Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3O8DzTrOzpPvT8DtpD-Dm3xpCyk.roa
File:                     3O8DzTrOzpPvT8DtpD-Dm3xpCyk.roa (raw, json)
Hash identifier:          MV/UjHj/rCphmCO5O4wrFza8LDyUmH+6ZEPHeKHBQXs=
Subject key identifier:   DC:EF:03:CD:3A:CE:CE:93:EF:4F:C0:ED:A4:3F:83:9B:7C:69:0B:29
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018F671CE103CA3760328644F321A06D6339
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3O8DzTrOzpPvT8DtpD-Dm3xpCyk.roa
Signing time:             Sat 11 May 2024 10:04:56 +0000
ROA not before:           Sat 11 May 2024 10:04:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128
                          2001:67c:64:ffff:0:18f:671c:275d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:67:1c:e1:03:ca:37:60:32:86:44:f3:21:a0:6d:63:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: May 11 10:04:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcef03cd3acece93ef4fc0eda43f839b7c690b29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cf:8a:a0:10:a0:0c:71:f1:f7:eb:57:62:e7:
                    d9:58:af:34:93:fb:f6:fe:21:18:c0:a1:85:5e:a9:
                    4f:2c:0b:7e:99:f9:f0:02:6a:d2:69:c9:2e:b4:54:
                    09:fd:01:37:5c:95:7e:54:81:e3:7b:4b:47:9a:7e:
                    2f:bb:ee:4e:42:7f:bb:cb:be:93:52:4c:f7:17:d7:
                    95:61:60:12:7d:de:56:0d:13:e8:55:d4:4b:5f:01:
                    58:4e:d1:15:be:dd:81:73:e3:6d:80:59:01:f2:fe:
                    5c:2c:ee:03:c6:9a:3a:42:0f:a1:d5:80:f2:ba:21:
                    71:78:84:f0:db:7e:20:2d:fd:3f:12:73:c2:62:ae:
                    2a:ce:8a:06:00:50:b4:2a:a8:b5:12:db:d5:dc:68:
                    d5:f5:22:96:2c:69:e3:5a:57:ed:ed:a1:7d:79:57:
                    25:36:31:df:fb:60:f6:fc:fd:08:45:cb:2e:b1:20:
                    75:1a:a1:fe:1e:ab:95:fd:c4:09:9b:f6:7f:ee:27:
                    b9:6c:fb:9c:bc:0b:63:cd:27:11:22:f9:aa:50:52:
                    24:6c:c2:88:16:ac:8c:d6:5b:7a:95:56:3f:e2:49:
                    e8:2b:63:1d:91:7e:4f:1a:d9:c5:e2:8b:e4:c8:44:
                    9e:c6:fa:c0:eb:d8:b9:0a:96:d2:2f:e7:2e:21:91:
                    d5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:EF:03:CD:3A:CE:CE:93:EF:4F:C0:ED:A4:3F:83:9B:7C:69:0B:29
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3O8DzTrOzpPvT8DtpD-Dm3xpCyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:81:98:83:14:02:09:9a:9a:44:30:21:96:d2:58:0f:30:8d:
         9e:cc:96:48:72:94:8d:c1:d6:87:1d:bc:42:a1:0b:57:1a:44:
         79:41:b1:cc:50:6d:97:0a:70:73:9d:b2:6b:90:0f:46:33:d2:
         de:27:a1:2f:49:9a:9a:bb:f8:3d:7e:f7:35:8b:0a:c4:ac:8d:
         06:a4:f9:a3:f4:8f:11:64:f3:16:28:51:25:60:0b:7d:5d:5d:
         02:5d:44:bc:57:35:5a:e9:78:91:c6:fa:37:bf:32:74:c9:20:
         07:8c:b7:52:5c:19:ae:f9:b3:6f:77:49:d7:78:0f:bc:65:48:
         14:75:1e:02:51:67:b0:cc:d6:71:2b:8a:7e:8b:02:7c:2c:ad:
         9c:49:39:e0:25:da:87:aa:a0:9c:f6:b0:3f:5a:0c:46:a8:d4:
         18:03:14:75:1c:17:71:9f:e6:f7:5b:ee:83:ab:cb:8a:f8:d8:
         ad:f4:f7:da:d2:ff:c0:f5:a2:a8:d3:7e:2c:7e:47:0b:d0:7d:
         22:e4:de:6c:2d:3c:8c:a1:c1:85:ea:6f:1a:dc:7a:eb:3d:de:
         cf:a6:54:6c:d0:70:e4:7b:89:7b:d4:58:ed:47:82:9c:e0:a8:
         4c:54:7b:fe:a7:3e:2b:7f:17:85:42:18:6c:ee:4d:52:48:ac:
         62:76:46:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY9nHOEDyjdgMoZE8yGgbWM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTExMTAwNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2VmMDNjZDNhY2VjZTkzZWY0ZmMwZWRhNDNmODM5YjdjNjkwYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8+KoBCgDHHx9+tXYufZWK80k/v2
/iEYwKGFXqlPLAt+mfnwAmrSackutFQJ/QE3XJV+VIHje0tHmn4vu+5OQn+7y76T
Ukz3F9eVYWASfd5WDRPoVdRLXwFYTtEVvt2Bc+NtgFkB8v5cLO4Dxpo6Qg+h1YDy
uiFxeITw234gLf0/EnPCYq4qzooGAFC0Kqi1EtvV3GjV9SKWLGnjWlft7aF9eVcl
NjHf+2D2/P0IRcsusSB1GqH+HquV/cQJm/Z/7ie5bPucvAtjzScRIvmqUFIkbMKI
FqyM1lt6lVY/4knoK2MdkX5PGtnF4ovkyESexvrA69i5CpbSL+cuIZHVoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNzvA806zs6T70/A7aQ/g5t8aQspMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvM084RHpUck96cFB2VDhEdHBELURtM3hwQ3lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEGBmIMUAgmamkQwIZbS
WA8wjZ7MlkhylI3B1ocdvEKhC1caRHlBscxQbZcKcHOdsmuQD0Yz0t4noS9Jmpq7
+D1+9zWLCsSsjQak+aP0jxFk8xYoUSVgC31dXQJdRLxXNVrpeJHG+je/MnTJIAeM
t1JcGa75s293Sdd4D7xlSBR1HgJRZ7DM1nErin6LAnwsrZxJOeAl2oeqoJz2sD9a
DEao1BgDFHUcF3Gf5vdb7oOry4r42K3099rS/8D1oqjTfix+RwvQfSLk3mwtPIyh
wYXqbxrceus93s+mVGzQcOR7iXvUWO1HgpzgqExUe/6nPit/F4VCGGzuTVJIrGJ2
Row=
-----END CERTIFICATE-----
Generated at Wed Apr 30 05:43:50 2025 by rpki-client