Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/nbOgGUvnkKBHBhjjjU-7tWf99Pw.roa
File:                     nbOgGUvnkKBHBhjjjU-7tWf99Pw.roa (raw, json)
Hash identifier:          Uikx1QwK0uDzX42CSTwdClu3b40CNN97sFHvoZeafrE=
Subject key identifier:   9D:B3:A0:19:4B:E7:90:A0:47:06:18:E3:8D:4F:BB:B5:67:FD:F4:FC
Certificate issuer:       /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial:       018B4624EB206E7F9EF8AEE5D2A75EE0C68D
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/nbOgGUvnkKBHBhjjjU-7tWf99Pw.roa
Signing time:             Thu 19 Oct 2023 04:15:06 +0000
ROA not before:           Thu 19 Oct 2023 04:15:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/96 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:46:24:eb:20:6e:7f:9e:f8:ae:e5:d2:a7:5e:e0:c6:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
        Validity
            Not Before: Oct 19 04:15:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9db3a0194be790a0470618e38d4fbbb567fdf4fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f5:ef:dd:b8:c8:f1:75:ca:7c:df:a7:e3:66:
                    2c:d4:47:57:0c:f2:97:7f:7c:2a:66:b5:0c:a8:8a:
                    b8:8a:70:45:50:25:e4:52:2c:b7:ad:43:7c:91:14:
                    44:6c:12:6e:55:f1:59:a8:b1:34:4d:cb:79:01:5e:
                    7c:99:bc:bd:d6:3c:0a:e0:4b:d8:52:0f:45:96:d7:
                    ff:f4:35:4d:f5:40:91:76:b6:dd:f5:a0:45:77:cb:
                    95:42:7c:28:f6:8f:fa:01:0b:e9:a9:c7:32:4b:bf:
                    26:5b:54:b1:a6:9f:32:a5:07:86:db:e9:c8:9f:c3:
                    49:de:08:ae:62:41:c0:db:91:96:cc:7c:a5:dc:4a:
                    11:4c:28:28:15:ef:1c:8b:d7:1a:cf:97:ac:fc:bf:
                    cb:b0:8b:29:88:b0:d8:2c:32:d8:a7:9c:8f:ee:56:
                    08:3e:24:89:20:9b:6e:27:d2:25:aa:f3:8a:1f:19:
                    15:1f:26:58:8b:a2:94:43:fb:71:42:7e:90:ba:68:
                    5b:9f:3d:2e:b0:e9:e3:ff:2a:61:f9:e2:98:b6:2f:
                    6e:ee:45:13:64:61:46:e6:de:04:9a:df:c3:69:30:
                    37:90:f6:23:1b:16:1c:32:48:d7:25:04:f2:02:b8:
                    51:42:c2:6f:d9:53:79:e0:7a:ca:3f:f0:64:55:a1:
                    9f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B3:A0:19:4B:E7:90:A0:47:06:18:E3:8D:4F:BB:B5:67:FD:F4:FC
            X509v3 Authority Key Identifier:
                keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/nbOgGUvnkKBHBhjjjU-7tWf99Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:87:85:9c:d6:87:06:4b:3c:57:8d:67:41:f5:dc:fa:2e:26:
         b3:0d:27:ae:39:48:29:10:f2:8c:2c:c2:92:11:7c:35:ef:de:
         f9:59:2f:ca:92:d6:08:1d:c9:80:6b:17:dd:d0:41:13:cd:02:
         df:88:42:bf:1d:8f:ae:52:1b:7e:f0:5b:96:cc:a9:3e:cc:c0:
         37:60:7a:e1:33:38:9c:6d:a8:a1:30:5d:7d:88:f7:8f:39:d5:
         2e:a4:c4:a3:71:75:3f:ca:5c:21:ce:e2:cb:68:c5:c7:dc:b3:
         43:28:a5:3e:4b:55:c6:d1:0b:d8:d6:29:66:b2:2f:2f:88:0f:
         c2:70:21:5d:e7:c9:ec:99:6a:fd:18:b1:ce:c4:03:12:a3:5e:
         47:ff:09:04:5e:0d:d8:36:48:97:fa:03:54:21:4d:b6:c4:d2:
         b6:a7:ee:42:a2:5b:83:ec:f2:67:a7:91:db:5b:29:e3:72:e7:
         7c:f7:08:2e:1b:12:78:28:b4:11:87:14:a2:cb:49:83:37:84:
         16:1b:b9:20:99:6d:00:fe:ea:8a:b1:60:36:4a:c2:b0:28:74:
         04:a4:87:21:c1:4e:83:8a:52:f1:bb:ce:de:08:df:37:bd:7d:
         ea:86:93:65:21:a4:26:fa:c7:f6:bc:38:3a:e9:32:58:87:1b:
         da:89:d6:47
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYtGJOsgbn+e+K7l0qde4MaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDE5MDQxNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGIzYTAxOTRiZTc5MGEwNDcwNjE4ZTM4ZDRmYmJiNTY3ZmRmNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/Xv3bjI8XXKfN+n42Ys1EdXDPKX
f3wqZrUMqIq4inBFUCXkUiy3rUN8kRREbBJuVfFZqLE0Tct5AV58mby91jwK4EvY
Ug9Fltf/9DVN9UCRdrbd9aBFd8uVQnwo9o/6AQvpqccyS78mW1Sxpp8ypQeG2+nI
n8NJ3giuYkHA25GWzHyl3EoRTCgoFe8ci9caz5es/L/LsIspiLDYLDLYp5yP7lYI
PiSJIJtuJ9IlqvOKHxkVHyZYi6KUQ/txQn6Qumhbnz0usOnj/yph+eKYti9u7kUT
ZGFG5t4Emt/DaTA3kPYjGxYcMkjXJQTyArhRQsJv2VN54HrKP/BkVaGfMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ2zoBlL55CgRwYY441Pu7Vn/fT8MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvbmJPZ0dVdm5rS0JIQmhqampVLTd0V2Y5OVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAMmHhZzWhwZLPFeNZ0H1
3PouJrMNJ645SCkQ8owswpIRfDXv3vlZL8qS1ggdyYBrF93QQRPNAt+IQr8dj65S
G37wW5bMqT7MwDdgeuEzOJxtqKEwXX2I94851S6kxKNxdT/KXCHO4stoxcfcs0Mo
pT5LVcbRC9jWKWayLy+ID8JwIV3nyeyZav0Ysc7EAxKjXkf/CQReDdg2SJf6A1Qh
TbbE0ran7kKiW4Ps8menkdtbKeNy53z3CC4bEngotBGHFKLLSYM3hBYbuSCZbQD+
6oqxYDZKwrAodASkhyHBToOKUvG7zt4I3ze9feqGk2UhpCb6x/a8ODrpMliHG9qJ
1kc=
-----END CERTIFICATE-----
Generated at Tue Jun 10 16:46:34 2025 by rpki-client