Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/oyFnaVZq8tGzCgkj3hBpbfzGHBQ.roa
File:                     oyFnaVZq8tGzCgkj3hBpbfzGHBQ.roa (raw, json)
Hash identifier:          mSH2Y8014IkuETqC6Az5M9Sw7eeTohj7CgaDe1DWm3g=
Subject key identifier:   A3:21:67:69:56:6A:F2:D1:B3:0A:09:23:DE:10:69:6D:FC:C6:1C:14
Certificate issuer:       /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial:       018A7EFAFC06EFE01E63316D1208CACCC9F4
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/oyFnaVZq8tGzCgkj3hBpbfzGHBQ.roa
Signing time:             Sun 10 Sep 2023 12:04:52 +0000
ROA not before:           Sun 10 Sep 2023 12:04:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18a:7efa:7440/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:7e:fa:fc:06:ef:e0:1e:63:31:6d:12:08:ca:cc:c9:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
        Validity
            Not Before: Sep 10 12:04:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3216769566af2d1b30a0923de10696dfcc61c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:79:65:a5:0c:bf:7a:46:a3:a0:b8:f8:65:59:
                    6f:55:38:99:b4:29:44:9c:f5:e3:7e:e4:90:ba:b3:
                    ad:70:60:93:53:9c:40:58:7f:5a:20:07:48:fe:63:
                    37:b3:87:ab:5b:9f:2b:fe:6c:c3:98:f6:4a:68:4b:
                    f3:ff:48:d4:1e:88:70:c7:1b:75:57:3a:65:39:19:
                    00:5a:37:25:52:31:c9:8d:e6:d0:3b:8f:6e:54:f9:
                    07:3e:45:e1:ac:d1:8b:64:e5:96:16:37:0f:e4:31:
                    c3:72:b4:53:c5:b3:94:6e:fa:44:0d:cb:56:58:d3:
                    81:f2:f1:63:1b:45:6c:17:5e:a8:b3:23:33:c5:95:
                    1c:f1:69:23:15:0e:7b:e8:98:4b:6a:47:af:fc:7e:
                    6e:b2:66:3a:32:ab:a4:6c:ce:07:b6:6f:5c:7b:01:
                    9f:0a:79:9a:c0:b6:f8:a0:1e:f3:79:82:da:7e:c6:
                    44:0d:21:21:57:18:78:31:1d:3b:08:ac:cf:11:21:
                    f8:33:a3:06:3b:3c:44:42:a0:b8:f9:72:60:df:99:
                    73:fe:8f:86:1b:bf:0d:ac:56:04:86:78:a2:39:83:
                    15:d5:fd:2f:cf:db:70:12:b9:97:68:6b:34:dd:95:
                    e3:25:0a:18:a1:67:de:2f:60:9d:80:14:f1:c0:b5:
                    45:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:21:67:69:56:6A:F2:D1:B3:0A:09:23:DE:10:69:6D:FC:C6:1C:14
            X509v3 Authority Key Identifier:
                keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/oyFnaVZq8tGzCgkj3hBpbfzGHBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:36:87:0e:67:c3:00:be:c4:fa:5d:fd:ec:0e:7e:28:4a:6a:
         54:61:05:e6:dc:6b:35:0d:58:4f:69:fd:d5:84:3f:e7:5e:23:
         26:4f:95:ee:76:ea:90:15:cc:87:4b:98:3f:0e:f1:54:6f:45:
         ff:59:c3:56:a7:ef:7a:b9:f2:1c:72:ac:6f:37:6d:bc:3e:f3:
         45:bd:21:6f:d1:25:da:5c:b7:02:ff:11:cb:7a:2f:ac:58:a1:
         3b:64:e5:95:d6:32:73:3b:1b:77:46:a4:cf:1c:66:ae:cf:aa:
         a7:73:83:fb:80:26:8d:65:4f:e1:ec:72:e9:97:8a:26:4b:9a:
         f1:8c:2d:fa:f7:55:30:81:33:5a:f9:28:80:02:a4:6e:37:82:
         2d:76:dc:d0:a8:43:56:fb:c6:41:2f:50:5e:2a:64:2c:7a:42:
         59:ab:d0:da:18:1e:7f:c8:79:a5:82:23:47:70:4d:43:fd:dd:
         88:b7:c6:ec:4b:fb:6d:65:49:99:0f:23:bc:5a:e6:94:f0:c3:
         5d:eb:3b:eb:f1:c0:61:17:39:2d:d6:ca:65:77:4a:4d:3a:2e:
         4d:de:1d:b6:65:2b:ac:80:d2:08:fc:7d:c6:61:44:b9:04:01:
         2b:38:e2:be:1b:4a:6d:e9:81:85:21:ea:d2:4d:5d:d6:5d:b7:
         8e:60:a8:e7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYp++vwG7+AeYzFtEgjKzMn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTEwMTIwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzIxNjc2OTU2NmFmMmQxYjMwYTA5MjNkZTEwNjk2ZGZjYzYxYzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXllpQy/ekajoLj4ZVlvVTiZtClE
nPXjfuSQurOtcGCTU5xAWH9aIAdI/mM3s4erW58r/mzDmPZKaEvz/0jUHohwxxt1
VzplORkAWjclUjHJjebQO49uVPkHPkXhrNGLZOWWFjcP5DHDcrRTxbOUbvpEDctW
WNOB8vFjG0VsF16osyMzxZUc8WkjFQ576JhLakev/H5usmY6MqukbM4Htm9cewGf
CnmawLb4oB7zeYLafsZEDSEhVxh4MR07CKzPESH4M6MGOzxEQqC4+XJg35lz/o+G
G78NrFYEhniiOYMV1f0vz9twErmXaGs03ZXjJQoYoWfeL2CdgBTxwLVFfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKMhZ2lWavLRswoJI94QaW38xhwUMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvb3lGbmFWWnE4dEd6Q2drajNoQnBiZnpHSEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABU2hw5nwwC+xPpd/ewO
fihKalRhBebcazUNWE9p/dWEP+deIyZPle526pAVzIdLmD8O8VRvRf9Zw1an73q5
8hxyrG83bbw+80W9IW/RJdpctwL/Ect6L6xYoTtk5ZXWMnM7G3dGpM8cZq7Pqqdz
g/uAJo1lT+HscumXiiZLmvGMLfr3VTCBM1r5KIACpG43gi123NCoQ1b7xkEvUF4q
ZCx6Qlmr0NoYHn/IeaWCI0dwTUP93Yi3xuxL+21lSZkPI7xa5pTww13rO+vxwGEX
OS3WymV3Sk06Lk3eHbZlK6yA0gj8fcZhRLkEASs44r4bSm3pgYUh6tJNXdZdt45g
qOc=
-----END CERTIFICATE-----
Generated at Mon Jun 9 19:39:34 2025 by rpki-client