Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/hjX09eJU4XiAkd567YbQ5tTAumI.roa
File:                     hjX09eJU4XiAkd567YbQ5tTAumI.roa (raw, json)
Hash identifier:          rv1Wtet55oSOE8++uPm8LwBMSbggpRdAVpqPC5HhHTQ=
Subject key identifier:   86:35:F4:F5:E2:54:E1:78:80:91:DE:7A:ED:86:D0:E6:D4:C0:BA:62
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018FA33702CF57319A2F51716689B14BFB91
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/hjX09eJU4XiAkd567YbQ5tTAumI.roa
Signing time:             Thu 23 May 2024 02:10:42 +0000
ROA not before:           Thu 23 May 2024 02:10:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:9689:3f54/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a3:37:02:cf:57:31:9a:2f:51:71:66:89:b1:4b:fb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: May 23 02:10:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8635f4f5e254e1788091de7aed86d0e6d4c0ba62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:50:3e:ee:85:62:bd:46:21:a6:be:db:32:47:
                    ef:06:6b:7d:29:c2:5b:54:12:36:46:51:c0:66:37:
                    9d:e9:3d:2c:a7:74:cb:57:d1:6f:c4:90:3e:67:93:
                    6d:6e:49:8c:7c:0a:3f:98:53:d9:84:de:29:55:65:
                    91:ba:cc:a6:5f:3d:98:78:90:11:6b:4b:7d:33:d1:
                    7c:50:ad:f8:36:8e:33:64:d8:3b:45:df:f6:14:39:
                    15:db:38:20:98:15:43:fc:26:eb:20:c1:fe:6f:c0:
                    c9:24:f8:12:b0:16:aa:f4:51:62:03:e8:ad:52:bd:
                    0c:6a:dd:e5:d9:47:3d:49:2e:2e:66:46:a2:ee:96:
                    6a:ee:8b:b1:98:a5:0e:41:43:0e:cc:1c:75:83:46:
                    f9:42:32:87:b5:e1:35:9c:ed:38:43:a1:27:e9:89:
                    63:7b:f1:16:c2:65:99:58:40:18:b8:ff:36:1d:c2:
                    a1:19:73:b4:3b:67:96:fd:ea:e6:72:04:75:ac:69:
                    a7:42:70:99:c0:82:8c:08:e4:a7:25:2c:aa:bc:bc:
                    06:c3:70:23:b9:83:8c:f5:14:07:eb:8b:52:f8:ab:
                    7b:4e:a6:c9:93:79:c2:00:27:b6:4c:7f:10:83:f5:
                    84:aa:50:9c:6a:b1:03:0b:0e:f9:6c:0a:d8:91:a4:
                    0a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:35:F4:F5:E2:54:E1:78:80:91:DE:7A:ED:86:D0:E6:D4:C0:BA:62
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/hjX09eJU4XiAkd567YbQ5tTAumI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:ec:99:f2:1d:f2:47:db:24:a4:8e:3d:39:83:68:05:ec:e1:
         68:84:e8:bd:f1:79:53:16:af:ae:f7:1e:81:ee:26:f1:00:39:
         85:84:3a:1e:4c:69:53:ff:89:17:11:19:25:4f:2d:8f:b4:26:
         9f:fe:0a:d8:f2:06:e2:6c:6f:f2:43:55:d3:d8:40:c4:5e:4e:
         15:8b:c8:f1:11:e9:0e:54:3f:14:9a:35:79:97:e2:05:8f:ab:
         8d:4b:35:e9:8b:8b:86:3b:3b:bc:b7:fc:7e:e6:e2:65:e5:81:
         e3:26:6f:66:e6:84:13:64:f7:82:56:b7:d0:11:71:b6:5d:1b:
         31:c4:78:31:39:08:d7:21:2b:72:65:bf:fb:c1:84:19:4f:71:
         f1:33:09:c8:03:87:43:f5:14:6c:61:bd:d4:ac:a7:34:50:1c:
         82:7b:31:68:dd:41:58:28:e1:18:63:8d:0d:f4:64:c6:a5:33:
         5d:d9:bb:88:67:ec:90:7b:a7:d4:42:ef:49:0a:59:d4:99:fd:
         60:46:d9:f0:53:b0:98:4a:ca:95:1e:c9:30:33:c6:20:15:c8:
         ff:77:70:66:1b:de:1d:fb:a0:6a:e9:a9:b4:f4:be:d9:2d:77:
         d5:36:0f:4b:31:e9:d7:68:b7:3c:23:94:0a:63:a5:62:bf:9f:
         09:32:ed:9d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+jNwLPVzGaL1FxZomxS/uRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTIzMDIxMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjM1ZjRmNWUyNTRlMTc4ODA5MWRlN2FlZDg2ZDBlNmQ0YzBiYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFA+7oVivUYhpr7bMkfvBmt9KcJb
VBI2RlHAZjed6T0sp3TLV9FvxJA+Z5NtbkmMfAo/mFPZhN4pVWWRusymXz2YeJAR
a0t9M9F8UK34No4zZNg7Rd/2FDkV2zggmBVD/CbrIMH+b8DJJPgSsBaq9FFiA+it
Ur0Mat3l2Uc9SS4uZkai7pZq7ouxmKUOQUMOzBx1g0b5QjKHteE1nO04Q6En6Ylj
e/EWwmWZWEAYuP82HcKhGXO0O2eW/ermcgR1rGmnQnCZwIKMCOSnJSyqvLwGw3Aj
uYOM9RQH64tS+Kt7TqbJk3nCACe2TH8Qg/WEqlCcarEDCw75bArYkaQKAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIY19PXiVOF4gJHeeu2G0ObUwLpiMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvaGpYMDllSlU0WGlBa2Q1NjdZYlE1dFRBdW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAMHsmfId8kfbJKSOPTmD
aAXs4WiE6L3xeVMWr673HoHuJvEAOYWEOh5MaVP/iRcRGSVPLY+0Jp/+CtjyBuJs
b/JDVdPYQMReThWLyPER6Q5UPxSaNXmX4gWPq41LNemLi4Y7O7y3/H7m4mXlgeMm
b2bmhBNk94JWt9ARcbZdGzHEeDE5CNchK3Jlv/vBhBlPcfEzCcgDh0P1FGxhvdSs
pzRQHIJ7MWjdQVgo4RhjjQ30ZMalM13Zu4hn7JB7p9RC70kKWdSZ/WBG2fBTsJhK
ypUeyTAzxiAVyP93cGYb3h37oGrpqbT0vtktd9U2D0sx6ddotzwjlApjpWK/nwky
7Z0=
-----END CERTIFICATE-----
Generated at Tue Apr 29 14:32:41 2025 by rpki-client