Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3Z1Db7M2WRrRMFz81rr5Qc7TI_Y.roa
File:                     3Z1Db7M2WRrRMFz81rr5Qc7TI_Y.roa (raw, json)
Hash identifier:          oK5Mxrxd3RYWIpFsnwvzmWj7o5P7w28LZ2EvLTo1tZ0=
Subject key identifier:   DD:9D:43:6F:B3:36:59:1A:D1:30:5C:FC:D6:BA:F9:41:CE:D3:23:F6
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018F9B0B5E197C7E449A171DE1E8C24684C6
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3Z1Db7M2WRrRMFz81rr5Qc7TI_Y.roa
Signing time:             Tue 21 May 2024 12:06:04 +0000
ROA not before:           Tue 21 May 2024 12:06:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:9689:3f54/128 maxlen: 128
                          2001:67c:64:ffff:0:18f:9b0a:dffc/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9b:0b:5e:19:7c:7e:44:9a:17:1d:e1:e8:c2:46:84:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: May 21 12:06:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd9d436fb336591ad1305cfcd6baf941ced323f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d9:86:1c:23:7f:d0:ea:be:f9:58:e1:58:86:
                    a6:f9:90:fd:c5:a7:13:ec:4c:c3:79:58:14:a6:fa:
                    fa:ae:77:6d:05:eb:90:dc:cf:6b:15:63:a9:fe:43:
                    66:61:34:54:21:80:ff:91:30:33:65:92:48:82:69:
                    ba:ec:0d:1c:92:d0:c0:e5:84:55:c9:4b:ef:d6:34:
                    63:93:2e:8f:54:7c:52:a7:cb:63:e5:a8:ae:29:53:
                    47:53:97:ed:58:7a:74:07:d7:0d:32:04:5f:51:da:
                    5b:17:83:99:22:52:34:dd:7f:ad:ab:66:cc:7d:0e:
                    20:17:46:cb:e4:81:26:1f:ca:09:c4:01:a9:51:0f:
                    b2:ac:e4:aa:a4:c2:ca:5b:10:02:81:2e:4f:3e:ac:
                    a6:9f:22:7e:d2:b0:7a:93:b8:83:c4:ff:67:6c:b6:
                    d5:28:8a:33:43:4d:cc:62:f5:7b:f7:e7:e2:a0:ce:
                    5a:60:58:da:d7:86:65:92:19:c9:1a:29:4f:07:4b:
                    79:ad:a1:e3:5b:6b:14:86:5b:44:0b:de:a8:c8:d1:
                    4f:8b:d8:c4:d8:34:79:0a:35:a7:fc:22:bc:ad:f2:
                    9d:3f:b4:d9:95:6b:bd:66:c2:00:73:f6:77:6e:1d:
                    4f:ae:00:86:9d:09:20:4d:66:25:6d:17:c8:73:2c:
                    9d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:9D:43:6F:B3:36:59:1A:D1:30:5C:FC:D6:BA:F9:41:CE:D3:23:F6
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3Z1Db7M2WRrRMFz81rr5Qc7TI_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:2b:47:f9:8c:71:41:d1:1a:a6:b5:c8:04:9c:ac:c2:1f:11:
         d2:b2:7d:c5:f4:6c:ad:b7:39:93:22:38:59:8f:d1:75:4e:3a:
         64:ca:66:52:47:06:1f:6f:cd:b1:4d:24:6d:ea:3b:0d:ae:a3:
         0d:46:9f:77:4f:79:77:cd:ff:df:47:be:1d:89:36:c5:74:e5:
         6c:04:49:a2:4e:39:49:d3:16:cc:1f:23:f5:85:b4:72:22:5a:
         51:59:f9:43:b3:d8:ab:0a:c7:58:cc:e9:9e:1a:c7:99:55:63:
         f5:99:55:c6:45:1f:21:84:34:ef:a4:59:e1:67:b2:d8:18:0d:
         8c:a0:fe:58:e3:83:5d:1e:ea:5c:0c:d2:3c:a9:99:4a:da:21:
         b4:16:32:ce:9a:f2:1b:78:d1:9a:d9:a2:55:ec:91:1c:d6:cd:
         5b:39:62:e7:68:70:86:3b:e0:cb:6e:5a:65:02:1c:43:01:63:
         b3:79:9e:b0:a4:b4:49:88:b0:26:9e:51:0f:6f:50:d1:c5:72:
         50:f3:7b:83:8b:00:78:7e:d8:c0:65:97:a9:f7:5a:33:a3:30:
         2d:bf:49:52:dc:a5:86:50:16:d5:81:f9:f1:3f:24:ad:30:03:
         aa:7e:1e:94:7a:7d:06:d0:f9:7c:6b:96:3a:a8:45:85:e1:a3:
         d4:c5:66:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+bC14ZfH5Emhcd4ejCRoTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTIxMTIwNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDlkNDM2ZmIzMzY1OTFhZDEzMDVjZmNkNmJhZjk0MWNlZDMyM2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNmGHCN/0Oq++VjhWIam+ZD9xacT
7EzDeVgUpvr6rndtBeuQ3M9rFWOp/kNmYTRUIYD/kTAzZZJIgmm67A0cktDA5YRV
yUvv1jRjky6PVHxSp8tj5aiuKVNHU5ftWHp0B9cNMgRfUdpbF4OZIlI03X+tq2bM
fQ4gF0bL5IEmH8oJxAGpUQ+yrOSqpMLKWxACgS5PPqymnyJ+0rB6k7iDxP9nbLbV
KIozQ03MYvV79+fioM5aYFja14ZlkhnJGilPB0t5raHjW2sUhltEC96oyNFPi9jE
2DR5CjWn/CK8rfKdP7TZlWu9ZsIAc/Z3bh1PrgCGnQkgTWYlbRfIcyyd7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN2dQ2+zNlka0TBc/Na6+UHO0yP2MB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvM1oxRGI3TTJXUnJSTUZ6ODFycjVRYzdUSV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC4rR/mMcUHRGqa1yASc
rMIfEdKyfcX0bK23OZMiOFmP0XVOOmTKZlJHBh9vzbFNJG3qOw2uow1Gn3dPeXfN
/99Hvh2JNsV05WwESaJOOUnTFswfI/WFtHIiWlFZ+UOz2KsKx1jM6Z4ax5lVY/WZ
VcZFHyGENO+kWeFnstgYDYyg/ljjg10e6lwM0jypmUraIbQWMs6a8ht40ZrZolXs
kRzWzVs5YudocIY74MtuWmUCHEMBY7N5nrCktEmIsCaeUQ9vUNHFclDze4OLAHh+
2MBll6n3WjOjMC2/SVLcpYZQFtWB+fE/JK0wA6p+HpR6fQbQ+XxrljqoRYXho9TF
ZgI=
-----END CERTIFICATE-----
Generated at Tue Apr 29 22:43:12 2025 by rpki-client