Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/L2OpH0Y2G4W3a2EOf--4z0pC5nw.roa
File:                     L2OpH0Y2G4W3a2EOf--4z0pC5nw.roa (raw, json)
Hash identifier:          Z/y8jlpE1NkSokYffZSS7fe2Eq5i8YtQ+091JqoO2QM=
Subject key identifier:   2F:63:A9:1F:46:36:1B:85:B7:6B:61:0E:7F:EF:B8:CF:4A:42:E6:7C
Certificate issuer:       /CN=38401e58890bf230dcae5d0305119ff2c2b8d433
Certificate serial:       01857246F0DB26B34860FBA5F3E8768BF638
Authority key identifier: 38:40:1E:58:89:0B:F2:30:DC:AE:5D:03:05:11:9F:F2:C2:B8:D4:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OEAeWIkL8jDcrl0DBRGf8sK41DM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/L2OpH0Y2G4W3a2EOf--4z0pC5nw.roa
Signing time:             Mon 02 Jan 2023 11:38:49 +0000
ROA not before:           Mon 02 Jan 2023 11:38:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51628
IP address blocks:        192.145.99.0/24 maxlen: 24
                          2a09:6280:2::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:f0:db:26:b3:48:60:fb:a5:f3:e8:76:8b:f6:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38401e58890bf230dcae5d0305119ff2c2b8d433
        Validity
            Not Before: Jan  2 11:38:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f63a91f46361b85b76b610e7fefb8cf4a42e67c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3b:15:15:b6:ca:31:f1:8c:74:36:75:41:26:
                    db:99:73:94:82:fd:97:64:0b:34:a3:24:6a:97:2b:
                    12:1b:e2:12:fe:24:2d:78:b8:b0:5f:04:e9:6e:a2:
                    26:eb:e6:e7:84:67:04:fc:af:85:61:01:26:65:88:
                    86:dd:e8:7b:45:40:66:a5:bd:ff:b6:e7:de:b6:16:
                    65:67:32:c6:ce:71:29:69:00:a0:0d:33:4c:09:65:
                    99:5e:fc:6b:cf:87:57:67:8e:ef:f2:18:46:f1:fe:
                    75:a8:50:63:ee:53:12:c9:6b:09:38:62:86:a9:b7:
                    2a:b9:e2:90:8a:5e:7d:4a:62:24:5c:f4:d5:d1:9c:
                    db:60:8c:a9:79:a6:a5:cf:72:5a:76:0f:6c:4b:92:
                    50:b4:59:0f:15:0d:3a:18:23:be:60:0b:6d:3a:5a:
                    14:00:2a:ae:d8:2a:05:4e:cd:cf:89:40:10:67:9d:
                    50:3b:8b:92:e3:ef:db:a4:31:0e:a7:6a:1f:fa:3c:
                    25:59:32:0c:74:e3:14:70:58:d2:66:f5:1c:84:9b:
                    b8:d1:45:b2:1e:8a:cb:bf:bc:04:7b:0a:fc:33:7f:
                    07:9a:fa:02:0d:bb:49:90:48:f9:b1:f3:5d:96:52:
                    d3:47:b1:15:b9:bb:1d:d9:b0:75:9b:84:26:4b:df:
                    26:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:63:A9:1F:46:36:1B:85:B7:6B:61:0E:7F:EF:B8:CF:4A:42:E6:7C
            X509v3 Authority Key Identifier:
                keyid:38:40:1E:58:89:0B:F2:30:DC:AE:5D:03:05:11:9F:F2:C2:B8:D4:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEAeWIkL8jDcrl0DBRGf8sK41DM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/L2OpH0Y2G4W3a2EOf--4z0pC5nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/OEAeWIkL8jDcrl0DBRGf8sK41DM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.99.0/24
                IPv6:
                  2a09:6280:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:bc:9a:3a:ba:dd:93:ca:5c:a0:d1:1e:17:53:0b:fe:6b:99:
         07:20:1b:5b:ba:10:43:8d:3f:33:19:75:db:18:28:92:fa:47:
         34:50:e3:67:b2:d7:6b:a0:59:e2:1e:69:2b:8a:57:f8:05:b3:
         c6:47:a9:b7:bc:7b:d3:3c:b8:0b:71:db:c8:5f:15:0f:40:db:
         9c:32:3f:05:51:55:18:8c:69:26:a7:f0:aa:d8:a9:1c:3b:9e:
         c5:e7:be:2a:79:8f:27:07:dc:d2:7c:92:8b:fa:f5:6f:85:8f:
         23:77:05:04:cb:fb:aa:ee:8d:1f:26:69:ae:ff:da:42:0b:21:
         25:59:96:b3:fc:c5:09:55:be:25:83:5d:62:5f:dc:4c:8d:09:
         ee:5d:60:b1:86:66:db:a5:9f:c2:45:6e:c7:c6:f3:13:fc:22:
         c7:fa:23:b6:ca:53:75:dc:27:9b:c7:35:f2:e3:bb:6c:4e:b1:
         80:50:bc:8d:55:2e:f1:35:b2:e8:6e:62:df:4f:f7:11:ad:42:
         03:10:6e:55:af:02:b7:a1:15:3f:97:f5:ed:88:aa:4b:31:46:
         c8:8e:29:de:81:a0:de:de:f0:89:41:f3:f4:f9:ad:2a:d7:eb:
         97:c2:f7:aa:f0:19:0c:71:e6:5f:03:b7:cf:79:2f:8e:0f:8f:
         47:f3:88:d7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVyRvDbJrNIYPul8+h2i/Y4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDAxZTU4ODkwYmYyMzBkY2FlNWQwMzA1MTE5ZmYyYzJi
OGQ0MzMwHhcNMjMwMTAyMTEzODQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjYzYTkxZjQ2MzYxYjg1Yjc2YjYxMGU3ZmVmYjhjZjRhNDJlNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDsVFbbKMfGMdDZ1QSbbmXOUgv2X
ZAs0oyRqlysSG+IS/iQteLiwXwTpbqIm6+bnhGcE/K+FYQEmZYiG3eh7RUBmpb3/
tufethZlZzLGznEpaQCgDTNMCWWZXvxrz4dXZ47v8hhG8f51qFBj7lMSyWsJOGKG
qbcqueKQil59SmIkXPTV0ZzbYIypeaalz3Jadg9sS5JQtFkPFQ06GCO+YAttOloU
ACqu2CoFTs3PiUAQZ51QO4uS4+/bpDEOp2of+jwlWTIMdOMUcFjSZvUchJu40UWy
HorLv7wEewr8M38HmvoCDbtJkEj5sfNdllLTR7EVubsd2bB1m4QmS98m7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC9jqR9GNhuFt2thDn/vuM9KQuZ8MB8GA1UdIwQY
MBaAFDhAHliJC/Iw3K5dAwURn/LCuNQzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VBZVdJa0w4akRjcmwwREJSR2Y4c0s0MURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82N2QzYjgtYzQzZC00NGI3LWFmYTYt
OGI5Y2RkYjczNDA4LzEvTDJPcEgwWTJHNFczYTJFT2YtLTR6MHBDNW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82N2QzYjgtYzQzZC00NGI3LWFmYTYtOGI5Y2RkYjczNDA4
LzEvT0VBZVdJa0w4akRjcmwwREJSR2Y4c0s0MURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwJFjMA8E
AgACMAkDBwAqCWKAAAIwDQYJKoZIhvcNAQELBQADggEBAK28mjq63ZPKXKDRHhdT
C/5rmQcgG1u6EEONPzMZddsYKJL6RzRQ42ey12ugWeIeaSuKV/gFs8ZHqbe8e9M8
uAtx28hfFQ9A25wyPwVRVRiMaSan8KrYqRw7nsXnvip5jycH3NJ8kov69W+FjyN3
BQTL+6rujR8maa7/2kILISVZlrP8xQlVviWDXWJf3EyNCe5dYLGGZtuln8JFbsfG
8xP8Isf6I7bKU3XcJ5vHNfLju2xOsYBQvI1VLvE1suhuYt9P9xGtQgMQblWvAreh
FT+X9e2IqksxRsiOKd6BoN7e8IlB8/T5rSrX65fC96rwGQxx5l8Dt895L44Pj0fz
iNc=
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:12:40 2025 by rpki-client