Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/_D8xxyK731ZHfOMxDoAnm59stxc.roa
File:                     _D8xxyK731ZHfOMxDoAnm59stxc.roa (raw, json)
Hash identifier:          wmmIWQSQ7EfftjG5PVkukqkY/UPH6fAeUGcU8KfoRVo=
Subject key identifier:   FC:3F:31:C7:22:BB:DF:56:47:7C:E3:31:0E:80:27:9B:9F:6C:B7:17
Certificate issuer:       /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial:       018DAF0FF2C02F835D666585CACEF886DD25
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/_D8xxyK731ZHfOMxDoAnm59stxc.roa
Signing time:             Thu 15 Feb 2024 23:17:54 +0000
ROA not before:           Thu 15 Feb 2024 23:17:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18d:4013:c01e/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:af:0f:f2:c0:2f:83:5d:66:65:85:ca:ce:f8:86:dd:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
        Validity
            Not Before: Feb 15 23:17:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc3f31c722bbdf56477ce3310e80279b9f6cb717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b6:33:35:e3:31:fe:7b:d2:b1:a0:f7:62:c3:
                    53:e7:42:de:8d:c9:ca:ce:88:08:d1:e0:2d:f2:d0:
                    1d:3f:35:43:37:c2:38:6c:a5:99:60:7e:88:f0:fe:
                    91:60:ef:bd:29:7c:6e:e0:a7:bf:7c:1d:7b:d9:2c:
                    8b:20:de:ab:de:eb:c3:2d:eb:0c:35:fb:b4:aa:bc:
                    8a:a3:7d:30:ef:69:d0:e9:d7:ca:e2:dd:fe:11:5e:
                    70:25:fb:50:fd:e1:be:64:a8:b4:41:04:18:bb:2f:
                    c3:4c:48:66:5e:fa:59:9f:e5:5a:17:75:a2:9d:00:
                    ba:5c:9f:da:6b:61:3e:08:05:5c:a0:c1:5f:57:67:
                    29:80:88:ae:53:10:bd:96:66:8d:c2:6e:06:41:e8:
                    4a:42:a8:91:81:db:1e:bc:e3:5b:a0:a8:43:6b:1f:
                    1a:25:c6:3c:4a:ce:6d:5a:05:3c:3a:1f:9d:ee:11:
                    6d:b0:f1:cd:e8:8c:90:57:be:b8:0d:e9:4c:6a:cf:
                    56:b8:c0:3e:f7:46:ab:62:17:5f:74:e7:57:e7:25:
                    13:6e:39:bc:fe:f4:28:e5:81:95:90:32:ec:1d:23:
                    d7:a2:7f:cf:06:7c:f6:88:e0:2e:6f:10:69:9f:31:
                    cf:f2:8b:0e:41:7f:65:36:9d:7f:2b:64:f1:a6:00:
                    58:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:3F:31:C7:22:BB:DF:56:47:7C:E3:31:0E:80:27:9B:9F:6C:B7:17
            X509v3 Authority Key Identifier:
                keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/_D8xxyK731ZHfOMxDoAnm59stxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:ff:91:19:12:f7:d8:90:a1:d2:a8:60:2e:82:5e:a4:29:80:
         b8:5a:fd:d6:96:97:a3:bf:6c:7e:9c:d6:db:1b:70:75:aa:a4:
         50:22:25:0d:ec:62:4e:f1:d2:07:1f:4f:b0:11:da:80:c2:aa:
         cb:51:b2:69:f4:a2:7e:b3:a4:16:e0:c6:60:2a:52:b3:0a:f6:
         b1:84:7f:95:03:a5:8d:1c:85:23:72:2b:d0:96:1f:ce:46:a9:
         49:1d:86:d6:20:52:52:75:5e:45:93:da:eb:39:11:27:56:a8:
         76:fc:d2:52:b3:73:2f:24:1f:50:bb:33:25:d2:fa:6e:5c:f4:
         fe:7f:97:44:14:ef:7a:16:fa:90:70:7b:bb:85:39:27:5c:4d:
         55:d5:b1:a3:34:9d:f1:ff:b9:a9:fb:89:df:5d:b4:56:54:f9:
         ac:bf:9d:99:0d:ff:18:3f:10:2a:fe:ee:66:8f:c9:d2:d3:15:
         f9:55:d2:49:02:f8:75:cd:07:db:5f:23:5b:fd:3a:eb:d1:01:
         a9:5b:38:b7:60:d7:e3:65:d4:ce:1b:60:b6:81:61:b1:3f:06:
         4d:a6:16:f4:91:57:a2:9e:b4:00:48:e6:0a:e2:52:29:c7:fb:
         de:97:89:5b:e2:4b:bd:0b:5c:d3:28:59:b3:ba:bd:26:79:7c:
         59:2a:4b:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2vD/LAL4NdZmWFys74ht0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjE1MjMxNzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzNmMzFjNzIyYmJkZjU2NDc3Y2UzMzEwZTgwMjc5YjlmNmNiNzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbYzNeMx/nvSsaD3YsNT50LejcnK
zogI0eAt8tAdPzVDN8I4bKWZYH6I8P6RYO+9KXxu4Ke/fB172SyLIN6r3uvDLesM
Nfu0qryKo30w72nQ6dfK4t3+EV5wJftQ/eG+ZKi0QQQYuy/DTEhmXvpZn+VaF3Wi
nQC6XJ/aa2E+CAVcoMFfV2cpgIiuUxC9lmaNwm4GQehKQqiRgdsevONboKhDax8a
JcY8Ss5tWgU8Oh+d7hFtsPHN6IyQV764DelMas9WuMA+90arYhdfdOdX5yUTbjm8
/vQo5YGVkDLsHSPXon/PBnz2iOAubxBpnzHP8osOQX9lNp1/K2TxpgBYiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPw/Mcciu99WR3zjMQ6AJ5ufbLcXMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvX0Q4eHh5SzczMVpIZk9NeERvQW5tNTlzdHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH//kRkS99iQodKoYC6C
XqQpgLha/daWl6O/bH6c1tsbcHWqpFAiJQ3sYk7x0gcfT7AR2oDCqstRsmn0on6z
pBbgxmAqUrMK9rGEf5UDpY0chSNyK9CWH85GqUkdhtYgUlJ1XkWT2us5ESdWqHb8
0lKzcy8kH1C7MyXS+m5c9P5/l0QU73oW+pBwe7uFOSdcTVXVsaM0nfH/uan7id9d
tFZU+ay/nZkN/xg/ECr+7maPydLTFflV0kkC+HXNB9tfI1v9OuvRAalbOLdg1+Nl
1M4bYLaBYbE/Bk2mFvSRV6KetABI5griUinH+96XiVviS70LXNMoWbO6vSZ5fFkq
S/o=
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:45:29 2025 by rpki-client