:b8:aa:00:bb:b0:ce:d4:
         18:9a:6b:8c:ea:4e:fb:7e:89:b7:f1:02:46:31:1f:d0:24:66:
         1f:80:7b:d5:7d:f3:04:c5:f0:da:5a:2f:32:4a:d4:f5:35:85:
         d8:1c:e0:bd:67:df:20:89:ee:3e:72:ba:ff:43:0c:54:2a:2b:
         b7:30:b9:0f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZbptOyQjz5cT2f8wFXbMSlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwNTE5MTgwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODcxOTMzMzBjN2I1MzQ3MjAwZTkwOWExZDY1NmU5YWFlNzFlMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsXTujJ0KKLkqxAuAmbexKKDzzuM
Rfj487EK+L15NW0JgR+Qmn1nSg6rk2hsb+RGC7Yqa3U7hUrsDe/KTaJSSrs+QkR/
P+4EPB4kw+8zCXP6m39wCvdiYizU9fIwCxl+r2hE+r5y/lxLegxs0iQQsE+MGf3+
1fI76Anm8L2tFzV42/XTUsE68jcsA6Dve3m1Vifv28F/V7ASOwKaRBsZVDW6zRcg
SCP1yEZMXs3km/q9OiOTDdDfTJgQ2Fbj+AwUsb/53hKCCyMwMX17qzuJRviM5xJV
TBA+nedlgpzVlaYsCDWKVCPFVfzsaw9hMsa6i3B1FRKpZ7t/e8LwBGRtEwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHhxkzMMe1NHIA6Qmh1lbpquceMkMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvZUhHVE13eDdVMGNnRHBDYUhXVnVtcTV4NHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKgmvhAMF
ACoJzwUDBQAqCd0DAwUAKgnnBQMFACoJ7wADBQAqC5AAAwUAKguQAwMFACoOWIMw
DQYJKoZIhvcNAQELBQADggEBAA/Y4ZVmcnPJt06QNZRO4lcfSA5V0gQ7xk2p2B4/
BVIFq8LPKpHVoUSScA9Ne7xKIBN0xVz4imUpXGtVuuLIfMPayT3PalNuZGeXvc1n
YWj/VHJnAOxdd0tQXM3GlgU6PTDP2DdNHBQOqWWALCWEXHyVIyPtanZilwbG3pCG
VG0pPEcqN3DptD+kZV43+IJtRZdlveAOwdU5NQmq5fvQZCGQ7W/a5TBuzrLtst4M
WcfPieOeYuZVxFLvC1Q8LINHuKoAu7DO1Biaa4zqTvt+ibfxAkYxH9AkZh+Ae9V9
8wTF8NpaLzJK1PU1hdgc4L1n3yCJ7j5yuv9DDFQqK7cwuQ8=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:38:34 2025 by rpki-client