Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/MKGcqfQgtpDxO-5YpG29-BGWGXM.roa
File:                     MKGcqfQgtpDxO-5YpG29-BGWGXM.roa (raw, json)
Hash identifier:          IF7FjH1tWE1/WY63RTqoqMa43yc+jO0TH+7RNqFRNlM=
Subject key identifier:   30:A1:9C:A9:F4:20:B6:90:F1:3B:EE:58:A4:6D:BD:F8:11:96:19:73
Certificate issuer:       /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial:       018D8D25694F20D8F64219B334622454CDD7
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/MKGcqfQgtpDxO-5YpG29-BGWGXM.roa
Signing time:             Fri 09 Feb 2024 09:14:15 +0000
ROA not before:           Fri 09 Feb 2024 09:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18d:4013:c01e/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8d:25:69:4f:20:d8:f6:42:19:b3:34:62:24:54:cd:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
        Validity
            Not Before: Feb  9 09:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30a19ca9f420b690f13bee58a46dbdf811961973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f3:ff:3c:96:5f:7a:6c:b2:2d:7a:65:33:4a:
                    75:76:c6:a9:13:2f:da:93:73:c4:94:1c:af:76:7e:
                    26:eb:29:65:6c:68:97:af:fc:7b:a5:a1:a8:14:ea:
                    12:a9:0f:e5:25:93:4d:a3:fe:e2:e6:ca:4f:fb:20:
                    0e:bc:5f:a1:32:38:a4:2e:cc:92:d6:76:40:5b:84:
                    df:0b:a9:dd:70:3f:eb:39:4b:90:12:cc:3d:6e:a3:
                    3b:46:e7:14:29:6e:8b:7b:e4:f1:7c:52:44:dd:65:
                    d3:dc:2c:ac:74:e2:56:61:5a:9b:a7:e4:80:9d:a3:
                    be:2c:1c:8a:9d:12:4f:da:2f:8e:98:c0:08:c6:e6:
                    c5:1e:a2:9c:b9:29:fc:8c:5f:8d:ab:f7:79:f1:27:
                    57:10:c7:9c:c5:26:fa:0e:64:50:19:b0:7b:48:6e:
                    5a:4e:16:af:d9:b8:ad:06:f9:a3:82:92:27:29:69:
                    7d:e0:bb:32:4a:93:84:85:6d:de:2e:71:b7:84:87:
                    b2:fa:eb:10:1c:a6:f7:5b:a6:7f:95:3b:3d:94:b8:
                    44:6c:cd:49:51:fb:ee:bb:de:1e:d1:9f:25:14:65:
                    2f:60:30:bc:e6:30:96:36:d5:0d:dd:65:cc:5c:c1:
                    e3:20:32:a6:2d:d6:e1:ca:db:84:0d:83:e2:38:ee:
                    67:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A1:9C:A9:F4:20:B6:90:F1:3B:EE:58:A4:6D:BD:F8:11:96:19:73
            X509v3 Authority Key Identifier:
                keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/MKGcqfQgtpDxO-5YpG29-BGWGXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:b1:06:bf:f1:10:01:37:d8:cf:f3:55:77:09:f2:3e:01:55:
         8f:00:a2:df:97:c9:9e:af:f5:29:4e:df:95:2f:58:af:e4:c6:
         e0:4d:7a:fb:c0:c6:3a:8f:5c:17:7e:67:47:0f:a2:ea:4f:69:
         0b:7c:52:73:83:01:79:f5:7c:e6:f0:85:ba:bc:dc:4c:87:54:
         03:bf:0d:77:6a:a4:42:0d:40:fe:8b:6c:86:90:06:45:55:b2:
         9b:db:77:2f:59:80:f2:68:53:dd:3e:73:31:f8:3e:6e:22:00:
         45:5c:f9:9c:6a:19:b2:65:cb:d4:04:7f:17:81:02:46:84:79:
         c1:81:bd:e7:fc:fb:bc:5e:c0:a0:41:a0:c7:66:03:6e:b8:53:
         8e:79:b8:8c:45:a8:8e:5c:08:52:1c:00:32:05:cb:cf:00:45:
         92:ab:de:d2:7a:a1:8e:bb:9d:5c:4e:a0:b8:20:15:bf:b9:3f:
         d5:8e:16:fa:54:c1:80:48:c6:2e:9b:32:4e:22:9b:ca:93:0f:
         17:b9:6b:0e:e7:8d:d0:de:26:a3:5f:4d:1c:ef:9c:da:18:46:
         9f:66:1f:f2:0a:03:93:e4:13:6f:98:b8:56:0f:2f:2a:2f:37:
         85:8c:b8:43:d3:29:8e:8a:63:a2:b3:59:b4:09:8d:7c:d1:e6:
         73:06:00:4d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2NJWlPINj2QhmzNGIkVM3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjA5MDkxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGExOWNhOWY0MjBiNjkwZjEzYmVlNThhNDZkYmRmODExOTYxOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/P/PJZfemyyLXplM0p1dsapEy/a
k3PElByvdn4m6yllbGiXr/x7paGoFOoSqQ/lJZNNo/7i5spP+yAOvF+hMjikLsyS
1nZAW4TfC6ndcD/rOUuQEsw9bqM7RucUKW6Le+TxfFJE3WXT3CysdOJWYVqbp+SA
naO+LByKnRJP2i+OmMAIxubFHqKcuSn8jF+Nq/d58SdXEMecxSb6DmRQGbB7SG5a
Thav2bitBvmjgpInKWl94LsySpOEhW3eLnG3hIey+usQHKb3W6Z/lTs9lLhEbM1J
Ufvuu94e0Z8lFGUvYDC85jCWNtUN3WXMXMHjIDKmLdbhytuEDYPiOO5nAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDChnKn0ILaQ8TvuWKRtvfgRlhlzMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvTUtHY3FmUWd0cER4Ty01WXBHMjktQkdXR1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB2xBr/xEAE32M/zVXcJ
8j4BVY8Aot+XyZ6v9SlO35UvWK/kxuBNevvAxjqPXBd+Z0cPoupPaQt8UnODAXn1
fObwhbq83EyHVAO/DXdqpEINQP6LbIaQBkVVspvbdy9ZgPJoU90+czH4Pm4iAEVc
+ZxqGbJly9QEfxeBAkaEecGBvef8+7xewKBBoMdmA264U455uIxFqI5cCFIcADIF
y88ARZKr3tJ6oY67nVxOoLggFb+5P9WOFvpUwYBIxi6bMk4im8qTDxe5aw7njdDe
JqNfTRzvnNoYRp9mH/IKA5PkE2+YuFYPLyovN4WMuEPTKY6KY6KzWbQJjXzR5nMG
AE0=
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:36:27 2025 by rpki-client