Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fg2k2inKtrL8eRUjhMjUyBNC_Xg.roa
File:                     Fg2k2inKtrL8eRUjhMjUyBNC_Xg.roa (raw, json)
Hash identifier:          itKsHCBTfqNcIHggVVIZx+lAjeVDJNnL35bEPYqndUc=
Subject key identifier:   16:0D:A4:DA:29:CA:B6:B2:FC:79:15:23:84:C8:D4:C8:13:42:FD:78
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018673443DF4E834473C2BA1713D51EBEA33
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fg2k2inKtrL8eRUjhMjUyBNC_Xg.roa
Signing time:             Tue 21 Feb 2023 09:18:17 +0000
ROA not before:           Tue 21 Feb 2023 09:18:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:73:44:3d:f4:e8:34:47:3c:2b:a1:71:3d:51:eb:ea:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 21 09:18:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=160da4da29cab6b2fc79152384c8d4c81342fd78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:23:33:07:0e:33:ad:50:f8:82:ee:bd:84:6e:
                    64:15:17:7e:dc:c8:ad:78:5c:24:b6:94:91:2b:61:
                    14:3e:1b:1a:4a:22:21:78:f4:84:81:03:ee:76:bc:
                    20:4a:70:1f:7b:ae:52:f2:f9:e7:7f:c6:58:9d:7d:
                    08:4c:6f:57:17:2b:cf:e5:5d:b9:fd:fe:cf:f7:25:
                    80:10:f6:b2:cc:b1:20:8b:f8:f5:5f:7f:6b:0f:c5:
                    25:20:72:c3:11:ed:72:fd:e6:a4:50:02:44:77:09:
                    82:0e:37:84:45:00:82:c8:dc:c1:fa:c6:af:c9:50:
                    6b:dc:15:5a:1e:37:e1:4f:87:95:f5:9a:3d:45:fc:
                    d0:13:0f:e2:ba:8f:92:20:c6:5f:04:54:5d:7b:d6:
                    99:8c:4b:37:90:06:fe:33:7f:ed:5a:27:9c:c9:8a:
                    b7:32:1d:a3:d0:2d:6a:15:f4:60:9c:bb:01:f1:81:
                    c2:11:a0:3c:be:ee:f7:1f:3d:11:ed:55:d5:f5:5c:
                    9a:4e:7b:22:30:f5:27:7e:85:29:ff:9c:57:ef:20:
                    25:16:ee:5c:db:cc:b9:8d:d8:61:4c:74:63:54:7a:
                    bf:e3:63:c1:0f:2c:94:f4:ef:e6:81:b0:fd:45:89:
                    72:94:bc:91:4c:5d:b5:ec:64:f6:bb:39:77:e0:2d:
                    1a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:0D:A4:DA:29:CA:B6:B2:FC:79:15:23:84:C8:D4:C8:13:42:FD:78
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fg2k2inKtrL8eRUjhMjUyBNC_Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:5b:c8:be:ba:4d:18:31:34:24:b7:31:03:e3:55:56:87:e6:
         5e:03:f9:af:eb:10:8f:13:d7:6c:ea:9c:92:3f:db:af:90:b5:
         fd:68:f6:b6:78:06:e4:f4:39:4d:68:8e:f2:01:ec:fa:df:b5:
         15:53:20:a0:a8:24:b7:6f:f4:2c:fd:05:d3:0a:42:bd:69:d3:
         ad:11:ed:30:ae:6a:2b:8b:68:68:3b:5b:7a:2e:8c:a3:a1:61:
         61:bf:6f:f1:ba:3d:e8:1d:e9:c3:21:3c:5b:fc:42:48:26:8e:
         4a:d6:51:a0:5a:c1:c2:55:e3:eb:82:3d:0e:74:1f:91:b5:23:
         88:8c:0d:44:ba:ee:83:a7:b2:5a:d7:9b:16:e7:1f:69:9a:68:
         db:6b:23:d6:3b:5f:71:ac:1c:d1:a6:71:c6:69:fb:2c:b2:66:
         b1:52:dd:37:aa:94:c8:19:27:9f:de:ee:c3:c6:6b:77:b3:de:
         85:c4:23:a6:fe:29:56:b7:66:f6:6a:60:30:37:ef:a7:73:19:
         34:ed:dd:37:aa:b4:0e:99:8a:ca:ae:b5:91:8d:f1:e5:3f:d0:
         fc:b7:ee:3b:4e:5b:5a:20:67:e2:36:6e:86:33:93:9c:21:69:
         00:ba:f2:99:fb:e1:97:c4:0e:df:d2:8a:47:2a:40:69:ea:9a:
         cc:6b:6c:36
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZzRD306DRHPCuhcT1R6+ozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjIxMDkxODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjBkYTRkYTI5Y2FiNmIyZmM3OTE1MjM4NGM4ZDRjODEzNDJmZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiMzBw4zrVD4gu69hG5kFRd+3Mit
eFwktpSRK2EUPhsaSiIhePSEgQPudrwgSnAfe65S8vnnf8ZYnX0ITG9XFyvP5V25
/f7P9yWAEPayzLEgi/j1X39rD8UlIHLDEe1y/eakUAJEdwmCDjeERQCCyNzB+sav
yVBr3BVaHjfhT4eV9Zo9RfzQEw/iuo+SIMZfBFRde9aZjEs3kAb+M3/tWiecyYq3
Mh2j0C1qFfRgnLsB8YHCEaA8vu73Hz0R7VXV9VyaTnsiMPUnfoUp/5xX7yAlFu5c
28y5jdhhTHRjVHq/42PBDyyU9O/mgbD9RYlylLyRTF217GT2uzl34C0aiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBYNpNopyray/HkVI4TI1MgTQv14MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRmcyazJpbkt0ckw4ZVJVamhNalV5Qk5DX1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACJbyL66TRgxNCS3MQPj
VVaH5l4D+a/rEI8T12zqnJI/26+Qtf1o9rZ4BuT0OU1ojvIB7PrftRVTIKCoJLdv
9Cz9BdMKQr1p060R7TCuaiuLaGg7W3oujKOhYWG/b/G6Pegd6cMhPFv8QkgmjkrW
UaBawcJV4+uCPQ50H5G1I4iMDUS67oOnslrXmxbnH2maaNtrI9Y7X3GsHNGmccZp
+yyyZrFS3TeqlMgZJ5/e7sPGa3ez3oXEI6b+KVa3ZvZqYDA376dzGTTt3TeqtA6Z
isqutZGN8eU/0Py37jtOW1ogZ+I2boYzk5whaQC68pn74ZfEDt/SikcqQGnqmsxr
bDY=
-----END CERTIFICATE-----
Generated at Fri May 2 00:08:17 2025 by rpki-client