Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/USDR-3S3Ht8uHMQ4E3_c_aswiFo.roa
File:                     USDR-3S3Ht8uHMQ4E3_c_aswiFo.roa (raw, json)
Hash identifier:          V2Oob57cuCUs4jtdyHi3fUFQvcz8PYQW8jqX4krUZXU=
Subject key identifier:   51:20:D1:FB:74:B7:1E:DF:2E:1C:C4:38:13:7F:DC:FD:AB:30:88:5A
Certificate issuer:       /CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
Certificate serial:       019420D5ADD1B29AC930529D5F8B47B4A620
Authority key identifier: 48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/USDR-3S3Ht8uHMQ4E3_c_aswiFo.roa
Signing time:             Wed 01 Jan 2025 07:47:42 +0000
ROA not before:           Wed 01 Jan 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48674
IP address blocks:        91.211.176.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ad:d1:b2:9a:c9:30:52:9d:5f:8b:47:b4:a6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
        Validity
            Not Before: Jan  1 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5120d1fb74b71edf2e1cc438137fdcfdab30885a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fb:d3:95:4d:56:1f:89:2a:45:df:aa:72:0a:
                    e8:78:46:d5:85:6a:8b:c7:ca:27:6c:69:58:58:1b:
                    9f:49:72:f5:f7:99:fe:d7:f8:04:b4:43:22:0d:9a:
                    2f:aa:48:c6:8a:5e:e3:81:ab:a3:86:7b:4c:bd:42:
                    c9:b9:a4:0e:48:a6:4c:b3:82:4a:d9:70:44:eb:b1:
                    e9:74:ed:ff:b2:fe:ed:8d:eb:a7:b7:f8:df:3b:03:
                    55:ea:54:49:b0:13:be:f4:2e:a0:d4:8b:8e:e0:bb:
                    b9:16:a4:73:ef:5e:4b:31:b5:63:44:9d:bc:62:1a:
                    06:7f:95:99:90:df:bc:66:0b:b3:68:7c:ac:41:07:
                    54:02:d0:37:39:3b:a3:89:48:d5:bc:fa:32:0e:99:
                    a2:58:dc:9a:91:7f:3a:8b:4b:ae:4e:3c:95:43:94:
                    dc:2e:72:92:5b:7f:2e:e0:89:ac:74:ea:c6:e5:06:
                    a0:ef:05:10:da:f8:dc:43:5e:93:82:ff:9b:fb:30:
                    dd:d7:28:e3:89:40:e1:90:e1:9c:b7:6a:d7:8a:de:
                    c4:f5:fa:f6:90:2d:9a:c6:18:a3:86:69:51:f8:9d:
                    4a:d0:e7:37:06:1f:bc:89:62:14:79:5c:cf:fc:9a:
                    6d:2e:83:1c:01:67:8a:27:37:15:52:5e:b9:94:56:
                    c5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:20:D1:FB:74:B7:1E:DF:2E:1C:C4:38:13:7F:DC:FD:AB:30:88:5A
            X509v3 Authority Key Identifier:
                keyid:48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/USDR-3S3Ht8uHMQ4E3_c_aswiFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:d5:f0:77:63:80:b4:98:04:be:7f:f3:5d:f4:5c:e0:ac:ae:
         0b:25:5b:fe:7d:e6:6a:16:2f:4e:f9:61:b6:59:e3:01:30:5a:
         8c:2f:0e:80:2a:9c:fd:1a:f5:ff:e7:f3:9b:c1:10:94:17:eb:
         db:73:df:fc:76:c4:a6:72:2d:56:ba:9a:ac:eb:bc:1d:b0:70:
         12:a1:6b:a2:8e:89:ca:ad:71:b1:33:e5:1a:aa:bb:d4:5e:e0:
         18:33:19:3e:a4:15:05:bd:ef:bf:1c:4f:34:dc:a1:6c:11:3c:
         f9:01:d2:06:29:11:29:a1:59:71:5b:3d:82:e8:0e:87:3e:e4:
         96:6a:d4:2d:d1:34:00:8b:94:b8:fc:90:b7:3f:fd:a9:b9:89:
         6a:ff:ae:57:f6:f1:35:24:b5:f9:8e:ea:36:d5:f7:4a:0d:44:
         dd:3e:7c:9a:94:0e:21:35:12:ee:c3:1a:27:7a:00:0a:a6:d4:
         10:85:ee:81:c9:49:3d:20:95:af:19:a4:e0:8b:7b:13:de:30:
         71:9b:51:78:82:2a:d5:6f:27:af:a4:ef:e5:48:b3:ca:5b:55:
         67:ee:b7:03:b7:e3:be:7f:ce:c4:81:67:aa:99:a7:89:ec:da:
         3e:c2:b8:59:59:78:e2:b9:56:76:34:09:0d:01:fb:f1:f6:77:
         05:6b:cc:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1a3RsprJMFKdX4tHtKYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGI0ZTY1MzBmNThkYjMzOGU0MWQ0MzRlNWMyNDhlYjhi
NDllYjUwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTIwZDFmYjc0YjcxZWRmMmUxY2M0MzgxMzdmZGNmZGFiMzA4ODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/vTlU1WH4kqRd+qcgroeEbVhWqL
x8onbGlYWBufSXL195n+1/gEtEMiDZovqkjGil7jgaujhntMvULJuaQOSKZMs4JK
2XBE67HpdO3/sv7tjeunt/jfOwNV6lRJsBO+9C6g1IuO4Lu5FqRz715LMbVjRJ28
YhoGf5WZkN+8ZguzaHysQQdUAtA3OTujiUjVvPoyDpmiWNyakX86i0uuTjyVQ5Tc
LnKSW38u4ImsdOrG5Qag7wUQ2vjcQ16Tgv+b+zDd1yjjiUDhkOGct2rXit7E9fr2
kC2axhijhmlR+J1K0Oc3Bh+8iWIUeVzP/JptLoMcAWeKJzcVUl65lFbFjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEg0ft0tx7fLhzEOBN/3P2rMIhaMB8GA1UdIwQY
MBaAFEgLTmUw9Y2zOOQdQ05cJI64tJ61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQt
NWE0ZGY4OTZmYzNlLzEvVVNEUi0zUzNIdDh1SE1RNEUzX2NfYXN3aUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQtNWE0ZGY4OTZmYzNl
LzEvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9OwMA0G
CSqGSIb3DQEBCwUAA4IBAQDZ1fB3Y4C0mAS+f/Nd9FzgrK4LJVv+feZqFi9O+WG2
WeMBMFqMLw6AKpz9GvX/5/ObwRCUF+vbc9/8dsSmci1Wupqs67wdsHASoWuijonK
rXGxM+UaqrvUXuAYMxk+pBUFve+/HE803KFsETz5AdIGKREpoVlxWz2C6A6HPuSW
atQt0TQAi5S4/JC3P/2puYlq/65X9vE1JLX5juo21fdKDUTdPnyalA4hNRLuwxon
egAKptQQhe6ByUk9IJWvGaTgi3sT3jBxm1F4girVbyevpO/lSLPKW1Vn7rcDt+O+
f87EgWeqmaeJ7No+wrhZWXjiuVZ2NAkNAfvx9ncFa8zs
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:39:09 2025 by rpki-client