Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/olX5N2ynkWMmnOMcanu8YBM9Pz8.roa
File:                     olX5N2ynkWMmnOMcanu8YBM9Pz8.roa (raw, json)
Hash identifier:          IPJb79HI1tGgyHxaXFcTcCM91Ml6Y4lEbVY/nsuGdyk=
Subject key identifier:   A2:55:F9:37:6C:A7:91:63:26:9C:E3:1C:6A:7B:BC:60:13:3D:3F:3F
Certificate issuer:       /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial:       018ABFFFF4BD6942FF7316CCB3E1018BE477
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/olX5N2ynkWMmnOMcanu8YBM9Pz8.roa
Signing time:             Sat 23 Sep 2023 03:05:37 +0000
ROA not before:           Sat 23 Sep 2023 03:05:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:18a:bfff:338b/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:bf:ff:f4:bd:69:42:ff:73:16:cc:b3:e1:01:8b:e4:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
        Validity
            Not Before: Sep 23 03:05:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a255f9376ca79163269ce31c6a7bbc60133d3f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e3:88:f0:c8:93:fb:d0:59:fd:80:8b:94:ac:
                    ef:53:9a:a1:8c:5a:72:34:85:4b:ed:98:d8:56:91:
                    3c:87:b2:14:25:f3:f6:00:9a:f2:c7:9a:36:db:4a:
                    72:4f:29:52:21:ea:fb:e2:89:1f:42:48:77:68:72:
                    e8:b3:62:8c:af:04:da:f1:11:5c:50:af:cf:9d:b1:
                    a3:ae:d7:cf:72:c1:14:19:1d:00:06:3e:ef:0c:78:
                    a4:34:8e:3f:f2:fb:d3:26:59:1e:28:45:64:7e:c7:
                    6e:d4:3e:2a:04:45:b8:1f:5e:6d:1e:b7:fa:de:8e:
                    19:25:f3:8b:dc:e9:0e:8b:71:3b:24:95:dc:03:bf:
                    e6:9f:7a:2e:bf:69:2b:9e:9b:ae:e0:f5:46:e7:42:
                    91:2c:67:72:29:98:3c:f0:57:70:5c:55:0c:21:b3:
                    6f:b2:5f:fd:3f:83:5d:52:ce:b1:98:a9:c2:5e:4a:
                    00:0c:ed:b8:7f:1a:ee:e1:72:e2:c6:76:29:71:4f:
                    a4:e8:2d:b7:14:1f:26:cf:84:33:75:b0:5f:10:5a:
                    e4:9a:dd:0f:31:f5:80:83:07:d7:47:0b:da:de:4a:
                    9c:da:94:7e:ea:10:d2:ee:cf:83:f7:0e:bb:49:1c:
                    27:d7:5d:af:41:2f:5a:33:2e:51:1b:f4:92:06:ae:
                    0c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:55:F9:37:6C:A7:91:63:26:9C:E3:1C:6A:7B:BC:60:13:3D:3F:3F
            X509v3 Authority Key Identifier:
                keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/olX5N2ynkWMmnOMcanu8YBM9Pz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:bb:ed:ba:9c:47:3b:c3:a9:20:7b:d1:04:d9:43:0c:3b:ba:
         82:92:b3:b9:b7:e8:0c:77:48:fc:a9:58:66:03:47:5a:a7:1a:
         0a:89:f8:b6:e8:2a:0a:24:bb:70:a9:83:a9:2c:3c:ef:7b:7b:
         8b:3e:08:91:62:16:d7:d2:5a:16:d1:ca:a7:32:6f:c9:54:bb:
         e1:0f:74:7b:0e:79:fb:d1:09:12:a2:43:79:84:4c:8f:64:e8:
         71:7f:07:f3:99:1c:79:47:36:e1:33:46:1f:23:13:e2:5b:b1:
         0c:0c:e1:58:d9:5f:07:e7:c2:4f:c7:03:f3:cd:51:18:c6:55:
         a4:c1:51:21:a3:fd:53:06:df:59:fc:ea:c3:89:5c:52:22:04:
         06:50:b0:1f:f1:84:f2:44:47:6e:2c:24:c2:b1:8d:09:82:70:
         c3:c9:b6:a4:a4:cb:5e:40:13:5c:b6:87:de:f3:3f:8d:f9:11:
         27:5c:6c:5b:a0:a5:f4:81:46:83:89:61:85:c9:30:22:56:08:
         9e:ab:9d:6a:f3:d9:fb:62:05:b5:82:38:a6:ff:b1:89:ae:47:
         23:35:43:fc:19:ce:8d:1c:0b:41:8e:8e:b4:7b:05:96:d5:39:
         2a:3d:5e:f1:e5:ef:43:82:d6:3c:0a:48:40:e9:f0:be:fa:c9:
         df:99:a0:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYq///S9aUL/cxbMs+EBi+R3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMwOTIzMDMwNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU1ZjkzNzZjYTc5MTYzMjY5Y2UzMWM2YTdiYmM2MDEzM2QzZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuOI8MiT+9BZ/YCLlKzvU5qhjFpy
NIVL7ZjYVpE8h7IUJfP2AJryx5o220pyTylSIer74okfQkh3aHLos2KMrwTa8RFc
UK/PnbGjrtfPcsEUGR0ABj7vDHikNI4/8vvTJlkeKEVkfsdu1D4qBEW4H15tHrf6
3o4ZJfOL3OkOi3E7JJXcA7/mn3ouv2krnpuu4PVG50KRLGdyKZg88FdwXFUMIbNv
sl/9P4NdUs6xmKnCXkoADO24fxru4XLixnYpcU+k6C23FB8mz4QzdbBfEFrkmt0P
MfWAgwfXRwva3kqc2pR+6hDS7s+D9w67SRwn112vQS9aMy5RG/SSBq4MzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKJV+Tdsp5FjJpzjHGp7vGATPT8/MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvb2xYNU4yeW5rV01tbk9NY2FudThZQk05UHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJy77bqcRzvDqSB70QTZ
Qww7uoKSs7m36Ax3SPypWGYDR1qnGgqJ+LboKgoku3Cpg6ksPO97e4s+CJFiFtfS
WhbRyqcyb8lUu+EPdHsOefvRCRKiQ3mETI9k6HF/B/OZHHlHNuEzRh8jE+JbsQwM
4VjZXwfnwk/HA/PNURjGVaTBUSGj/VMG31n86sOJXFIiBAZQsB/xhPJER24sJMKx
jQmCcMPJtqSky15AE1y2h97zP435ESdcbFugpfSBRoOJYYXJMCJWCJ6rnWrz2fti
BbWCOKb/sYmuRyM1Q/wZzo0cC0GOjrR7BZbVOSo9XvHl70OC1jwKSEDp8L76yd+Z
oDE=
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:38:51 2025 by rpki-client