Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Qj0EGikLitQFgqEHGkaYq204rko.roa
File:                     Qj0EGikLitQFgqEHGkaYq204rko.roa (raw, json)
Hash identifier:          g/HbxbgwttqOvc+q2RTTGtRbiWZi0OOdnd2K/7LN+xo=
Subject key identifier:   42:3D:04:1A:29:0B:8A:D4:05:82:A1:07:1A:46:98:AB:6D:38:AE:4A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01848D7611BFBB669F6B4327AE6E90F0CF97
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Qj0EGikLitQFgqEHGkaYq204rko.roa
Signing time:             Sat 19 Nov 2022 01:17:16 +0000
ROA not before:           Sat 19 Nov 2022 01:17:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8d:76:11:bf:bb:66:9f:6b:43:27:ae:6e:90:f0:cf:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Nov 19 01:17:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=423d041a290b8ad40582a1071a4698ab6d38ae4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:86:5c:56:ea:38:eb:9f:d5:ad:47:7c:01:30:
                    c2:b1:8d:6a:41:3b:6a:57:e2:db:95:62:f5:b5:84:
                    93:fd:65:19:77:23:c0:38:92:cb:06:41:2e:ab:1e:
                    9e:d3:06:0e:01:87:bc:79:a0:36:49:26:f5:7e:db:
                    61:26:19:38:75:9b:46:69:01:5d:02:42:55:a4:b8:
                    0e:0f:80:84:e8:f9:4a:c7:44:a3:4d:d2:7b:cd:5d:
                    16:8c:77:bc:5d:6a:67:b1:ee:21:c9:53:6b:6a:8b:
                    4f:48:8e:74:5c:f6:38:ed:8d:21:70:da:70:1e:ba:
                    0e:f6:de:43:8b:6d:06:89:93:70:a7:c4:61:3f:97:
                    f1:62:1a:37:5f:4b:4e:90:12:63:62:c7:1e:c0:96:
                    40:1f:eb:65:f0:8d:4e:8f:df:f9:a2:4b:b8:1f:33:
                    9a:db:65:3f:8d:d6:03:b0:9d:3d:b8:3e:04:6f:88:
                    42:a9:b7:5a:8a:cf:cf:f8:24:93:cf:ca:ea:66:e5:
                    73:02:ba:a5:9b:10:fc:94:e1:ed:61:10:bc:11:88:
                    bd:9e:41:63:c4:6e:01:8d:6f:db:61:4c:f1:8d:f7:
                    77:c7:47:0d:fa:85:e8:a2:03:2f:fc:42:a5:b5:94:
                    18:6e:7f:cb:17:5b:94:e5:ed:87:86:bc:94:b7:30:
                    54:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3D:04:1A:29:0B:8A:D4:05:82:A1:07:1A:46:98:AB:6D:38:AE:4A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Qj0EGikLitQFgqEHGkaYq204rko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:f0:79:9d:2a:b1:4e:28:a0:84:5d:99:b7:92:69:19:9f:a6:
         75:b9:c7:ba:59:fe:4b:bb:a2:77:3e:47:65:93:78:27:70:31:
         a7:cd:3e:db:f5:24:e3:89:ff:25:99:ed:bc:75:15:29:e2:bb:
         01:6c:73:3f:ca:55:6f:f1:10:a3:11:f3:85:be:0d:7d:c2:8e:
         ff:f0:11:22:ff:6e:d9:64:6b:43:9b:65:15:6e:7a:cd:4a:56:
         63:0e:ca:b9:2d:51:7e:89:f6:3e:10:56:28:fb:83:5c:9c:a5:
         70:95:1e:a9:e5:bf:bd:6a:10:ca:4d:92:ea:c8:16:39:eb:14:
         9a:62:21:d9:cf:19:71:32:d8:23:70:1c:d7:bd:5c:f5:b6:36:
         65:c6:74:f9:88:0f:ba:1d:59:52:af:41:6d:0a:b0:56:f3:13:
         07:c6:b8:f5:1f:99:2b:b9:a5:1e:54:f0:ca:08:2a:9f:6e:87:
         3d:f0:54:f1:4e:36:e0:6a:97:ac:54:3f:1f:66:29:ab:6f:e0:
         39:84:5c:9f:2f:53:15:db:a8:7c:1d:5e:df:28:f4:fd:a0:44:
         10:5a:ec:1c:96:a2:ca:67:ee:a5:bd:ac:a3:3b:aa:96:56:3b:
         2c:65:be:c1:97:ee:d1:b0:0c:f3:2f:9c:66:4f:62:34:e7:c8:
         83:ea:69:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYSNdhG/u2afa0Mnrm6Q8M+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMTE5MDExNzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjNkMDQxYTI5MGI4YWQ0MDU4MmExMDcxYTQ2OThhYjZkMzhhZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoZcVuo465/VrUd8ATDCsY1qQTtq
V+LblWL1tYST/WUZdyPAOJLLBkEuqx6e0wYOAYe8eaA2SSb1ftthJhk4dZtGaQFd
AkJVpLgOD4CE6PlKx0SjTdJ7zV0WjHe8XWpnse4hyVNraotPSI50XPY47Y0hcNpw
HroO9t5Di20GiZNwp8RhP5fxYho3X0tOkBJjYscewJZAH+tl8I1Oj9/5oku4HzOa
22U/jdYDsJ09uD4Eb4hCqbdais/P+CSTz8rqZuVzArqlmxD8lOHtYRC8EYi9nkFj
xG4BjW/bYUzxjfd3x0cN+oXoogMv/EKltZQYbn/LF1uU5e2HhryUtzBUAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEI9BBopC4rUBYKhBxpGmKttOK5KMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUWowRUdpa0xpdFFGZ3FFSEdrYVlxMjA0cmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAArweZ0qsU4ooIRdmbeS
aRmfpnW5x7pZ/ku7onc+R2WTeCdwMafNPtv1JOOJ/yWZ7bx1FSniuwFscz/KVW/x
EKMR84W+DX3Cjv/wESL/btlka0ObZRVues1KVmMOyrktUX6J9j4QVij7g1ycpXCV
Hqnlv71qEMpNkurIFjnrFJpiIdnPGXEy2CNwHNe9XPW2NmXGdPmID7odWVKvQW0K
sFbzEwfGuPUfmSu5pR5U8MoIKp9uhz3wVPFONuBql6xUPx9mKatv4DmEXJ8vUxXb
qHwdXt8o9P2gRBBa7ByWospn7qW9rKM7qpZWOyxlvsGX7tGwDPMvnGZPYjTnyIPq
aRo=
-----END CERTIFICATE-----
Generated at Thu May 1 23:59:47 2025 by rpki-client