Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/27bc2d-152f-41e5-92b7-02bd37e7b9a0/1/4M708g3bOGBiF7oyl3IbCHMAKK0.roa
File:                     4M708g3bOGBiF7oyl3IbCHMAKK0.roa (raw, json)
Hash identifier:          tYHVmnNaiWDFhzrBKRKIGwPb9kBumFoA0mQ7nD2wRBI=
Subject key identifier:   E0:CE:F4:F2:0D:DB:38:60:62:17:BA:32:97:72:1B:08:73:00:28:AD
Certificate issuer:       /CN=90c729efd4b5ffe436de413942263fa74d6bd1e8
Certificate serial:       C4544A
Authority key identifier: 90:C7:29:EF:D4:B5:FF:E4:36:DE:41:39:42:26:3F:A7:4D:6B:D1:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kMcp79S1_-Q23kE5QiY_p01r0eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/27bc2d-152f-41e5-92b7-02bd37e7b9a0/1/4M708g3bOGBiF7oyl3IbCHMAKK0.roa
Signing time:             Sat 01 Jan 2022 07:54:32 +0000
ROA not before:           Sat 01 Jan 2022 07:54:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31238
IP address blocks:        83.220.9.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12866634 (0xc4544a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90c729efd4b5ffe436de413942263fa74d6bd1e8
        Validity
            Not Before: Jan  1 07:54:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e0cef4f20ddb38606217ba3297721b08730028ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2e:7c:74:ad:a2:13:f1:76:13:50:90:ce:15:
                    bd:0a:5c:2e:4a:05:ad:7c:37:94:20:40:dd:1c:29:
                    44:32:0a:ff:08:3d:b9:82:85:37:3b:29:a3:c9:b7:
                    ab:84:77:b4:73:8c:d7:08:c7:7f:c7:db:e5:d6:dc:
                    38:5e:7e:3a:94:23:3b:ad:29:fa:9e:07:a2:9c:7e:
                    a6:ee:e0:bc:4c:7c:01:5f:7f:16:1c:1c:59:b0:02:
                    f2:dd:81:01:0c:34:ee:aa:c9:06:91:f9:f3:fa:12:
                    94:74:a0:03:54:bb:27:45:8d:6e:93:e6:eb:b0:0a:
                    b0:00:22:ff:8e:42:37:3b:8d:ee:c2:62:d6:fa:d6:
                    a5:35:62:26:5c:7a:00:81:3d:fb:40:04:f1:ce:ad:
                    1d:3f:90:a0:54:5c:a5:6a:f3:de:b3:39:48:cf:02:
                    d5:04:38:b3:ad:80:10:36:a5:13:0e:77:c1:a4:78:
                    a7:aa:72:56:2b:5f:38:d0:90:74:0c:e6:3a:cd:0c:
                    e8:68:8d:55:96:6a:f5:d1:99:47:f1:63:c8:44:37:
                    31:db:67:f7:f0:a0:da:a0:e2:33:82:48:3a:fe:03:
                    3a:2c:0f:d4:b8:be:cf:35:44:cc:17:95:f6:7c:26:
                    89:a9:d3:87:8f:2f:02:fe:c4:9c:1b:e9:fb:6c:57:
                    57:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CE:F4:F2:0D:DB:38:60:62:17:BA:32:97:72:1B:08:73:00:28:AD
            X509v3 Authority Key Identifier:
                keyid:90:C7:29:EF:D4:B5:FF:E4:36:DE:41:39:42:26:3F:A7:4D:6B:D1:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kMcp79S1_-Q23kE5QiY_p01r0eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/27bc2d-152f-41e5-92b7-02bd37e7b9a0/1/4M708g3bOGBiF7oyl3IbCHMAKK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/27bc2d-152f-41e5-92b7-02bd37e7b9a0/1/kMcp79S1_-Q23kE5QiY_p01r0eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:10:ee:55:26:e6:23:4b:b8:48:88:81:c5:4a:b7:6b:1a:84:
         11:78:2a:6a:47:ff:9e:97:29:5e:81:05:47:48:7b:2a:da:91:
         d4:d9:37:12:b6:03:6b:a8:c1:bc:14:7b:16:c0:f7:83:65:aa:
         44:6d:ea:9f:44:61:02:8a:c1:0b:9b:ac:e1:92:48:0b:e4:1f:
         14:a6:08:b8:88:cc:60:ac:21:1c:68:86:50:a2:60:71:2c:ac:
         24:1b:71:17:0a:43:ee:48:c2:fd:24:29:ee:dc:2e:0d:b5:f8:
         08:67:8f:f1:cd:ec:15:68:f1:a3:7a:e9:b0:74:b7:a8:0a:7d:
         2d:40:a5:66:18:d9:e8:23:66:ba:ca:c7:bf:8d:6d:60:02:58:
         a1:92:fb:2b:6a:12:c5:be:cf:de:2c:77:b1:47:9d:96:e3:d0:
         4f:d0:85:8a:c5:e4:15:84:1c:bb:c9:86:1e:b1:6b:05:9e:22:
         5c:90:df:f1:f3:77:9b:18:03:ed:78:30:c0:97:c4:9a:01:97:
         bf:b9:a3:95:63:ff:cd:55:62:a9:8a:5e:b7:c8:3e:ad:17:4e:
         70:b4:ec:51:7b:d8:b4:54:23:ac:1e:34:78:b4:c6:69:4a:23:
         5e:32:46:2b:b6:b7:6a:19:1b:27:d2:da:f5:eb:d1:46:a1:3c:
         c0:2a:0f:dc
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAMRUSjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MGM3MjllZmQ0YjVmZmU0MzZkZTQxMzk0MjI2M2ZhNzRkNmJkMWU4MB4XDTIyMDEw
MTA3NTQzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTBjZWY0ZjIwZGRi
Mzg2MDYyMTdiYTMyOTc3MjFiMDg3MzAwMjhhZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANwufHStohPxdhNQkM4VvQpcLkoFrXw3lCBA3RwpRDIK/wg9
uYKFNzspo8m3q4R3tHOM1wjHf8fb5dbcOF5+OpQjO60p+p4Hopx+pu7gvEx8AV9/
FhwcWbAC8t2BAQw07qrJBpH58/oSlHSgA1S7J0WNbpPm67AKsAAi/45CNzuN7sJi
1vrWpTViJlx6AIE9+0AE8c6tHT+QoFRcpWrz3rM5SM8C1QQ4s62AEDalEw53waR4
p6pyVitfONCQdAzmOs0M6GiNVZZq9dGZR/FjyEQ3Mdtn9/Cg2qDiM4JIOv4DOiwP
1Li+zzVEzBeV9nwmianTh48vAv7EnBvp+2xXV80CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTgzvTyDds4YGIXujKXchsIcwAorTAfBgNVHSMEGDAWgBSQxynv1LX/5Dbe
QTlCJj+nTWvR6DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2tNY3A3OVMxXy1RMjNrRTVRaVlfcDAxcjBlZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmQvMjdiYzJkLTE1MmYtNDFlNS05MmI3LTAyYmQzN2U3YjlhMC8x
LzRNNzA4ZzNiT0dCaUY3b3lsM0liQ0hNQUtLMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQv
MjdiYzJkLTE1MmYtNDFlNS05MmI3LTAyYmQzN2U3YjlhMC8xL2tNY3A3OVMxXy1R
MjNrRTVRaVlfcDAxcjBlZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFPcCTANBgkqhkiG9w0BAQsFAAOC
AQEAOhDuVSbmI0u4SIiBxUq3axqEEXgqakf/npcpXoEFR0h7KtqR1Nk3ErYDa6jB
vBR7FsD3g2WqRG3qn0RhAorBC5us4ZJIC+QfFKYIuIjMYKwhHGiGUKJgcSysJBtx
FwpD7kjC/SQp7twuDbX4CGeP8c3sFWjxo3rpsHS3qAp9LUClZhjZ6CNmusrHv41t
YAJYoZL7K2oSxb7P3ix3sUedluPQT9CFisXkFYQcu8mGHrFrBZ4iXJDf8fN3mxgD
7XgwwJfEmgGXv7mjlWP/zVViqYpet8g+rRdOcLTsUXvYtFQjrB40eLTGaUojXjJG
K7a3ahkbJ9La9evRRqE8wCoP3A==
-----END CERTIFICATE-----
Generated at Tue Apr 29 14:32:24 2025 by rpki-client