Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/Iq6rrqgHrI3Q1FG_Bbvtyfo57_U.roa
File:                     Iq6rrqgHrI3Q1FG_Bbvtyfo57_U.roa (raw, json)
Hash identifier:          ma2nQ8nQpVYWHRj3XxftCVJVnY4UpoOsjNMyJ3JOeXE=
Subject key identifier:   22:AE:AB:AE:A8:07:AC:8D:D0:D4:51:BF:05:BB:ED:C9:FA:39:EF:F5
Certificate issuer:       /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial:       018EDAFEAB9CAE64A14DD90D1CB8AA44BE12
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/Iq6rrqgHrI3Q1FG_Bbvtyfo57_U.roa
Signing time:             Sun 14 Apr 2024 05:05:06 +0000
ROA not before:           Sun 14 Apr 2024 05:05:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18e:dafd:dcb9/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:da:fe:ab:9c:ae:64:a1:4d:d9:0d:1c:b8:aa:44:be:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
        Validity
            Not Before: Apr 14 05:05:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22aeabaea807ac8dd0d451bf05bbedc9fa39eff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:34:38:20:ec:19:6e:4d:d0:53:81:aa:33:a3:
                    9a:d2:e8:6d:21:45:f9:0a:fb:ad:8b:06:7c:db:8f:
                    86:43:3a:25:60:87:3b:43:a9:1e:b8:25:dc:21:27:
                    a1:38:39:18:e4:d5:4e:2d:e3:9e:1e:21:ba:bf:05:
                    44:66:cf:aa:8b:4c:93:44:7a:be:2b:b1:b2:67:6c:
                    1a:23:72:3a:ce:f3:4e:fc:cf:6e:8c:b2:14:0c:5a:
                    29:16:b6:05:73:68:79:d6:e6:58:b5:0a:d4:ba:02:
                    67:ac:3c:ee:52:f2:7e:60:e7:85:b1:33:e7:9c:a2:
                    27:ee:3c:93:b2:fd:39:e6:98:7b:71:c0:cf:fc:41:
                    c5:3d:53:f4:ce:b5:18:68:71:c0:2d:e1:a5:10:48:
                    37:87:10:a9:01:eb:b9:5a:e0:14:16:ec:35:44:18:
                    b2:97:40:c1:3d:5e:c6:7b:14:fd:c2:de:8c:4a:a3:
                    1b:37:4a:63:d8:2e:42:22:10:5f:42:f9:b3:14:5e:
                    b6:cc:21:21:c8:a5:07:f7:ea:b4:36:98:7a:d5:f6:
                    ad:ec:47:3f:1f:6e:ed:62:41:ae:4e:04:80:1b:d6:
                    39:36:70:45:42:13:56:5e:6a:75:5b:4a:a4:2e:5f:
                    97:6f:e3:2c:6f:ab:2f:01:cb:de:1b:55:02:ce:5e:
                    df:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AE:AB:AE:A8:07:AC:8D:D0:D4:51:BF:05:BB:ED:C9:FA:39:EF:F5
            X509v3 Authority Key Identifier:
                keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/Iq6rrqgHrI3Q1FG_Bbvtyfo57_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:d4:c5:ea:dc:a8:33:71:39:9e:ce:ec:8b:b5:b0:38:d6:a5:
         82:4a:44:28:17:29:09:35:37:f9:a4:5a:89:39:a9:73:f3:9e:
         a3:dd:0b:51:78:51:41:97:a4:aa:ec:0b:a9:4b:bb:6a:60:3d:
         50:73:fa:f3:cf:71:be:fe:9f:7d:0e:ba:6c:2c:a4:c9:ea:50:
         a8:49:57:6e:91:a2:2d:51:55:8b:f4:12:6f:4c:1f:6d:17:4b:
         5c:1e:e9:be:cb:dd:ba:9b:e1:b1:08:a5:d0:f9:6c:cb:91:66:
         7d:48:8f:07:ee:95:5f:a3:d4:fe:24:65:15:7e:c5:1c:fa:63:
         47:9d:13:4c:d3:e9:28:ba:6d:0f:e5:46:05:37:53:98:c7:06:
         7e:14:59:a3:69:d8:52:da:7c:07:af:72:f7:55:56:cb:b8:a4:
         bf:d5:e1:65:14:47:39:59:ef:0f:43:c5:0f:7e:ab:d8:c7:06:
         e9:e4:44:fc:d9:ff:1f:6c:6d:9f:df:bf:ba:e6:39:0b:b5:cc:
         50:6c:56:60:6e:94:63:43:b9:69:4f:ac:7a:7e:f7:dd:d9:ed:
         e3:df:00:17:28:67:fe:22:93:77:ee:39:56:31:7f:4a:d8:f7:
         ef:b7:1a:25:cf:96:11:49:94:da:9b:1a:d1:da:77:08:a7:75:
         e1:54:67:b4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY7a/qucrmShTdkNHLiqRL4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwNDE0MDUwNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFlYWJhZWE4MDdhYzhkZDBkNDUxYmYwNWJiZWRjOWZhMzllZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzQ4IOwZbk3QU4GqM6Oa0uhtIUX5
CvutiwZ824+GQzolYIc7Q6keuCXcISehODkY5NVOLeOeHiG6vwVEZs+qi0yTRHq+
K7GyZ2waI3I6zvNO/M9ujLIUDFopFrYFc2h51uZYtQrUugJnrDzuUvJ+YOeFsTPn
nKIn7jyTsv055ph7ccDP/EHFPVP0zrUYaHHALeGlEEg3hxCpAeu5WuAUFuw1RBiy
l0DBPV7GexT9wt6MSqMbN0pj2C5CIhBfQvmzFF62zCEhyKUH9+q0Nph61fat7Ec/
H27tYkGuTgSAG9Y5NnBFQhNWXmp1W0qkLl+Xb+Msb6svAcveG1UCzl7fVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCKuq66oB6yN0NRRvwW77cn6Oe/1MB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvSXE2cnJxZ0hySTNRMUZHX0JidnR5Zm81N19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACfUxercqDNxOZ7O7Iu1
sDjWpYJKRCgXKQk1N/mkWok5qXPznqPdC1F4UUGXpKrsC6lLu2pgPVBz+vPPcb7+
n30OumwspMnqUKhJV26Roi1RVYv0Em9MH20XS1we6b7L3bqb4bEIpdD5bMuRZn1I
jwfulV+j1P4kZRV+xRz6Y0edE0zT6Si6bQ/lRgU3U5jHBn4UWaNp2FLafAevcvdV
Vsu4pL/V4WUURzlZ7w9DxQ9+q9jHBunkRPzZ/x9sbZ/fv7rmOQu1zFBsVmBulGND
uWlPrHp+993Z7ePfABcoZ/4ik3fuOVYxf0rY9++3GiXPlhFJlNqbGtHadwindeFU
Z7Q=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:47:16 2025 by rpki-client