Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/ccbc52-e094-4e15-b672-71a4c6f9c887/1/x4oE4qGeN5l63LfuOk7vKfX29zo.roa
File:                     x4oE4qGeN5l63LfuOk7vKfX29zo.roa (raw, json)
Hash identifier:          OSd/JTxiVPLGBGqth2LnKDtRXcHjfdTHd6t3Ot2XaUg=
Subject key identifier:   C7:8A:04:E2:A1:9E:37:99:7A:DC:B7:EE:3A:4E:EF:29:F5:F6:F7:3A
Certificate issuer:       /CN=3269cc291ba260fc71118684e7b302f50ce9628d
Certificate serial:       06D922B9
Authority key identifier: 32:69:CC:29:1B:A2:60:FC:71:11:86:84:E7:B3:02:F5:0C:E9:62:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmnMKRuiYPxxEYaE57MC9QzpYo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/ccbc52-e094-4e15-b672-71a4c6f9c887/1/x4oE4qGeN5l63LfuOk7vKfX29zo.roa
Signing time:             Sat 01 Jan 2022 10:57:43 +0000
ROA not before:           Sat 01 Jan 2022 10:57:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21485
IP address blocks:        91.231.153.0/24 maxlen: 24
                          2001:67c:15ec::/48 maxlen: 48
                          2a0a:3500::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 114893497 (0x6d922b9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3269cc291ba260fc71118684e7b302f50ce9628d
        Validity
            Not Before: Jan  1 10:57:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c78a04e2a19e37997adcb7ee3a4eef29f5f6f73a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:12:2e:ce:d5:18:58:c4:a3:a1:b6:65:61:41:
                    28:13:e4:5d:28:55:fd:c1:fe:84:33:b7:7b:32:bf:
                    6c:cf:86:fd:7e:f0:8a:c7:29:11:61:e1:66:07:b5:
                    65:d1:11:02:50:ff:36:6f:49:a6:01:db:15:ab:03:
                    0a:57:b1:5a:e5:72:f6:0d:23:08:ae:c4:7a:84:d0:
                    cb:cf:0a:db:aa:7f:02:92:2f:5a:b6:0c:fb:9d:2e:
                    3e:89:33:cd:44:c3:4c:02:d8:a1:7e:0c:f4:bd:b0:
                    5f:ea:8a:db:28:59:3b:76:03:22:29:34:b3:3d:83:
                    bb:a6:fa:e3:4e:59:4b:d1:45:ec:a8:cb:04:8d:f5:
                    50:21:12:0b:86:65:5f:53:1f:e0:c0:fc:bb:b2:51:
                    0e:9d:e0:d6:9a:af:ff:51:52:54:ca:1a:16:d8:48:
                    37:d2:71:8a:35:17:f0:2a:37:0b:ec:ea:7f:d8:eb:
                    d6:58:a6:60:ae:7b:d0:ad:b9:f9:24:d2:fe:7f:b9:
                    51:2b:3a:7f:e7:12:66:35:22:af:4f:ab:23:a3:5a:
                    e0:f1:01:d0:10:97:a2:76:7b:d7:b2:22:89:30:0f:
                    66:59:91:01:94:6c:73:fe:1a:55:4d:da:17:ff:4e:
                    90:09:d5:bb:8c:0e:cb:8e:ff:ef:3f:d3:6b:a1:84:
                    8b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8A:04:E2:A1:9E:37:99:7A:DC:B7:EE:3A:4E:EF:29:F5:F6:F7:3A
            X509v3 Authority Key Identifier:
                keyid:32:69:CC:29:1B:A2:60:FC:71:11:86:84:E7:B3:02:F5:0C:E9:62:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmnMKRuiYPxxEYaE57MC9QzpYo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ccbc52-e094-4e15-b672-71a4c6f9c887/1/x4oE4qGeN5l63LfuOk7vKfX29zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ccbc52-e094-4e15-b672-71a4c6f9c887/1/MmnMKRuiYPxxEYaE57MC9QzpYo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.153.0/24
                IPv6:
                  2001:67c:15ec::/48
                  2a0a:3500::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:3c:4f:cd:06:f3:f2:17:be:83:cf:ef:47:15:df:23:5c:9a:
         c8:af:bf:0e:2f:02:77:c3:bb:bd:c2:75:9c:db:e0:08:15:33:
         cd:d5:98:90:43:97:98:1b:b6:0e:cb:7e:cb:16:5d:00:22:b3:
         69:f9:95:e1:c1:6d:cf:09:e0:9d:42:bc:7b:17:76:70:c2:a1:
         90:03:03:ad:e5:9c:29:51:c2:de:8b:20:4c:dc:a1:89:08:eb:
         58:6a:64:9b:80:d7:86:b0:73:d7:1a:d5:4a:5e:93:c9:e0:26:
         3b:d2:63:1c:cd:0e:ef:1c:56:5a:48:36:4c:4a:1f:9d:f5:58:
         b5:cc:ab:be:7b:f0:ea:b3:f4:d3:e4:75:4e:5f:92:2b:b3:93:
         a1:04:55:54:95:5f:8b:4e:f2:91:66:36:37:fe:03:9a:74:f5:
         74:2e:cf:38:26:1e:60:5e:c5:e2:a9:3a:d2:45:9e:90:9e:e3:
         ea:0e:85:3f:6b:c1:ba:be:d1:46:8f:87:89:fd:6c:d1:e9:9f:
         73:21:65:a8:ec:8d:3e:94:a2:66:a3:53:3b:28:71:fa:af:85:
         31:28:87:46:05:f4:13:dd:06:2d:cd:bd:f7:cc:56:d7:16:d9:
         e9:d1:2f:82:e0:b2:42:f2:24:5d:19:57:e2:dc:a3:7a:2f:c5:
         79:50:39:ef
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEBtkiuTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MjY5Y2MyOTFiYTI2MGZjNzExMTg2ODRlN2IzMDJmNTBjZTk2MjhkMB4XDTIyMDEw
MTEwNTc0M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzc4YTA0ZTJhMTll
Mzc5OTdhZGNiN2VlM2E0ZWVmMjlmNWY2ZjczYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMSLs7VGFjEo6G2ZWFBKBPkXShV/cH+hDO3ezK/bM+G/X7w
iscpEWHhZge1ZdERAlD/Nm9JpgHbFasDClexWuVy9g0jCK7EeoTQy88K26p/ApIv
WrYM+50uPokzzUTDTALYoX4M9L2wX+qK2yhZO3YDIik0sz2Du6b6405ZS9FF7KjL
BI31UCESC4ZlX1Mf4MD8u7JRDp3g1pqv/1FSVMoaFthIN9JxijUX8Co3C+zqf9jr
1limYK570K25+STS/n+5USs6f+cSZjUir0+rI6Na4PEB0BCXonZ717IiiTAPZlmR
AZRsc/4aVU3aF/9OkAnVu4wOy47/7z/Ta6GEiwMCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBTHigTioZ43mXrct+46Tu8p9fb3OjAfBgNVHSMEGDAWgBQyacwpG6Jg/HER
hoTnswL1DOlijTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01tbk1LUnVpWVB4eEVZYUU1N01DOVF6cFlvMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2IvY2NiYzUyLWUwOTQtNGUxNS1iNjcyLTcxYTRjNmY5Yzg4Ny8x
L3g0b0U0cUdlTjVsNjNMZnVPazd2S2ZYMjl6by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Iv
Y2NiYzUyLWUwOTQtNGUxNS1iNjcyLTcxYTRjNmY5Yzg4Ny8xL01tbk1LUnVpWVB4
eEVZYUU1N01DOVF6cFlvMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwDAQCAAEwBgMEAFvnmTAWBAIAAjAQAwcAIAEGfBXs
AwUAKgo1ADANBgkqhkiG9w0BAQsFAAOCAQEAKTxPzQbz8he+g8/vRxXfI1yayK+/
Di8Cd8O7vcJ1nNvgCBUzzdWYkEOXmBu2Dst+yxZdACKzafmV4cFtzwngnUK8exd2
cMKhkAMDreWcKVHC3osgTNyhiQjrWGpkm4DXhrBz1xrVSl6TyeAmO9JjHM0O7xxW
Wkg2TEofnfVYtcyrvnvw6rP00+R1Tl+SK7OToQRVVJVfi07ykWY2N/4DmnT1dC7P
OCYeYF7F4qk60kWekJ7j6g6FP2vBur7RRo+Hif1s0emfcyFlqOyNPpSiZqNTOyhx
+q+FMSiHRgX0E90GLc2998xW1xbZ6dEvguCyQvIkXRlX4tyjei/FeVA57w==
-----END CERTIFICATE-----
Generated at Tue Jun 10 10:56:04 2025 by rpki-client