Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/8bfab3-0671-475e-8203-937376eb23da/1/gPEIYB37Zc_OzakKWk3m7XL2shI.roa
File:                     gPEIYB37Zc_OzakKWk3m7XL2shI.roa (raw, json)
Hash identifier:          ogeQ+ihI5RkgX54TXQ3mk3J6Yi4w+GDOualWoIRTMes=
Subject key identifier:   80:F1:08:60:1D:FB:65:CF:CE:CD:A9:0A:5A:4D:E6:ED:72:F6:B2:12
Certificate issuer:       /CN=e8697eeb84673d81c3b7c07166d96cac1645f833
Certificate serial:       019614365F80AFCAE4557537934288A5598F
Authority key identifier: E8:69:7E:EB:84:67:3D:81:C3:B7:C0:71:66:D9:6C:AC:16:45:F8:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Gl-64RnPYHDt8BxZtlsrBZF-DM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/8bfab3-0671-475e-8203-937376eb23da/1/gPEIYB37Zc_OzakKWk3m7XL2shI.roa
Signing time:             Tue 08 Apr 2025 07:03:49 +0000
ROA not before:           Tue 08 Apr 2025 07:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198211
IP address blocks:        45.146.216.0/22 maxlen: 22
                          45.146.216.0/24 maxlen: 24
                          194.107.93.0/24 maxlen: 24
                          194.107.94.0/24 maxlen: 24
                          194.107.95.0/24 maxlen: 24
                          2a0f:3800::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:36:5f:80:af:ca:e4:55:75:37:93:42:88:a5:59:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8697eeb84673d81c3b7c07166d96cac1645f833
        Validity
            Not Before: Apr  8 07:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80f108601dfb65cfcecda90a5a4de6ed72f6b212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6c:12:01:8e:9f:32:f1:bd:d1:a0:93:57:66:
                    b1:b4:df:5b:4a:1e:61:6b:eb:98:10:cb:a0:8d:f9:
                    bd:3b:72:08:4f:50:c1:43:8e:41:20:5e:3e:2a:f1:
                    f0:50:ff:f7:24:8c:f6:dc:a5:a2:2f:aa:5d:64:b3:
                    4d:dd:12:a9:5d:2c:61:5f:f6:d4:93:0a:c3:25:17:
                    4a:7f:d0:a3:c0:9f:44:55:56:18:00:7e:a8:d9:1a:
                    43:ea:3f:26:56:e5:80:a5:5f:a6:ec:92:d2:6d:bc:
                    9c:d7:70:39:31:f8:dd:7c:ff:c5:58:68:9d:85:ce:
                    cd:3c:1f:b1:57:bb:3f:01:cc:38:ff:c9:c5:48:43:
                    d1:d6:5f:e4:91:69:83:57:b5:82:af:80:fb:71:f4:
                    ae:39:aa:04:b1:77:8c:61:07:be:42:63:a7:88:dc:
                    37:b0:96:5f:c9:21:6f:22:8e:84:c6:af:6b:99:59:
                    ba:be:b3:e5:18:83:6a:58:0d:a5:dd:de:28:5a:87:
                    0d:06:7a:7b:7e:8b:59:6d:26:df:45:04:12:f6:a8:
                    6b:db:98:3a:ef:22:63:9c:ec:a6:de:3f:74:4f:82:
                    8a:72:92:8a:db:ac:ce:07:35:c3:43:fe:5f:c1:2f:
                    f5:07:e8:d8:63:cc:00:df:d3:72:c4:1b:0e:2f:77:
                    3d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:F1:08:60:1D:FB:65:CF:CE:CD:A9:0A:5A:4D:E6:ED:72:F6:B2:12
            X509v3 Authority Key Identifier:
                keyid:E8:69:7E:EB:84:67:3D:81:C3:B7:C0:71:66:D9:6C:AC:16:45:F8:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Gl-64RnPYHDt8BxZtlsrBZF-DM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/8bfab3-0671-475e-8203-937376eb23da/1/gPEIYB37Zc_OzakKWk3m7XL2shI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/8bfab3-0671-475e-8203-937376eb23da/1/6Gl-64RnPYHDt8BxZtlsrBZF-DM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.216.0/22
                  194.107.93.0-194.107.95.255
                IPv6:
                  2a0f:3800::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:a9:6c:43:11:d3:f8:f8:8e:2e:4f:10:a4:c4:b4:f0:d1:20:
         78:df:b6:72:d4:d2:7b:19:e5:0a:20:0f:0e:3c:3d:3e:ce:d4:
         4e:37:f4:5b:08:aa:36:d1:c0:24:74:c2:41:f7:c6:a1:1a:98:
         27:c3:37:c8:8f:e0:5f:f4:18:1e:20:01:5a:de:98:16:95:c2:
         32:28:bf:2b:ef:45:e2:83:48:78:12:27:56:10:1b:7f:be:38:
         87:6c:02:ad:92:0d:1c:37:75:79:51:4d:71:16:f5:1a:ae:af:
         aa:2a:66:05:c6:30:79:8a:dd:97:14:40:9a:ea:6f:00:e4:00:
         e6:54:87:e1:93:3c:ab:f5:fa:80:be:67:c8:2e:29:87:7f:1e:
         50:68:29:b5:bc:f1:8c:ba:d6:4e:3d:3c:66:e1:51:82:76:02:
         7b:ad:d0:44:f9:54:7c:ae:86:e5:60:34:1a:1c:b8:f6:70:67:
         fc:3a:9b:6d:0f:42:c4:29:fa:55:b6:d2:61:8c:fd:cb:25:3a:
         7f:a8:ef:eb:5f:bd:51:82:34:d3:ad:07:4b:83:73:aa:2d:ca:
         28:38:24:3e:8e:b6:7c:a5:ae:44:95:36:26:c7:6f:a8:fe:02:
         41:78:f2:63:35:17:5d:7b:db:c6:0b:63:ca:77:8a:85:8a:23:
         73:ff:19:c1
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZYUNl+Ar8rkVXU3k0KIpVmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Njk3ZWViODQ2NzNkODFjM2I3YzA3MTY2ZDk2Y2FjMTY0
NWY4MzMwHhcNMjUwNDA4MDcwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGYxMDg2MDFkZmI2NWNmY2VjZGE5MGE1YTRkZTZlZDcyZjZiMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmwSAY6fMvG90aCTV2axtN9bSh5h
a+uYEMugjfm9O3IIT1DBQ45BIF4+KvHwUP/3JIz23KWiL6pdZLNN3RKpXSxhX/bU
kwrDJRdKf9CjwJ9EVVYYAH6o2RpD6j8mVuWApV+m7JLSbbyc13A5MfjdfP/FWGid
hc7NPB+xV7s/Acw4/8nFSEPR1l/kkWmDV7WCr4D7cfSuOaoEsXeMYQe+QmOniNw3
sJZfySFvIo6Exq9rmVm6vrPlGINqWA2l3d4oWocNBnp7fotZbSbfRQQS9qhr25g6
7yJjnOym3j90T4KKcpKK26zOBzXDQ/5fwS/1B+jYY8wA39NyxBsOL3c9FQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIDxCGAd+2XPzs2pClpN5u1y9rISMB8GA1UdIwQY
MBaAFOhpfuuEZz2Bw7fAcWbZbKwWRfgzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkdsLTY0Um5QWUhEdDhCeFp0bHNyQlpGLURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy84YmZhYjMtMDY3MS00NzVlLTgyMDMt
OTM3Mzc2ZWIyM2RhLzEvZ1BFSVlCMzdaY19PemFrS1drM203WEwyc2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy84YmZhYjMtMDY3MS00NzVlLTgyMDMtOTM3Mzc2ZWIyM2Rh
LzEvNkdsLTY0Um5QWUhEdDhCeFp0bHNyQlpGLURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCLZLYMAwD
BADCa10DBAXCa0AwDQQCAAIwBwMFAyoPOAAwDQYJKoZIhvcNAQELBQADggEBAGap
bEMR0/j4ji5PEKTEtPDRIHjftnLU0nsZ5QogDw48PT7O1E439FsIqjbRwCR0wkH3
xqEamCfDN8iP4F/0GB4gAVremBaVwjIovyvvReKDSHgSJ1YQG3++OIdsAq2SDRw3
dXlRTXEW9Rqur6oqZgXGMHmK3ZcUQJrqbwDkAOZUh+GTPKv1+oC+Z8guKYd/HlBo
KbW88Yy61k49PGbhUYJ2Anut0ET5VHyuhuVgNBocuPZwZ/w6m20PQsQp+lW20mGM
/cslOn+o7+tfvVGCNNOtB0uDc6otyig4JD6OtnylrkSVNibHb6j+AkF48mM1F117
28YLY8p3ioWKI3P/GcE=
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:26:46 2025 by rpki-client on console.sobornost.net