Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/2/32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa
File:                     32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa (raw, json)
Hash identifier:          v94oB/nAi5wLWGIjuT3QBe+UxkdwZs8tGAopyZ1KM1c=
Subject key identifier:   2F:4C:29:53:A2:F5:4D:01:F9:5B:D8:B1:16:96:78:C2:B5:53:67:F0
Certificate issuer:       /CN=d90d8aba2a20be938d311f64dbe5a93065e1d30b29cf0a83df
Certificate serial:       453D443524D0EC0EE2F493D857E963F663508C81
Authority key identifier: 1A:E9:05:CA:D2:46:1E:1C:76:66:49:9F:2F:7D:68:BA:DF:E7:81:BB
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a20be938d311f64dbe5a93065e1d30b29cf0a83df.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/2/32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa
Signing time:             Tue 21 May 2024 13:27:36 +0000
ROA not before:           Tue 21 May 2024 13:22:36 +0000
ROA not after:            Tue 20 May 2025 13:27:36 +0000
asID:                     215051
IP address blocks:        23.164.153.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:3d:44:35:24:d0:ec:0e:e2:f4:93:d8:57:e9:63:f6:63:50:8c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90d8aba2a20be938d311f64dbe5a93065e1d30b29cf0a83df
        Validity
            Not Before: May 21 13:22:36 2024 GMT
            Not After : May 20 13:27:36 2025 GMT
        Subject: CN=2F4C2953A2F54D01F95BD8B1169678C2B55367F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2b:2c:f0:5a:c6:0f:a6:97:94:28:89:87:94:
                    28:dd:7c:f0:05:3a:72:d6:62:b1:1a:78:b5:ac:36:
                    b7:cd:44:aa:31:b1:0b:40:2d:d7:3e:0b:86:c9:80:
                    15:2d:f2:87:f8:12:b5:4f:d0:22:07:02:18:be:9b:
                    9d:87:7f:91:93:4a:20:23:7e:87:42:43:ca:9b:9f:
                    17:76:f9:1e:fa:47:87:e6:1b:10:5b:1c:f0:84:35:
                    7a:f2:02:d5:4b:86:30:c8:66:4d:26:c8:10:6c:c6:
                    84:47:26:74:4a:d8:32:5a:d2:53:a9:4f:bf:80:1e:
                    50:95:d8:44:85:3c:5e:f9:8f:fd:4d:5e:fe:9d:ee:
                    8f:d9:7f:a3:00:26:e1:29:d8:99:b9:99:af:55:82:
                    01:69:a2:84:14:80:0a:77:45:66:89:a2:d0:11:51:
                    31:22:db:78:88:03:40:c6:25:fc:3a:2b:b6:07:82:
                    1e:56:17:b5:6c:64:8d:27:5b:97:09:0a:ac:d7:6c:
                    2b:f8:24:61:ed:84:c0:27:a0:2a:e5:2d:0e:ce:4e:
                    9a:1a:f9:78:00:50:05:39:95:1a:99:76:3f:55:5b:
                    3a:98:7e:d6:99:f6:c5:02:2f:78:a8:84:ee:f6:48:
                    9d:7a:c9:91:67:b5:0c:80:0d:87:41:13:9a:3b:ea:
                    00:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:4C:29:53:A2:F5:4D:01:F9:5B:D8:B1:16:96:78:C2:B5:53:67:F0
            X509v3 Authority Key Identifier:
                keyid:1A:E9:05:CA:D2:46:1E:1C:76:66:49:9F:2F:7D:68:BA:DF:E7:81:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/2/1AE905CAD2461E1C7666499F2F7D68BADFE781BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a20be938d311f64dbe5a93065e1d30b29cf0a83df.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/2/32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.164.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:e6:9e:2a:ff:42:44:0e:70:cf:04:04:76:2e:2f:46:89:ad:
         4d:ef:21:48:ae:31:2b:24:ce:ca:76:79:d8:9d:04:4e:ed:31:
         b4:af:72:69:43:38:21:b2:d5:3b:1e:d7:a4:47:43:34:a4:97:
         ed:0c:82:ce:e9:5b:1c:a6:cb:cf:78:5a:d7:83:ca:1d:b6:a5:
         40:46:1d:50:b6:66:14:22:e6:af:97:54:0c:87:8b:30:20:52:
         19:c0:1a:d6:9b:e6:d2:63:b2:76:b5:62:f0:b4:b7:33:15:33:
         81:fb:14:48:e0:a3:93:8d:c1:43:80:80:d7:a7:02:86:97:e0:
         ee:12:a6:7b:65:34:21:c7:8b:da:bb:29:a9:6e:10:f6:e8:4f:
         2b:81:5a:5b:ac:f5:d5:b2:f6:47:e7:d5:34:57:2b:68:60:0b:
         a1:ec:07:ac:ba:3f:a1:a4:a5:c6:c8:9b:83:72:06:8d:01:42:
         99:a9:af:d6:bd:32:34:d1:00:2b:70:1a:b8:4f:e5:56:9c:40:
         cf:12:52:db:5e:01:ed:23:18:c2:c4:f7:74:0d:c6:2f:86:0f:
         0e:2b:6d:c5:12:c6:2a:e7:54:2d:46:a4:c8:63:2d:43:50:1c:
         33:cc:2c:72:a2:6f:c6:81:5a:ff:3d:a0:db:c4:22:a6:4c:91:
         19:c7:d2:6a
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIURT1ENSTQ7A7i9JPYV+lj9mNQjIEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDkwZDhhYmEyYTIwYmU5MzhkMzExZjY0ZGJlNWE5MzA2
NWUxZDMwYjI5Y2YwYTgzZGYwHhcNMjQwNTIxMTMyMjM2WhcNMjUwNTIwMTMyNzM2
WjAzMTEwLwYDVQQDEygyRjRDMjk1M0EyRjU0RDAxRjk1QkQ4QjExNjk2NzhDMkI1
NTM2N0YwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSss8FrGD6aX
lCiJh5Qo3XzwBTpy1mKxGni1rDa3zUSqMbELQC3XPguGyYAVLfKH+BK1T9AiBwIY
vpudh3+Rk0ogI36HQkPKm58Xdvke+keH5hsQWxzwhDV68gLVS4YwyGZNJsgQbMaE
RyZ0StgyWtJTqU+/gB5QldhEhTxe+Y/9TV7+ne6P2X+jACbhKdiZuZmvVYIBaaKE
FIAKd0VmiaLQEVExItt4iANAxiX8Oiu2B4IeVhe1bGSNJ1uXCQqs12wr+CRh7YTA
J6Aq5S0Ozk6aGvl4AFAFOZUamXY/VVs6mH7WmfbFAi94qITu9kidesmRZ7UMgA2H
QROaO+oAcQIDAQABo4ICzzCCAsswHQYDVR0OBBYEFC9MKVOi9U0B+VvYsRaWeMK1
U2fwMB8GA1UdIwQYMBaAFBrpBcrSRh4cdmZJny99aLrf54G7MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTctNGMzYi05MDQz
LWEwZTdmZWJmMTY3ZC8yLzFBRTkwNUNBRDI0NjFFMUM3NjY2NDk5RjJGN0Q2OEJB
REZFNzgxQkIuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzg3MWRhNDBmLTc5M2Et
NGE0NS1hMGE5LTk3ODE0ODMyMWEwNy8wZWMxNzE1Ny02NmRlLTRhYWItODVlNy0y
OGFmNGRlNDMwZTIvZDkwZDhhYmEyYTIwYmU5MzhkMzExZjY0ZGJlNWE5MzA2NWUx
ZDMwYjI5Y2YwYTgzZGYuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUH
MAuGgY9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzA0MDMyYzhmLTFkNTctNGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8yLzMyMzMyZTMx
MzYzNDJlMzEzNTMzMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM1MzAzNTMx
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAF6SZMA0GCSqGSIb3DQEBCwUAA4IBAQCh5p4q/0JEDnDPBAR2
Li9Gia1N7yFIrjErJM7KdnnYnQRO7TG0r3JpQzghstU7HtekR0M0pJftDILO6Vsc
psvPeFrXg8odtqVARh1QtmYUIuavl1QMh4swIFIZwBrWm+bSY7J2tWLwtLczFTOB
+xRI4KOTjcFDgIDXpwKGl+DuEqZ7ZTQhx4vauympbhD26E8rgVpbrPXVsvZH59U0
VytoYAuh7Aesuj+hpKXGyJuDcgaNAUKZqa/WvTI00QArcBq4T+VWnEDPElLbXgHt
IxjCxPd0DcYvhg8OK23FEsYq51QtRqTIYy1DUBwzzCxyom/GgVr/PaDbxCKmTJEZ
x9Jq
-----END CERTIFICATE-----
Generated at Sat Apr 26 18:34:16 2025 by rpki-client