Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/7d0029-f330-4a66-bedc-42f2ff859373/1/xmQ5skD8YtPqUxW5yzoA6bHhREg.roa
File:                     xmQ5skD8YtPqUxW5yzoA6bHhREg.roa (raw, json)
Hash identifier:          JOTsRiuQWzCXcl+Wr2hE6xVJO7LXDTormwzqqmVX6eE=
Subject key identifier:   C6:64:39:B2:40:FC:62:D3:EA:53:15:B9:CB:3A:00:E9:B1:E1:44:48
Certificate issuer:       /CN=ec535f4c8680ce0dba4a03d95e665c93cc99ceb9
Certificate serial:       01958A6DD9F00C317802CE6F918E11AD8C7A
Authority key identifier: EC:53:5F:4C:86:80:CE:0D:BA:4A:03:D9:5E:66:5C:93:CC:99:CE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7FNfTIaAzg26SgPZXmZck8yZzrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/7d0029-f330-4a66-bedc-42f2ff859373/1/xmQ5skD8YtPqUxW5yzoA6bHhREg.roa
Signing time:             Wed 12 Mar 2025 12:56:49 +0000
ROA not before:           Wed 12 Mar 2025 12:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204671
IP address blocks:        2001:678:5e0::/48 maxlen: 48
                          2a14:b680::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8a:6d:d9:f0:0c:31:78:02:ce:6f:91:8e:11:ad:8c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec535f4c8680ce0dba4a03d95e665c93cc99ceb9
        Validity
            Not Before: Mar 12 12:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c66439b240fc62d3ea5315b9cb3a00e9b1e14448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:80:1f:9a:e4:b3:0f:f4:28:51:6e:55:c9:c2:
                    86:bc:7d:b2:d1:d9:e3:a6:78:f2:4a:ca:7f:c6:f0:
                    13:93:cb:31:40:e5:68:ab:31:6c:e4:4d:cb:2c:09:
                    86:ea:9f:84:eb:9f:49:aa:59:bd:8a:15:62:6c:9a:
                    16:2c:6e:b8:aa:7d:e6:77:c2:a4:5d:fe:43:49:be:
                    3a:11:c6:75:31:65:5b:15:37:a6:cd:ce:4d:c1:21:
                    db:25:b0:70:56:ad:4f:17:32:cf:30:10:a3:c8:de:
                    70:37:36:a8:e7:9e:0d:cf:3e:d0:06:9e:ce:4d:23:
                    09:7f:8e:71:38:e3:36:04:cc:8a:a1:42:db:18:60:
                    ff:4e:49:a5:b8:bb:20:51:88:1e:e7:c8:18:85:46:
                    5f:91:95:fa:f3:ac:c1:01:ea:be:af:56:33:31:55:
                    a3:76:bb:28:ea:13:f0:c4:cf:99:c6:57:ca:45:b2:
                    9f:45:cd:56:7b:f6:14:e1:6d:2f:0f:3f:0f:3e:d9:
                    7f:2b:4d:a1:36:d8:f3:da:49:8e:c8:7c:31:7d:e6:
                    b5:ce:e2:22:5f:be:f4:7e:a8:53:30:c9:f6:33:9a:
                    05:5d:24:12:6a:53:ff:90:d4:4c:85:8d:f0:6c:3b:
                    57:60:46:f6:54:e6:ed:81:62:f8:b5:6f:58:29:72:
                    d6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:64:39:B2:40:FC:62:D3:EA:53:15:B9:CB:3A:00:E9:B1:E1:44:48
            X509v3 Authority Key Identifier:
                keyid:EC:53:5F:4C:86:80:CE:0D:BA:4A:03:D9:5E:66:5C:93:CC:99:CE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7FNfTIaAzg26SgPZXmZck8yZzrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/7d0029-f330-4a66-bedc-42f2ff859373/1/xmQ5skD8YtPqUxW5yzoA6bHhREg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/7d0029-f330-4a66-bedc-42f2ff859373/1/7FNfTIaAzg26SgPZXmZck8yZzrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5e0::/48
                  2a14:b680::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:8d:36:19:53:9b:33:9f:32:31:1f:66:ea:e5:cf:20:c8:2e:
         a6:be:b4:e1:a0:77:d5:b6:2b:af:39:9c:52:2a:17:5f:b7:5a:
         b5:8e:35:23:dd:b6:4b:b3:6a:2a:49:0f:5f:42:a3:48:ad:43:
         e2:b7:30:eb:f4:08:bb:a4:a2:2d:b3:ac:83:fb:b1:60:8d:b4:
         23:af:2e:3d:0d:29:c5:be:3b:10:95:ab:28:17:b2:e8:08:4d:
         59:ca:25:59:11:16:7c:0c:0b:1d:20:30:0f:3b:85:33:bf:b9:
         08:f3:ec:ed:d4:db:cf:71:eb:18:8b:d1:78:88:47:3b:4f:36:
         9c:4d:12:36:a6:bb:88:0e:69:7f:91:fb:58:4c:5c:b3:c0:bd:
         95:d7:67:d2:cd:81:36:d8:e6:eb:f3:b9:21:3b:7b:b1:94:2e:
         cb:1c:90:25:71:68:6f:a2:1c:13:ec:73:b9:4d:04:2f:d9:48:
         51:b0:1d:b4:1a:c7:50:7f:23:40:b8:d4:22:3d:8d:50:51:57:
         7b:31:83:07:80:53:de:cf:e9:99:89:52:0b:a2:d6:31:64:6a:
         39:e5:d0:55:35:14:86:a4:64:59:b1:87:07:c2:b4:af:04:9e:
         23:e3:03:67:1f:fa:70:ee:27:e7:de:94:92:ed:e6:3e:43:9c:
         1c:9b:50:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWKbdnwDDF4As5vkY4RrYx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNTM1ZjRjODY4MGNlMGRiYTRhMDNkOTVlNjY1YzkzY2M5
OWNlYjkwHhcNMjUwMzEyMTI1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY0MzliMjQwZmM2MmQzZWE1MzE1YjljYjNhMDBlOWIxZTE0NDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioAfmuSzD/QoUW5VycKGvH2y0dnj
pnjySsp/xvATk8sxQOVoqzFs5E3LLAmG6p+E659Jqlm9ihVibJoWLG64qn3md8Kk
Xf5DSb46EcZ1MWVbFTemzc5NwSHbJbBwVq1PFzLPMBCjyN5wNzao554Nzz7QBp7O
TSMJf45xOOM2BMyKoULbGGD/TkmluLsgUYge58gYhUZfkZX686zBAeq+r1YzMVWj
drso6hPwxM+ZxlfKRbKfRc1We/YU4W0vDz8PPtl/K02hNtjz2kmOyHwxfea1zuIi
X770fqhTMMn2M5oFXSQSalP/kNRMhY3wbDtXYEb2VObtgWL4tW9YKXLWtQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMZkObJA/GLT6lMVucs6AOmx4URIMB8GA1UdIwQY
MBaAFOxTX0yGgM4NukoD2V5mXJPMmc65MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0ZOZlRJYUF6ZzI2U2dQWlhtWmNrOHlaenJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS83ZDAwMjktZjMzMC00YTY2LWJlZGMt
NDJmMmZmODU5MzczLzEveG1RNXNrRDhZdFBxVXhXNXl6b0E2YkhoUkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS83ZDAwMjktZjMzMC00YTY2LWJlZGMtNDJmMmZmODU5Mzcz
LzEvN0ZOZlRJYUF6ZzI2U2dQWlhtWmNrOHlaenJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAXg
AwcAKhS2gAAAMA0GCSqGSIb3DQEBCwUAA4IBAQChjTYZU5sznzIxH2bq5c8gyC6m
vrThoHfVtiuvOZxSKhdft1q1jjUj3bZLs2oqSQ9fQqNIrUPitzDr9Ai7pKIts6yD
+7FgjbQjry49DSnFvjsQlasoF7LoCE1ZyiVZERZ8DAsdIDAPO4Uzv7kI8+zt1NvP
cesYi9F4iEc7TzacTRI2pruIDml/kftYTFyzwL2V12fSzYE22Obr87khO3uxlC7L
HJAlcWhvohwT7HO5TQQv2UhRsB20GsdQfyNAuNQiPY1QUVd7MYMHgFPez+mZiVIL
otYxZGo55dBVNRSGpGRZsYcHwrSvBJ4j4wNnH/pw7ifn3pSS7eY+Q5wcm1A7
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:29:15 2025 by rpki-client on console.sobornost.net