Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/UbXAfqhh2BnJFlyMkhk3BH5YeyQ.roa
File:                     UbXAfqhh2BnJFlyMkhk3BH5YeyQ.roa (raw, json)
Hash identifier:          RawqKWl5FzZsw29ck8rNZ/QROUYoIQUugEp2asxNAY0=
Subject key identifier:   51:B5:C0:7E:A8:61:D8:19:C9:16:5C:8C:92:19:37:04:7E:58:7B:24
Certificate issuer:       /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial:       018DF3AE411D3A77FE7F45322E0D3F92D0D5
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/UbXAfqhh2BnJFlyMkhk3BH5YeyQ.roa
Signing time:             Thu 29 Feb 2024 07:04:59 +0000
ROA not before:           Thu 29 Feb 2024 07:04:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
                          2001:67c:64:ffff:0:18d:e84f:370a/128 maxlen: 128
                          2001:67c:64:ffff:0:18d:f3ad:9ba4/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:ae:41:1d:3a:77:fe:7f:45:32:2e:0d:3f:92:d0:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
        Validity
            Not Before: Feb 29 07:04:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51b5c07ea861d819c9165c8c921937047e587b24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3a:50:31:b5:dc:9e:9e:81:80:3c:1c:f8:99:
                    ab:f5:03:2f:d8:1d:ae:6e:3d:ec:04:71:02:18:99:
                    8a:33:64:d8:68:b6:4c:13:fa:bd:6d:85:57:20:e6:
                    c3:f4:15:01:d6:e2:b1:a6:8b:36:ce:bd:0e:bd:3a:
                    a4:65:8e:ed:79:9f:2d:f7:81:ae:d3:dc:44:dd:8d:
                    56:dd:52:48:04:14:f7:60:57:da:11:e1:a2:46:f3:
                    67:60:14:f4:47:78:17:05:89:e3:b0:5f:65:42:f4:
                    55:d1:81:be:91:ad:ad:d8:ff:cd:4a:27:1b:ef:01:
                    bf:78:8c:a7:f2:75:88:de:56:6a:3d:1e:22:34:ad:
                    b2:6b:a0:e5:3f:2c:6f:4b:a5:fc:83:52:0b:e8:1e:
                    9f:df:9f:38:94:ab:08:01:8c:73:f9:04:89:ae:74:
                    76:df:9a:a5:cd:57:a9:eb:96:fd:0a:93:bf:49:a5:
                    f1:cf:bc:74:7b:bf:9b:60:8d:cb:25:4d:cd:6e:5c:
                    17:1d:f6:a7:e3:c8:fb:43:8c:d1:e0:38:c3:9b:e2:
                    4b:b2:b6:92:a6:ab:16:0a:d8:4b:31:b2:1d:96:aa:
                    fe:05:22:b0:96:0e:6c:ad:68:4b:72:84:6e:66:78:
                    c7:24:c6:cf:42:3e:48:8f:5d:90:ed:df:6b:44:b7:
                    49:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B5:C0:7E:A8:61:D8:19:C9:16:5C:8C:92:19:37:04:7E:58:7B:24
            X509v3 Authority Key Identifier:
                keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/UbXAfqhh2BnJFlyMkhk3BH5YeyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:f6:a9:b0:6e:c7:c0:d6:dc:59:85:7f:10:99:d0:8c:0b:a1:
         27:48:9c:5a:65:14:c3:fe:9f:4f:70:25:8c:dd:39:06:fb:42:
         94:5f:1e:62:b2:57:a1:39:b4:3d:fa:73:8b:7c:37:c6:0e:f0:
         d8:bf:bb:7b:7f:b0:7e:82:3b:d1:5a:02:28:c0:f1:27:6b:16:
         a8:f1:3e:86:1a:7a:68:8d:e7:ec:70:9e:63:9d:93:b0:5f:d6:
         0d:fc:f5:01:ca:9e:b2:ac:b6:47:b9:59:0c:44:35:9a:56:7a:
         05:38:91:76:dd:37:d8:bf:21:da:1a:32:3e:5d:69:6d:f7:22:
         9d:b7:af:f5:ed:f9:d7:26:86:1d:cd:2b:6c:27:7e:99:55:00:
         0c:19:2b:93:9a:af:86:37:b2:03:f0:87:c0:5b:76:91:57:cc:
         b4:84:50:00:0a:88:5f:2d:16:00:ab:4e:19:50:b5:b8:e1:97:
         bc:d7:18:67:a7:93:9a:9d:9e:e1:46:ce:0e:e7:ed:f6:df:a2:
         f8:50:66:d9:5f:f3:52:6c:d3:8d:e7:cf:c5:61:5f:0c:a2:51:
         07:28:da:cc:1b:8c:ff:80:93:b0:71:aa:70:05:82:3b:64:3f:
         2e:e5:db:9b:fd:b4:41:3a:13:d7:ca:25:5d:21:fa:7a:da:d1:
         ae:3f:29:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3zrkEdOnf+f0UyLg0/ktDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjI5MDcwNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI1YzA3ZWE4NjFkODE5YzkxNjVjOGM5MjE5MzcwNDdlNTg3YjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzpQMbXcnp6BgDwc+Jmr9QMv2B2u
bj3sBHECGJmKM2TYaLZME/q9bYVXIObD9BUB1uKxpos2zr0OvTqkZY7teZ8t94Gu
09xE3Y1W3VJIBBT3YFfaEeGiRvNnYBT0R3gXBYnjsF9lQvRV0YG+ka2t2P/NSicb
7wG/eIyn8nWI3lZqPR4iNK2ya6DlPyxvS6X8g1IL6B6f3584lKsIAYxz+QSJrnR2
35qlzVep65b9CpO/SaXxz7x0e7+bYI3LJU3NblwXHfan48j7Q4zR4DjDm+JLsraS
pqsWCthLMbIdlqr+BSKwlg5srWhLcoRuZnjHJMbPQj5Ij12Q7d9rRLdJ/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFG1wH6oYdgZyRZcjJIZNwR+WHskMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvVWJYQWZxaGgyQm5KRmx5TWtoazNCSDVZZXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKD2qbBux8DW3FmFfxCZ
0IwLoSdInFplFMP+n09wJYzdOQb7QpRfHmKyV6E5tD36c4t8N8YO8Ni/u3t/sH6C
O9FaAijA8SdrFqjxPoYaemiN5+xwnmOdk7Bf1g389QHKnrKstke5WQxENZpWegU4
kXbdN9i/IdoaMj5daW33Ip23r/Xt+dcmhh3NK2wnfplVAAwZK5Oar4Y3sgPwh8Bb
dpFXzLSEUAAKiF8tFgCrThlQtbjhl7zXGGenk5qdnuFGzg7n7fbfovhQZtlf81Js
043nz8VhXwyiUQco2swbjP+Ak7BxqnAFgjtkPy7l25v9tEE6E9fKJV0h+nra0a4/
Kdk=
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:26:43 2025 by rpki-client