Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/aIYFi3zuGJWhspxjjxzAkkeah0w.roa
File:                     aIYFi3zuGJWhspxjjxzAkkeah0w.roa (raw, json)
Hash identifier:          1s+9RjzX1KbOheyBSRyW4+ze2lUidZBTBxb3PRpNxSA=
Subject key identifier:   68:86:05:8B:7C:EE:18:95:A1:B2:9C:63:8F:1C:C0:92:47:9A:87:4C
Certificate issuer:       /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial:       018AE5C35D4EA2F8C171A96A117E282B064C
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/aIYFi3zuGJWhspxjjxzAkkeah0w.roa
Signing time:             Sat 30 Sep 2023 11:05:00 +0000
ROA not before:           Sat 30 Sep 2023 11:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:18a:e5c2:d310/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:e5:c3:5d:4e:a2:f8:c1:71:a9:6a:11:7e:28:2b:06:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
        Validity
            Not Before: Sep 30 11:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6886058b7cee1895a1b29c638f1cc092479a874c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e9:b9:b8:15:d0:20:3d:00:f7:41:e1:6f:28:
                    43:a0:b5:aa:7a:e0:50:a5:e5:90:da:3a:1d:d8:05:
                    f6:5d:e0:0a:50:16:2f:a5:97:65:2f:de:cc:7f:58:
                    15:f5:1b:4a:29:be:f9:85:71:b4:65:c4:b3:de:81:
                    f3:3e:b4:49:98:32:fc:60:d0:69:ad:3f:e1:ef:10:
                    cf:91:7c:62:45:b3:da:27:c3:67:6e:cf:dd:ec:32:
                    a1:27:5d:4c:29:0d:7b:41:1a:7a:53:91:57:02:29:
                    94:7f:20:3b:c6:21:8e:a5:c8:be:60:81:3e:2b:8e:
                    bf:32:0d:6b:0c:6a:3a:85:4b:c8:a7:24:b1:de:ed:
                    c4:e2:c8:66:83:17:f9:9f:ad:45:59:f5:67:a1:e8:
                    73:d9:32:d8:99:fa:20:21:c6:4d:e0:8c:ba:02:f4:
                    77:23:97:61:84:85:17:b2:58:d0:cc:6e:8f:8d:0d:
                    3a:32:73:b1:97:07:f9:58:5d:1f:a9:6d:15:14:2a:
                    41:6f:0b:46:76:aa:9e:75:55:31:88:32:57:2d:6c:
                    4f:09:db:0f:76:02:80:e1:0c:2a:b5:7a:6e:6c:78:
                    81:0e:16:50:b5:50:63:de:cc:ba:2d:fe:aa:84:ae:
                    31:c7:ff:17:25:02:4d:ea:a3:68:d2:9d:76:07:66:
                    98:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:86:05:8B:7C:EE:18:95:A1:B2:9C:63:8F:1C:C0:92:47:9A:87:4C
            X509v3 Authority Key Identifier:
                keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/aIYFi3zuGJWhspxjjxzAkkeah0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:b0:76:f1:1b:36:3d:ae:db:09:58:20:39:6f:82:67:52:f5:
         c9:a2:75:6b:f1:07:db:dd:ca:db:87:0c:28:2c:b6:d5:d0:5f:
         8e:46:9a:b3:2e:f6:a2:4b:cf:95:03:58:8b:f2:2c:1d:37:52:
         0b:8a:4c:e7:dd:b0:d9:c9:03:3a:aa:89:d4:ae:5b:52:0e:a8:
         fe:84:96:4d:e7:25:83:bb:07:e0:a6:c8:22:2a:0d:21:3a:27:
         15:2a:10:e8:d4:83:12:9e:00:8a:e4:50:26:88:f9:01:75:62:
         27:56:8f:dc:38:f4:9b:2d:1d:66:45:2f:bf:f7:81:c1:3e:a2:
         e8:54:8e:ec:d9:34:58:81:44:9b:46:f3:c9:68:df:4c:8e:6f:
         9f:f8:c2:d2:0e:28:fe:8a:56:07:5d:9c:49:15:c7:b2:1c:d1:
         50:ea:df:49:d8:1c:f1:ad:54:89:90:cb:ec:51:f3:d1:5d:7d:
         53:99:ea:ff:41:8c:49:c3:45:d7:4f:25:ad:76:1b:6a:cc:69:
         82:f6:0d:9a:e7:10:ae:f7:d9:fb:8a:d9:c8:71:94:e3:5e:0a:
         0d:09:e6:a8:af:4c:98:26:f4:13:b6:9c:94:cc:40:2a:0f:a9:
         ec:ba:39:9e:69:e1:bd:50:fc:80:73:38:57:37:99:bc:19:fe:
         8e:f1:1b:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYrlw11OovjBcalqEX4oKwZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMwOTMwMTEwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODg2MDU4YjdjZWUxODk1YTFiMjljNjM4ZjFjYzA5MjQ3OWE4NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOm5uBXQID0A90HhbyhDoLWqeuBQ
peWQ2jod2AX2XeAKUBYvpZdlL97Mf1gV9RtKKb75hXG0ZcSz3oHzPrRJmDL8YNBp
rT/h7xDPkXxiRbPaJ8Nnbs/d7DKhJ11MKQ17QRp6U5FXAimUfyA7xiGOpci+YIE+
K46/Mg1rDGo6hUvIpySx3u3E4shmgxf5n61FWfVnoehz2TLYmfogIcZN4Iy6AvR3
I5dhhIUXsljQzG6PjQ06MnOxlwf5WF0fqW0VFCpBbwtGdqqedVUxiDJXLWxPCdsP
dgKA4QwqtXpubHiBDhZQtVBj3sy6Lf6qhK4xx/8XJQJN6qNo0p12B2aYjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGiGBYt87hiVobKcY48cwJJHmodMMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvYUlZRmkzenVHSldoc3B4amp4ekFra2VhaDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACKwdvEbNj2u2wlYIDlv
gmdS9cmidWvxB9vdytuHDCgsttXQX45GmrMu9qJLz5UDWIvyLB03UguKTOfdsNnJ
AzqqidSuW1IOqP6Elk3nJYO7B+CmyCIqDSE6JxUqEOjUgxKeAIrkUCaI+QF1YidW
j9w49JstHWZFL7/3gcE+ouhUjuzZNFiBRJtG88lo30yOb5/4wtIOKP6KVgddnEkV
x7Ic0VDq30nYHPGtVImQy+xR89FdfVOZ6v9BjEnDRddPJa12G2rMaYL2DZrnEK73
2fuK2chxlONeCg0J5qivTJgm9BO2nJTMQCoPqey6OZ5p4b1Q/IBzOFc3mbwZ/o7x
Gzg=
-----END CERTIFICATE-----
Generated at Tue Jun 10 05:38:04 2025 by rpki-client