Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/_2-264jhn6GMpIOs0uduS1q9LbI.roa
File:                     _2-264jhn6GMpIOs0uduS1q9LbI.roa (raw, json)
Hash identifier:          oko5QZy2nUX9CDivCvde1hAHdFjNZFGdEE5yemuRkCg=
Subject key identifier:   FF:6F:B6:EB:88:E1:9F:A1:8C:A4:83:AC:D2:E7:6E:4B:5A:BD:2D:B2
Certificate issuer:       /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial:       018DD8AEC34D61FF07C5C9289ECE177F25B7
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/_2-264jhn6GMpIOs0uduS1q9LbI.roa
Signing time:             Sat 24 Feb 2024 01:15:48 +0000
ROA not before:           Sat 24 Feb 2024 01:15:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d8:ae:c3:4d:61:ff:07:c5:c9:28:9e:ce:17:7f:25:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
        Validity
            Not Before: Feb 24 01:15:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff6fb6eb88e19fa18ca483acd2e76e4b5abd2db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a6:61:fb:72:0d:3e:78:22:b3:aa:2e:f6:59:
                    89:f6:3e:0f:16:de:94:85:fa:7d:0e:4a:92:a1:55:
                    15:7b:84:cf:50:5e:c6:dc:d3:49:42:fc:1b:38:c6:
                    e8:ce:53:ef:68:42:6b:3e:b9:67:8c:91:69:9c:06:
                    f5:32:00:e1:cc:70:cb:1a:c7:66:a6:fa:a8:11:6c:
                    64:82:f3:b8:68:96:ba:b7:96:d7:80:be:82:a4:af:
                    32:eb:9c:7c:09:81:f4:de:8c:00:dd:63:98:f8:c0:
                    0c:76:ee:d0:73:63:35:9a:de:b0:00:8d:6e:da:af:
                    9f:60:fb:30:1f:76:8b:bc:bc:1b:bc:93:7d:25:c0:
                    7f:1e:76:96:1a:c5:bd:c4:3e:fd:87:5b:f1:67:9e:
                    42:fc:f8:5f:bd:5d:2a:c4:ca:2c:fc:49:36:67:16:
                    3d:66:62:74:de:42:71:c6:47:ca:84:37:aa:a0:de:
                    8d:7e:ea:78:35:33:83:b2:ba:27:97:35:7d:85:95:
                    7b:97:00:85:a3:cf:fe:f1:f6:b0:2b:84:c9:1b:21:
                    d6:fe:ce:59:16:f5:cf:c0:79:3e:d2:0b:26:b8:fe:
                    04:18:ad:e5:49:77:c6:4c:e3:10:11:18:85:54:31:
                    d1:a7:af:1f:93:73:55:39:10:f5:2f:8d:df:1c:76:
                    b7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:6F:B6:EB:88:E1:9F:A1:8C:A4:83:AC:D2:E7:6E:4B:5A:BD:2D:B2
            X509v3 Authority Key Identifier:
                keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/_2-264jhn6GMpIOs0uduS1q9LbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:6f:0a:4b:2f:9d:99:3f:39:4f:36:b1:07:f1:7d:3e:eb:85:
         1c:08:67:5b:08:f8:15:f4:3a:fd:59:50:35:be:02:68:3e:58:
         c9:7e:48:20:cf:a3:9c:25:be:a6:93:9d:fd:a5:dc:be:73:b5:
         e8:45:22:82:b4:f8:f6:31:91:16:ba:81:ad:da:ca:5c:2d:fe:
         b7:b1:66:99:3d:b5:2b:1c:12:88:78:de:3f:53:ed:0c:9d:85:
         a9:c9:e1:66:aa:b7:69:4c:a8:68:7f:08:24:8a:f0:5e:50:7f:
         ca:61:63:ec:be:56:f5:be:8c:73:35:62:a6:5b:12:08:aa:70:
         8e:30:d1:7e:66:fa:83:18:a4:33:4a:45:d5:92:17:0a:17:66:
         37:ee:72:43:4c:a2:50:f6:23:7b:e8:36:6d:35:3b:80:74:72:
         11:b0:24:2d:aa:22:e5:f0:82:14:5f:e8:41:95:51:74:2a:4d:
         71:a0:07:cb:12:84:d4:5f:4d:ad:31:90:5c:d2:82:9b:84:c8:
         07:74:2c:03:c6:06:af:90:36:56:41:cd:ef:1d:6c:34:c9:a6:
         bc:87:ab:62:bf:6a:f2:82:5b:5f:4a:22:7c:78:00:1d:36:ed:
         37:51:8b:f1:41:5a:9d:2f:a2:7b:a2:0f:98:a0:8c:67:4a:be:
         ef:a3:3f:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3YrsNNYf8Hxckons4XfyW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjI0MDExNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjZmYjZlYjg4ZTE5ZmExOGNhNDgzYWNkMmU3NmU0YjVhYmQyZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZh+3INPngis6ou9lmJ9j4PFt6U
hfp9DkqSoVUVe4TPUF7G3NNJQvwbOMbozlPvaEJrPrlnjJFpnAb1MgDhzHDLGsdm
pvqoEWxkgvO4aJa6t5bXgL6CpK8y65x8CYH03owA3WOY+MAMdu7Qc2M1mt6wAI1u
2q+fYPswH3aLvLwbvJN9JcB/HnaWGsW9xD79h1vxZ55C/PhfvV0qxMos/Ek2ZxY9
ZmJ03kJxxkfKhDeqoN6Nfup4NTODsronlzV9hZV7lwCFo8/+8fawK4TJGyHW/s5Z
FvXPwHk+0gsmuP4EGK3lSXfGTOMQERiFVDHRp68fk3NVORD1L43fHHa3AQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP9vtuuI4Z+hjKSDrNLnbktavS2yMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvXzItMjY0amhuNkdNcElPczB1ZHVTMXE5TGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ1vCksvnZk/OU82sQfx
fT7rhRwIZ1sI+BX0Ov1ZUDW+Amg+WMl+SCDPo5wlvqaTnf2l3L5ztehFIoK0+PYx
kRa6ga3aylwt/rexZpk9tSscEoh43j9T7QydhanJ4Waqt2lMqGh/CCSK8F5Qf8ph
Y+y+VvW+jHM1YqZbEgiqcI4w0X5m+oMYpDNKRdWSFwoXZjfuckNMolD2I3voNm01
O4B0chGwJC2qIuXwghRf6EGVUXQqTXGgB8sShNRfTa0xkFzSgpuEyAd0LAPGBq+Q
NlZBze8dbDTJpryHq2K/avKCW19KInx4AB027TdRi/FBWp0vonuiD5igjGdKvu+j
P9I=
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:46:11 2025 by rpki-client