Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/FUgZjXnAZvjrDH-J8kkWCRpGs0A.roa
File:                     FUgZjXnAZvjrDH-J8kkWCRpGs0A.roa (raw, json)
Hash identifier:          BgtmDxXRodymP7NrE7mZzkKJF00EdlGFzJf6YJPn82E=
Subject key identifier:   15:48:19:8D:79:C0:66:F8:EB:0C:7F:89:F2:49:16:09:1A:46:B3:40
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       018FAF35B122F67E587844736B8C3D316D52
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/FUgZjXnAZvjrDH-J8kkWCRpGs0A.roa
Signing time:             Sat 25 May 2024 10:04:42 +0000
ROA not before:           Sat 25 May 2024 10:04:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:af35:341e/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:af:35:b1:22:f6:7e:58:78:44:73:6b:8c:3d:31:6d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: May 25 10:04:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1548198d79c066f8eb0c7f89f24916091a46b340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:13:6c:44:65:5b:4d:12:79:b2:42:e1:e6:b5:
                    c9:6b:3c:28:7f:48:a4:ba:b0:0d:0d:43:dd:10:bb:
                    ec:90:bf:e2:c7:3f:a5:f9:c8:7e:cc:76:79:85:c6:
                    f8:ea:68:e9:c8:53:6a:b9:4b:9e:5c:ca:eb:a1:e1:
                    11:16:7a:e2:23:c2:9b:7c:26:85:c4:05:e8:18:b1:
                    76:46:f2:34:7b:2c:76:2b:77:ab:bb:d8:42:24:d0:
                    16:2c:86:30:b2:40:c8:06:c3:e5:dd:8c:16:4e:3c:
                    8a:50:e5:c3:d1:ed:cd:66:64:d0:cf:8b:88:4d:34:
                    73:0b:fe:97:6d:d1:7b:46:63:3c:53:1f:ce:fb:0a:
                    5c:65:4b:20:c5:fa:1d:3d:ee:6f:17:fa:74:c8:12:
                    24:7e:fe:e8:1e:a7:bf:e4:ee:90:96:5d:32:33:02:
                    85:1d:ab:4c:01:9b:7b:44:7b:4c:cc:00:57:68:a5:
                    7e:70:23:b6:ba:ed:75:94:2e:10:ea:da:45:d7:dc:
                    95:5a:4d:af:6f:25:45:cc:5b:3d:6c:9b:50:40:47:
                    6a:32:52:96:2e:54:e1:c5:2e:ce:10:92:c9:cf:25:
                    e2:98:4a:1b:20:34:99:c5:70:e0:02:ad:dc:6c:8a:
                    82:cb:f8:9e:0e:3a:ef:cc:51:02:81:c1:66:07:7d:
                    ca:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:48:19:8D:79:C0:66:F8:EB:0C:7F:89:F2:49:16:09:1A:46:B3:40
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/FUgZjXnAZvjrDH-J8kkWCRpGs0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:de:c7:a9:69:63:61:d1:2c:5a:8e:37:74:73:7f:f5:84:8e:
         d7:8d:01:da:cb:3d:11:c5:d0:1e:bf:ba:d7:2f:01:db:cb:7b:
         56:ea:65:4d:cf:ae:e0:87:ac:b3:83:01:1d:0c:8b:d0:50:8e:
         a6:65:97:b9:26:cc:25:2c:de:ea:5f:21:e3:b5:73:65:14:f9:
         3a:14:c0:6d:72:9a:55:e9:4b:7e:41:29:bf:2c:0a:21:cb:ce:
         c0:45:4b:23:73:84:7f:52:78:7d:ca:19:e9:e7:f4:68:c5:1d:
         05:bf:3f:04:66:bc:fe:10:db:b9:4a:a2:a0:eb:1a:4d:b5:93:
         f9:b0:2d:81:8c:7f:bc:2e:06:cd:46:54:5a:11:40:73:92:3f:
         00:a1:58:53:1f:db:d2:89:52:fc:ae:d1:de:ef:6c:23:4a:6c:
         08:a9:bf:fc:e1:e5:10:16:fc:ce:90:91:3c:9c:17:73:6c:46:
         06:bc:90:53:03:88:ee:be:bd:b6:29:44:d6:9a:6f:99:bb:c1:
         ef:83:4b:30:52:af:18:61:ec:01:3b:96:93:ca:b1:2d:10:dd:
         fa:8a:a2:e7:f1:ee:22:e1:59:15:c3:c2:75:42:d0:19:d3:2c:
         86:94:b2:b6:7c:8b:45:86:0f:58:1f:dc:90:3c:44:00:04:0b:
         69:61:4d:81
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+vNbEi9n5YeERza4w9MW1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNTI1MTAwNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQ4MTk4ZDc5YzA2NmY4ZWIwYzdmODlmMjQ5MTYwOTFhNDZiMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhNsRGVbTRJ5skLh5rXJazwof0ik
urANDUPdELvskL/ixz+l+ch+zHZ5hcb46mjpyFNquUueXMrroeERFnriI8KbfCaF
xAXoGLF2RvI0eyx2K3eru9hCJNAWLIYwskDIBsPl3YwWTjyKUOXD0e3NZmTQz4uI
TTRzC/6XbdF7RmM8Ux/O+wpcZUsgxfodPe5vF/p0yBIkfv7oHqe/5O6Qll0yMwKF
HatMAZt7RHtMzABXaKV+cCO2uu11lC4Q6tpF19yVWk2vbyVFzFs9bJtQQEdqMlKW
LlThxS7OEJLJzyXimEobIDSZxXDgAq3cbIqCy/ieDjrvzFECgcFmB33KrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBVIGY15wGb46wx/ifJJFgkaRrNAMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvRlVnWmpYbkFadmpyREgtSjhra1dDUnBHczBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAILex6lpY2HRLFqON3Rz
f/WEjteNAdrLPRHF0B6/utcvAdvLe1bqZU3PruCHrLODAR0Mi9BQjqZll7kmzCUs
3upfIeO1c2UU+ToUwG1ymlXpS35BKb8sCiHLzsBFSyNzhH9SeH3KGenn9GjFHQW/
PwRmvP4Q27lKoqDrGk21k/mwLYGMf7wuBs1GVFoRQHOSPwChWFMf29KJUvyu0d7v
bCNKbAipv/zh5RAW/M6QkTycF3NsRga8kFMDiO6+vbYpRNaab5m7we+DSzBSrxhh
7AE7lpPKsS0Q3fqKoufx7iLhWRXDwnVC0BnTLIaUsrZ8i0WGD1gf3JA8RAAEC2lh
TYE=
-----END CERTIFICATE-----
Generated at Mon Jun 16 23:14:13 2025 by rpki-client