Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/3QUDeKE7yNgQmHJNVO-g-9mVj4o.roa
File:                     3QUDeKE7yNgQmHJNVO-g-9mVj4o.roa (raw, json)
Hash identifier:          pVQz96Zg1UqB0ZGK2z8e6eGc6vTCat1YgW+D9RqJ9KA=
Subject key identifier:   DD:05:03:78:A1:3B:C8:D8:10:98:72:4D:54:EF:A0:FB:D9:95:8F:8A
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       019424B3DFC23BCE13842DECD6411FDF2ECF
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/3QUDeKE7yNgQmHJNVO-g-9mVj4o.roa
Signing time:             Thu 02 Jan 2025 01:49:15 +0000
ROA not before:           Thu 02 Jan 2025 01:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4410
IP address blocks:        2a02:6a0:4ffe::/48 maxlen: 48
                          2a02:6a0:4fff::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:df:c2:3b:ce:13:84:2d:ec:d6:41:1f:df:2e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  2 01:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd050378a13bc8d81098724d54efa0fbd9958f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:00:65:42:72:48:f6:ad:69:99:ba:ab:67:e5:
                    a5:98:29:e0:23:a0:50:dc:60:d9:30:3c:24:e1:78:
                    90:b8:cd:72:08:35:8b:97:9c:d3:e7:dd:36:0c:91:
                    65:bd:28:bb:13:2c:b6:9d:dd:7c:7a:b4:db:82:2f:
                    2a:2a:be:1f:6b:8e:0a:64:f3:2f:bc:2c:5f:51:1d:
                    a2:1e:b9:d4:f4:70:f4:d3:90:82:b3:4d:de:5d:58:
                    47:3d:cd:53:22:9a:c1:ed:96:fe:f4:20:da:9f:72:
                    51:60:5c:15:ee:e4:3d:fd:ee:0a:48:8c:0f:f5:69:
                    bf:44:eb:ef:e6:cf:c2:b1:01:36:e0:73:e8:86:f1:
                    1e:44:a7:a8:a1:7d:09:19:47:ae:2e:fc:54:16:83:
                    ab:a9:ac:3c:f4:db:f1:0b:3d:5b:26:b0:72:37:ca:
                    a6:10:5f:fd:61:9e:f8:46:7b:88:96:06:bc:62:c0:
                    69:ad:99:8f:2d:e8:af:31:5c:61:fd:97:51:da:8c:
                    94:5f:5d:c5:80:bb:e8:86:07:f7:8e:60:7b:2b:c6:
                    a8:2a:4e:93:c6:b4:aa:9a:85:f9:43:10:9a:3e:2c:
                    b1:72:80:b2:6a:84:2d:bd:62:63:1f:a1:4f:ba:34:
                    34:88:c2:e6:a6:66:1d:71:18:6a:05:00:73:bc:4c:
                    7d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:05:03:78:A1:3B:C8:D8:10:98:72:4D:54:EF:A0:FB:D9:95:8F:8A
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/3QUDeKE7yNgQmHJNVO-g-9mVj4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:4ffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         59:0c:a7:7c:c0:a8:83:6f:96:13:2d:02:0b:cb:56:76:eb:c7:
         8b:b1:c8:8c:18:bb:de:ac:a0:e1:60:7a:ed:b9:cc:34:e9:9d:
         94:37:9f:a2:e5:a0:62:85:4d:90:63:4e:08:88:c3:ca:a1:ea:
         f0:09:a3:11:80:70:b8:1f:0d:37:49:d5:54:7c:eb:65:3e:99:
         05:f0:bc:93:e2:94:c6:94:6b:90:2b:9b:fb:5c:9d:0d:bd:3f:
         74:98:8f:9f:48:9f:4f:50:17:db:df:5f:07:ad:1c:b2:bf:4b:
         3f:bf:7f:1a:07:bb:d5:97:c0:a1:5c:8f:3a:32:a5:07:19:14:
         5a:0e:93:10:c8:fe:d4:19:6f:e5:fb:db:97:e9:d4:35:f8:df:
         9f:76:9e:f2:01:11:28:86:2c:f5:c9:b0:b7:05:c4:68:9b:df:
         37:99:b2:6e:5b:e4:54:54:46:3e:f1:35:d3:86:27:9d:37:d5:
         94:4e:6f:02:f3:48:84:83:d6:0d:ee:9e:b9:37:a5:80:69:cb:
         17:c0:39:19:2d:18:03:b2:9c:45:db:da:32:66:95:dc:f9:1a:
         d7:07:7b:71:40:a1:de:70:22:af:a3:2e:1c:63:29:e8:d0:1c:
         cb:bd:76:dc:32:61:38:d8:7f:b1:70:77:eb:a2:3a:82:08:e9:
         58:4c:da:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks9/CO84ThC3s1kEf3y7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjUwMTAyMDE0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDA1MDM3OGExM2JjOGQ4MTA5ODcyNGQ1NGVmYTBmYmQ5OTU4ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwBlQnJI9q1pmbqrZ+WlmCngI6BQ
3GDZMDwk4XiQuM1yCDWLl5zT5902DJFlvSi7Eyy2nd18erTbgi8qKr4fa44KZPMv
vCxfUR2iHrnU9HD005CCs03eXVhHPc1TIprB7Zb+9CDan3JRYFwV7uQ9/e4KSIwP
9Wm/ROvv5s/CsQE24HPohvEeRKeooX0JGUeuLvxUFoOrqaw89NvxCz1bJrByN8qm
EF/9YZ74RnuIlga8YsBprZmPLeivMVxh/ZdR2oyUX13FgLvohgf3jmB7K8aoKk6T
xrSqmoX5QxCaPiyxcoCyaoQtvWJjH6FPujQ0iMLmpmYdcRhqBQBzvEx9pQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN0FA3ihO8jYEJhyTVTvoPvZlY+KMB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvM1FVRGVLRTd5TmdRbUhKTlZPLWctOW1WajRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoE/+
MA0GCSqGSIb3DQEBCwUAA4IBAQBZDKd8wKiDb5YTLQILy1Z268eLsciMGLverKDh
YHrtucw06Z2UN5+i5aBihU2QY04IiMPKoerwCaMRgHC4Hw03SdVUfOtlPpkF8LyT
4pTGlGuQK5v7XJ0NvT90mI+fSJ9PUBfb318HrRyyv0s/v38aB7vVl8ChXI86MqUH
GRRaDpMQyP7UGW/l+9uX6dQ1+N+fdp7yAREohiz1ybC3BcRom983mbJuW+RUVEY+
8TXThiedN9WUTm8C80iEg9YN7p65N6WAacsXwDkZLRgDspxF29oyZpXc+RrXB3tx
QKHecCKvoy4cYyno0BzLvXbcMmE42H+xcHfrojqCCOlYTNqt
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:42:17 2025 by rpki-client