Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/1-stzhubS14WUys_j18XKitQp_HM.roa
File:                     1-stzhubS14WUys_j18XKitQp_HM.roa (raw, json)
Hash identifier:          rMkhPs9FpsXXR+wW8ihxW5zmq6LUfIPSc38sjgCJ71A=
Subject key identifier:   FA:CB:73:86:E6:D2:D7:85:94:CA:CF:E3:D7:C5:CA:8A:D4:29:FC:73
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018F163D63E94B8923AEFEBA9328457B1177
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/1-stzhubS14WUys_j18XKitQp_HM.roa
Signing time:             Thu 25 Apr 2024 17:11:13 +0000
ROA not before:           Thu 25 Apr 2024 17:11:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:16:3d:63:e9:4b:89:23:ae:fe:ba:93:28:45:7b:11:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: Apr 25 17:11:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=facb7386e6d2d78594cacfe3d7c5ca8ad429fc73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:47:50:37:ff:f8:5f:72:13:cc:60:e0:41:4c:
                    57:25:94:37:30:aa:49:9c:c7:c6:9c:74:13:00:27:
                    ce:5d:2e:f5:80:50:ed:dc:e1:af:ca:66:45:1f:de:
                    63:87:b4:f5:70:9c:7a:71:31:2e:8e:61:0a:b8:f7:
                    77:83:5a:d5:91:8a:d7:be:cd:11:7a:0f:06:5c:3b:
                    a6:7b:8e:40:55:46:4d:bd:72:bb:fc:4c:00:d1:a5:
                    0e:10:3d:7d:f5:76:14:b1:89:15:cf:b2:b1:44:23:
                    b0:b2:db:be:e4:3f:0b:f4:d0:c6:8a:65:46:8a:1b:
                    4a:3e:8a:98:85:8c:d3:e2:0e:f7:79:0a:69:b5:1a:
                    84:1a:4c:e8:d0:1c:df:65:dc:16:18:97:ee:1c:90:
                    45:0b:25:f7:55:b1:e5:e0:b8:61:41:d9:e9:76:9f:
                    78:f7:fc:44:40:a4:6b:e4:a2:73:16:b8:5a:95:a0:
                    83:14:92:16:80:39:c3:3b:74:36:ca:98:80:37:f8:
                    81:00:30:08:99:c3:ff:02:b9:7c:e9:55:5a:27:a7:
                    bd:79:12:bc:4a:59:6a:ae:b9:8d:68:1f:37:49:09:
                    6f:a6:5e:82:56:4a:38:10:7e:0d:cf:bb:c7:e3:be:
                    99:e1:45:64:2e:b3:84:94:b1:e9:de:b5:b0:e5:b3:
                    cb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:CB:73:86:E6:D2:D7:85:94:CA:CF:E3:D7:C5:CA:8A:D4:29:FC:73
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/1-stzhubS14WUys_j18XKitQp_HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64:ffff:0:18f:543:9e41/128

    Signature Algorithm: sha256WithRSAEncryption
         b3:a7:e4:10:2e:bb:ee:8e:ea:24:25:5b:ac:fd:12:96:72:91:
         fd:34:65:79:a7:3b:dc:0f:e8:f9:72:de:b0:8a:d2:d3:5c:ca:
         3b:6d:ba:2e:66:5a:e0:4e:37:75:8e:33:1e:45:83:2f:80:29:
         64:a9:b5:44:e7:39:ab:79:59:74:de:b1:46:cc:c1:17:c5:f1:
         0d:65:9f:5c:0d:24:7e:cd:b7:a5:90:dd:e9:ae:6b:00:c0:35:
         4b:e8:f0:c0:9d:dc:30:41:f2:42:2a:2e:b8:29:a4:07:a0:10:
         68:87:1d:40:71:18:a2:41:d9:49:05:e2:22:30:c5:a2:cb:5b:
         44:ca:5a:d3:43:65:9e:e0:c1:ff:e2:b8:e4:56:37:64:3c:cc:
         e1:3d:47:1e:89:cb:e7:57:b1:fc:cb:ea:c1:e3:cc:30:1e:e7:
         f9:f2:5e:92:e4:b3:43:61:3d:ce:b4:e2:65:c0:bc:d5:f1:04:
         d0:dc:3d:7d:4a:cf:be:e7:b2:d2:a1:b3:78:60:a0:b6:72:0a:
         83:0a:83:ad:4e:74:48:dd:8f:a1:9a:df:f5:15:f4:55:c1:91:
         36:80:2b:fe:5b:b8:e0:9f:7d:3e:95:76:04:c0:1c:4c:d0:08:
         17:ee:fa:2e:d9:a3:56:b9:69:64:43:7a:ae:9c:9b:64:e3:bb:
         fe:27:21:46
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY8WPWPpS4kjrv66kyhFexF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNDI1MTcxMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWNiNzM4NmU2ZDJkNzg1OTRjYWNmZTNkN2M1Y2E4YWQ0MjlmYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0dQN//4X3ITzGDgQUxXJZQ3MKpJ
nMfGnHQTACfOXS71gFDt3OGvymZFH95jh7T1cJx6cTEujmEKuPd3g1rVkYrXvs0R
eg8GXDume45AVUZNvXK7/EwA0aUOED199XYUsYkVz7KxRCOwstu+5D8L9NDGimVG
ihtKPoqYhYzT4g73eQpptRqEGkzo0BzfZdwWGJfuHJBFCyX3VbHl4LhhQdnpdp94
9/xEQKRr5KJzFrhalaCDFJIWgDnDO3Q2ypiAN/iBADAImcP/Arl86VVaJ6e9eRK8
SllqrrmNaB83SQlvpl6CVko4EH4Nz7vH476Z4UVkLrOElLHp3rWw5bPLXQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPrLc4bm0teFlMrP49fFyorUKfxzMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvMS1zdHpodWJTMTRXVXlzX2oxOFhLaXRRcF9ITS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmUvZDg5MDI1LWQ2ZjMtNDg5MS05ZDg2LWQxMmYwMzlkYjJj
OS8xL3NyN0VHOUx6c1huZUNWRkRCbE1MMF91c2NIcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA6BggrBgEFBQcBBwEB/wQrMCkwDAQCAAEwBgMEA8EAGDAZ
BAIAAjATAxEAIAEGfABk//8AAAGPBUOeQTANBgkqhkiG9w0BAQsFAAOCAQEAs6fk
EC677o7qJCVbrP0SlnKR/TRleac73A/o+XLesIrS01zKO226LmZa4E43dY4zHkWD
L4ApZKm1ROc5q3lZdN6xRszBF8XxDWWfXA0kfs23pZDd6a5rAMA1S+jwwJ3cMEHy
QiouuCmkB6AQaIcdQHEYokHZSQXiIjDFostbRMpa00NlnuDB/+K45FY3ZDzM4T1H
HonL51ex/MvqwePMMB7n+fJekuSzQ2E9zrTiZcC81fEE0Nw9fUrPvuey0qGzeGCg
tnIKgwqDrU50SN2PoZrf9RX0VcGRNoAr/lu44J99PpV2BMAcTNAIF+76LtmjVrlp
ZEN6rpybZOO7/ichRg==
-----END CERTIFICATE-----
Generated at Tue Apr 29 14:32:19 2025 by rpki-client