Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/rpi1UOADK_MJQxCXfpFI-umtZmM.roa
File:                     rpi1UOADK_MJQxCXfpFI-umtZmM.roa (raw, json)
Hash identifier:          Uy3Rl2oT+CgcvPJt5bSUjCr6cyAxFkerS70hln/yfL8=
Subject key identifier:   AE:98:B5:50:E0:03:2B:F3:09:43:10:97:7E:91:48:FA:E9:AD:66:63
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018F2C5868C60FB0ED7148C4B79AA7D80275
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/rpi1UOADK_MJQxCXfpFI-umtZmM.roa
Signing time:             Tue 30 Apr 2024 00:12:22 +0000
ROA not before:           Tue 30 Apr 2024 00:12:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2c:58:68:c6:0f:b0:ed:71:48:c4:b7:9a:a7:d8:02:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: Apr 30 00:12:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae98b550e0032bf3094310977e9148fae9ad6663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8e:15:9d:26:75:d6:89:af:b2:40:9e:44:fb:
                    67:fd:8b:af:ec:8e:90:97:6e:73:c4:c0:a5:85:81:
                    80:a4:4f:d6:f8:00:97:9a:80:9d:1a:a9:ea:02:4c:
                    6e:6d:c8:ec:e4:ee:c2:78:ed:84:7b:3d:60:06:84:
                    82:ea:95:ed:00:a6:ef:41:47:39:54:12:6b:94:34:
                    33:8d:84:1c:41:7c:a7:73:cf:a1:f9:fc:da:a6:b0:
                    45:b1:03:11:53:d3:73:77:22:16:68:f5:e8:41:94:
                    89:00:78:45:49:4a:ce:53:a1:a6:a4:3f:45:0e:03:
                    6c:89:b7:03:6a:e3:1f:5c:6b:90:36:66:48:3c:dd:
                    f1:51:6c:bb:8f:22:78:01:92:72:a4:c4:32:3c:5b:
                    2d:a1:41:6f:89:49:5e:53:5e:08:93:31:d1:0d:fb:
                    50:9a:ab:19:9b:27:0f:57:9a:b4:56:64:ae:9f:72:
                    37:e9:a8:8b:55:e7:ee:49:3a:02:21:6b:de:e5:37:
                    a8:68:25:26:ea:1c:93:41:23:69:1f:b1:48:14:fb:
                    d2:c4:7a:f7:91:29:6d:c2:18:8e:0a:91:f0:8d:2c:
                    8a:2c:99:a1:c0:2f:77:fd:6d:0d:d9:82:ca:b6:52:
                    52:10:2e:6c:43:4c:00:08:0b:51:1f:4b:b7:5f:71:
                    2f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:98:B5:50:E0:03:2B:F3:09:43:10:97:7E:91:48:FA:E9:AD:66:63
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/rpi1UOADK_MJQxCXfpFI-umtZmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:e0:cd:ca:d7:ed:c1:09:e8:4d:6a:73:a7:c5:16:aa:e4:0e:
         f8:54:62:3a:5e:5c:3e:f9:9b:70:34:30:50:2f:3e:19:59:3d:
         c5:04:dc:df:91:21:c9:ea:c6:71:a4:a1:1a:fc:33:ce:e8:55:
         59:86:4e:9b:c5:d8:40:60:ba:51:c9:a3:5c:fe:f4:f9:42:5d:
         85:c7:c9:41:3a:09:e6:6f:88:ba:73:2f:28:a4:b5:f8:e2:eb:
         52:ae:2a:c7:13:a3:51:38:6a:0c:95:41:61:3a:cf:2a:22:af:
         4a:62:43:f1:20:be:b6:67:95:87:46:12:5e:3d:d1:22:66:8a:
         dc:82:a3:37:b5:85:30:8e:42:e0:7d:4f:36:27:e0:67:6a:44:
         50:6a:a6:bb:96:20:e9:b8:58:bb:68:a4:7b:be:57:d7:2e:c5:
         54:88:11:dd:1b:59:2c:86:ee:bd:79:d9:4c:0f:fc:3f:f6:05:
         4e:72:7e:14:fe:61:04:bd:1d:d4:4a:77:f6:8e:6d:7b:72:e1:
         a8:81:ea:98:63:93:6e:d3:55:ab:65:ab:fb:d0:97:07:8f:27:
         64:58:fb:85:da:19:df:df:6d:09:83:c4:2e:9c:80:74:bb:26:
         90:19:62:8e:5d:68:87:13:d0:1a:4d:e2:ef:10:83:f5:d9:f6:
         a7:cc:55:5b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY8sWGjGD7DtcUjEt5qn2AJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNDMwMDAxMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTk4YjU1MGUwMDMyYmYzMDk0MzEwOTc3ZTkxNDhmYWU5YWQ2NjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo4VnSZ11omvskCeRPtn/Yuv7I6Q
l25zxMClhYGApE/W+ACXmoCdGqnqAkxubcjs5O7CeO2Eez1gBoSC6pXtAKbvQUc5
VBJrlDQzjYQcQXync8+h+fzaprBFsQMRU9NzdyIWaPXoQZSJAHhFSUrOU6GmpD9F
DgNsibcDauMfXGuQNmZIPN3xUWy7jyJ4AZJypMQyPFstoUFviUleU14IkzHRDftQ
mqsZmycPV5q0VmSun3I36aiLVefuSToCIWve5TeoaCUm6hyTQSNpH7FIFPvSxHr3
kSltwhiOCpHwjSyKLJmhwC93/W0N2YLKtlJSEC5sQ0wACAtRH0u3X3EvpQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK6YtVDgAyvzCUMQl36RSPrprWZjMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvcnBpMVVPQURLX01KUXhDWGZwRkktdW10Wm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADrgzcrX7cEJ6E1qc6fF
FqrkDvhUYjpeXD75m3A0MFAvPhlZPcUE3N+RIcnqxnGkoRr8M87oVVmGTpvF2EBg
ulHJo1z+9PlCXYXHyUE6CeZviLpzLyiktfji61KuKscTo1E4agyVQWE6zyoir0pi
Q/EgvrZnlYdGEl490SJmityCoze1hTCOQuB9TzYn4GdqRFBqpruWIOm4WLtopHu+
V9cuxVSIEd0bWSyG7r152UwP/D/2BU5yfhT+YQS9HdRKd/aObXty4aiB6phjk27T
Vatlq/vQlwePJ2RY+4XaGd/fbQmDxC6cgHS7JpAZYo5daIcT0BpN4u8Qg/XZ9qfM
VVs=
-----END CERTIFICATE-----
Generated at Tue Apr 29 21:39:51 2025 by rpki-client