Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/RIaEcNNsdwbpO0wB0kBBeN2MFZg.roa
File:                     RIaEcNNsdwbpO0wB0kBBeN2MFZg.roa (raw, json)
Hash identifier:          43P6XQeRF4xWKBtDTsNfAYYMn25tVIUHMhgftrbXCAQ=
Subject key identifier:   44:86:84:70:D3:6C:77:06:E9:3B:4C:01:D2:40:41:78:DD:8C:15:98
Certificate issuer:       /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial:       018CD1936A6F7C91D786896359B8EC7A9866
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/RIaEcNNsdwbpO0wB0kBBeN2MFZg.roa
Signing time:             Wed 03 Jan 2024 23:05:48 +0000
ROA not before:           Wed 03 Jan 2024 23:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18c:d192:b4ca/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:93:6a:6f:7c:91:d7:86:89:63:59:b8:ec:7a:98:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
        Validity
            Not Before: Jan  3 23:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44868470d36c7706e93b4c01d2404178dd8c1598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ff:8b:2b:98:00:42:cf:d1:25:f5:48:0e:e0:
                    81:fd:4e:fc:d3:f4:5c:03:b2:54:ee:99:a5:f1:9a:
                    bb:d3:19:e4:fa:c2:3b:a7:88:89:6f:54:4b:7b:93:
                    28:d7:92:22:e5:60:e1:dc:09:52:38:a5:c6:e7:83:
                    a8:24:13:b3:a4:99:ae:42:98:44:f5:8b:7c:46:23:
                    f1:87:cb:7b:7d:57:81:23:8e:51:8d:38:38:da:26:
                    2b:3b:53:72:28:24:55:12:bc:b7:1d:d9:1e:dd:ed:
                    a7:c7:08:ea:a1:80:13:17:d8:b0:53:67:b0:af:14:
                    d2:25:fa:8b:33:64:8f:f3:9a:9a:77:70:e8:28:b4:
                    c2:4d:fc:33:b0:a9:36:6b:e4:75:e7:f9:9e:21:92:
                    6e:77:11:aa:be:b5:1c:d1:13:bb:6f:46:1a:22:9d:
                    f5:aa:37:11:e2:e7:cf:d4:93:ef:64:aa:a2:e2:6d:
                    8e:69:fc:e3:6f:de:d3:98:bb:43:17:04:b6:6a:e9:
                    64:14:46:8d:15:e1:0e:f1:3f:e3:00:6b:02:98:f2:
                    59:e6:9f:a8:b7:b1:c9:21:50:df:c1:24:b6:67:93:
                    a4:1b:43:a5:8c:13:df:9b:d0:2b:ad:44:5f:18:32:
                    56:d3:60:6e:a5:0c:3b:cc:9c:a7:c5:7c:19:15:4d:
                    3f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:86:84:70:D3:6C:77:06:E9:3B:4C:01:D2:40:41:78:DD:8C:15:98
            X509v3 Authority Key Identifier:
                keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/RIaEcNNsdwbpO0wB0kBBeN2MFZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:1e:2e:80:eb:f3:9c:ef:09:48:75:ea:eb:a6:ff:c5:de:1f:
         8f:d5:6f:bc:41:5d:3f:03:c7:37:ba:7c:9f:03:bc:70:45:47:
         d6:c0:86:e3:7d:02:bc:b3:ad:6e:91:65:63:1c:70:15:be:dd:
         f4:cc:a6:47:fd:98:cb:d7:da:e0:6a:85:0d:0d:c2:42:92:5d:
         04:0e:1f:71:c1:89:78:e5:2a:05:ad:01:3d:ae:81:a6:33:88:
         b9:b6:f7:3d:4d:2f:c6:20:57:ce:e8:08:98:d5:f1:ff:55:75:
         69:c5:ec:9c:94:47:9b:46:b9:8d:be:18:ed:41:64:0b:b8:50:
         9a:69:d3:45:92:15:4c:84:03:a2:59:50:9a:7d:70:bf:e2:6f:
         db:e5:fb:a8:bb:78:b1:01:f5:66:ba:a7:1e:e1:06:8d:74:7e:
         18:1a:6c:62:d3:30:0b:0d:55:4d:f7:5a:b9:73:9a:3e:ef:15:
         ac:8e:18:e6:ad:76:7c:e4:fe:a7:e6:0c:87:c8:1f:88:0d:5a:
         65:3d:38:bf:24:34:a1:16:f1:2a:7f:47:57:26:1c:af:ea:f8:
         27:2b:54:3c:18:b5:4c:c8:11:b8:63:ba:b5:31:4b:22:00:7a:
         68:f8:88:aa:2a:f4:73:53:ac:b9:30:24:77:5b:0e:11:8e:fe:
         d8:6a:3d:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzRk2pvfJHXholjWbjsephmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMTAzMjMwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg2ODQ3MGQzNmM3NzA2ZTkzYjRjMDFkMjQwNDE3OGRkOGMxNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnP+LK5gAQs/RJfVIDuCB/U780/Rc
A7JU7pml8Zq70xnk+sI7p4iJb1RLe5Mo15Ii5WDh3AlSOKXG54OoJBOzpJmuQphE
9Yt8RiPxh8t7fVeBI45RjTg42iYrO1NyKCRVEry3Hdke3e2nxwjqoYATF9iwU2ew
rxTSJfqLM2SP85qad3DoKLTCTfwzsKk2a+R15/meIZJudxGqvrUc0RO7b0YaIp31
qjcR4ufP1JPvZKqi4m2Oafzjb97TmLtDFwS2aulkFEaNFeEO8T/jAGsCmPJZ5p+o
t7HJIVDfwSS2Z5OkG0OljBPfm9ArrURfGDJW02BupQw7zJynxXwZFU0/nwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFESGhHDTbHcG6TtMAdJAQXjdjBWYMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvUklhRWNOTnNkd2JwTzB3QjBrQkJlTjJNRlpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH8eLoDr85zvCUh16uum
/8XeH4/Vb7xBXT8Dxze6fJ8DvHBFR9bAhuN9AryzrW6RZWMccBW+3fTMpkf9mMvX
2uBqhQ0NwkKSXQQOH3HBiXjlKgWtAT2ugaYziLm29z1NL8YgV87oCJjV8f9VdWnF
7JyUR5tGuY2+GO1BZAu4UJpp00WSFUyEA6JZUJp9cL/ib9vl+6i7eLEB9Wa6px7h
Bo10fhgabGLTMAsNVU33Wrlzmj7vFayOGOatdnzk/qfmDIfIH4gNWmU9OL8kNKEW
8Sp/R1cmHK/q+CcrVDwYtUzIEbhjurUxSyIAemj4iKoq9HNTrLkwJHdbDhGO/thq
PS8=
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:57:27 2025 by rpki-client