Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/G8Ilx-kn2gtoFq2FBK_uZob-s8M.roa
File:                     G8Ilx-kn2gtoFq2FBK_uZob-s8M.roa (raw, json)
Hash identifier:          4DvMfvog7+ELyc+moyV7V4MAkcDttnFkugrlfBh4dx8=
Subject key identifier:   1B:C2:25:C7:E9:27:DA:0B:68:16:AD:85:04:AF:EE:66:86:FE:B3:C3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421442AAFA97B96D1552046049017B7E5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/G8Ilx-kn2gtoFq2FBK_uZob-s8M.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215142
IP address blocks:        89.213.144.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2a:af:a9:7b:96:d1:55:20:46:04:90:17:b7:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bc225c7e927da0b6816ad8504afee6686feb3c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c4:f2:0b:33:54:d7:ee:85:64:ef:15:de:cd:
                    cb:7a:21:65:a2:e9:29:03:b5:1c:bf:f2:e5:31:58:
                    82:42:07:fd:20:d9:5c:50:27:f0:5d:14:61:e4:2c:
                    c4:3f:40:32:29:48:18:13:2d:11:1a:c7:3c:2a:b7:
                    7e:f9:88:2b:13:6a:34:29:9a:ec:a2:9a:8c:bf:a9:
                    3e:9d:7d:49:66:69:8f:d5:ce:95:3f:4c:1e:96:71:
                    8a:bc:93:fb:35:68:8c:c0:0e:9f:db:69:57:e5:d8:
                    d5:5b:a7:20:43:3d:e9:65:96:72:f4:40:45:79:db:
                    b6:20:2b:be:db:d9:cb:e4:57:ce:0b:01:33:1b:5d:
                    c3:17:82:f8:2a:16:61:e6:f1:bc:9e:6e:44:54:06:
                    d5:2c:d0:29:e3:54:c4:4b:eb:09:b1:e1:eb:48:e9:
                    d9:03:69:72:21:cc:ff:2e:82:2c:14:6e:ee:57:22:
                    1e:e2:bf:db:91:22:bd:da:d7:77:e2:a7:a3:7c:8d:
                    1e:51:d4:d5:91:c5:7b:a5:b6:3c:3a:ac:89:50:b3:
                    ee:1b:72:1e:75:06:3a:05:e3:4c:79:ac:1e:e1:b7:
                    5d:49:d2:e0:e1:79:77:32:a1:83:32:50:de:95:35:
                    c5:a4:53:2d:76:d0:a8:10:5d:b1:1c:81:10:4f:ec:
                    66:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C2:25:C7:E9:27:DA:0B:68:16:AD:85:04:AF:EE:66:86:FE:B3:C3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/G8Ilx-kn2gtoFq2FBK_uZob-s8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:3a:52:5a:69:6e:01:ac:82:11:5c:53:3b:74:3c:53:67:c1:
         9d:21:6f:ff:51:aa:eb:5c:3c:95:1f:ec:1f:d2:30:ec:f6:e4:
         f4:e2:90:b4:5d:b9:99:62:e4:41:1a:3f:fe:7d:2d:af:6f:6f:
         1d:b9:cc:1b:a9:86:f4:88:24:00:00:f5:2d:2f:5c:c5:bb:66:
         55:eb:d1:86:a9:00:0f:ed:a8:7d:d8:8b:2b:9a:3b:a6:ef:43:
         0b:ee:b5:41:21:a8:83:58:68:bd:dd:e0:62:fc:f3:66:99:86:
         6d:af:1c:c0:33:4e:c8:b4:88:55:55:81:1e:01:91:6a:d2:8d:
         73:3c:af:54:5f:72:0f:5f:ef:4c:ce:ee:96:cf:34:5c:ff:72:
         64:fc:d9:1f:b1:d7:33:e0:5a:f7:69:a6:e5:3f:15:80:f8:b6:
         52:d1:ef:30:f1:d2:b9:bd:15:58:b4:73:80:fb:5f:d9:56:df:
         7e:6f:6c:7d:90:04:10:65:c1:1e:f0:63:41:68:2e:fa:f9:4f:
         8f:14:dd:a6:23:ef:66:2e:77:6f:eb:fd:db:b3:3b:01:f2:0f:
         73:9d:e0:81:17:f8:13:01:60:72:42:53:c5:a5:ab:ba:2c:f9:
         45:64:b8:b9:f2:ec:74:13:70:ba:92:db:59:6e:b3:61:66:3d:
         ce:be:47:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCqvqXuW0VUgRgSQF7flMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmMyMjVjN2U5MjdkYTBiNjgxNmFkODUwNGFmZWU2Njg2ZmViM2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMTyCzNU1+6FZO8V3s3LeiFloukp
A7Ucv/LlMViCQgf9INlcUCfwXRRh5CzEP0AyKUgYEy0RGsc8Krd++YgrE2o0KZrs
opqMv6k+nX1JZmmP1c6VP0welnGKvJP7NWiMwA6f22lX5djVW6cgQz3pZZZy9EBF
edu2ICu+29nL5FfOCwEzG13DF4L4KhZh5vG8nm5EVAbVLNAp41TES+sJseHrSOnZ
A2lyIcz/LoIsFG7uVyIe4r/bkSK92td34qejfI0eUdTVkcV7pbY8OqyJULPuG3Ie
dQY6BeNMeawe4bddSdLg4Xl3MqGDMlDelTXFpFMtdtCoEF2xHIEQT+xmcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvCJcfpJ9oLaBathQSv7maG/rPDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRzhJbHgta24yZ3RvRnEyRkJLX3Vab2ItczhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWQMA0G
CSqGSIb3DQEBCwUAA4IBAQANOlJaaW4BrIIRXFM7dDxTZ8GdIW//UarrXDyVH+wf
0jDs9uT04pC0XbmZYuRBGj/+fS2vb28ducwbqYb0iCQAAPUtL1zFu2ZV69GGqQAP
7ah92Isrmjum70ML7rVBIaiDWGi93eBi/PNmmYZtrxzAM07ItIhVVYEeAZFq0o1z
PK9UX3IPX+9Mzu6WzzRc/3Jk/Nkfsdcz4Fr3aablPxWA+LZS0e8w8dK5vRVYtHOA
+1/ZVt9+b2x9kAQQZcEe8GNBaC76+U+PFN2mI+9mLndv6/3bszsB8g9zneCBF/gT
AWByQlPFpau6LPlFZLi58ux0E3C6kttZbrNhZj3OvkfN
-----END CERTIFICATE-----
Generated at Thu Feb 13 16:03:23 2025 by rpki-client