Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_sj9Ylaik4YqB8y7OBxClcIZLxU.roa
File:                     _sj9Ylaik4YqB8y7OBxClcIZLxU.roa (raw, json)
Hash identifier:          QNiPOg+TZvfz6bHlZA472TLT6C+bS61LTWcVqncP8KI=
Subject key identifier:   FE:C8:FD:62:56:A2:93:86:2A:07:CC:BB:38:1C:42:95:C2:19:2F:15
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018998BCF3DA433B75A16BBDD9DEE7AE11F7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_sj9Ylaik4YqB8y7OBxClcIZLxU.roa
Signing time:             Thu 27 Jul 2023 19:04:27 +0000
ROA not before:           Thu 27 Jul 2023 19:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:98bc:d8c0/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:98:bc:f3:da:43:3b:75:a1:6b:bd:d9:de:e7:ae:11:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 27 19:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fec8fd6256a293862a07ccbb381c4295c2192f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2f:07:25:aa:15:10:1e:3c:8c:cf:84:45:55:
                    22:64:a5:c3:de:e8:7a:4c:50:e3:fb:07:7d:aa:84:
                    f0:7e:53:95:67:45:f0:a6:bb:3d:8a:bb:a3:54:15:
                    7e:ad:aa:d4:ef:d6:c6:e8:09:1e:c6:ac:35:3c:56:
                    10:3a:ec:d8:62:4c:57:00:04:79:fa:2f:d6:8e:ce:
                    b4:b3:17:34:5c:1c:a4:3e:7f:c4:79:62:0d:04:ae:
                    c8:fd:3d:66:e7:7f:6f:e7:36:57:bc:2c:78:b6:80:
                    64:ff:f1:b4:30:95:e6:8b:c0:36:3a:0f:b8:8f:8f:
                    b9:93:f7:f3:dd:3c:f8:bf:97:72:20:ca:a6:b9:4e:
                    cb:4b:bc:4a:1a:5d:ba:52:9b:23:02:f7:d6:25:27:
                    c9:ad:8c:15:62:84:f4:a3:89:80:91:3c:3b:16:c4:
                    47:de:9d:8e:28:dd:f1:3d:87:70:6f:50:16:eb:cd:
                    df:0b:21:2b:86:ab:71:98:47:92:ed:62:e8:bf:96:
                    7d:6c:03:4b:32:fc:b7:bb:6f:05:e6:7b:6f:6d:a9:
                    59:4d:f6:1e:35:79:2b:19:51:4c:e3:3e:ce:34:4b:
                    ad:74:ac:44:b9:79:10:cb:2f:31:a1:3a:da:af:f4:
                    2e:76:28:40:a9:8d:88:4e:be:66:56:57:33:9f:2a:
                    4b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:C8:FD:62:56:A2:93:86:2A:07:CC:BB:38:1C:42:95:C2:19:2F:15
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_sj9Ylaik4YqB8y7OBxClcIZLxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:84:3f:14:e1:58:d6:c4:93:56:e6:f4:b1:21:8b:36:f2:8d:
         f0:38:de:4f:6b:a3:a3:bb:c9:8b:bb:fe:e9:10:81:64:71:63:
         60:18:db:eb:dd:e7:8e:55:95:b6:f8:46:d4:c8:86:df:92:cf:
         4e:f5:67:10:de:5f:ca:45:e0:e1:03:92:d9:62:8d:74:a6:bc:
         33:3c:1c:03:6b:f0:7e:49:ad:66:bf:b7:18:fc:37:20:a8:a7:
         8c:65:5e:87:df:74:ed:a3:87:2c:5f:b1:09:08:cf:5b:31:5a:
         43:cf:e4:d0:0e:fe:02:ba:cc:81:bb:79:d2:b4:5a:32:9d:95:
         9e:61:d7:b9:b2:13:19:c7:fa:51:76:d0:13:26:ba:90:eb:1c:
         d5:cb:65:64:c7:e2:26:5b:a7:7d:61:59:80:a1:2b:f3:d1:9b:
         17:e7:fd:1f:47:d8:8a:ed:fe:e6:d4:a5:cd:65:fb:3c:f7:af:
         40:07:e6:34:72:26:8d:94:aa:40:e9:71:0b:ed:db:a4:c8:37:
         3d:f5:af:5b:07:30:ff:f8:7e:60:fb:8b:a9:0e:de:a0:9f:4a:
         f9:e5:33:a3:98:aa:72:90:b9:80:f6:e2:25:9f:29:22:e0:3a:
         54:ac:2d:37:0b:71:b4:9c:45:d6:77:be:c1:a1:60:87:97:5a:
         70:cd:82:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmYvPPaQzt1oWu92d7nrhH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI3MTkwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWM4ZmQ2MjU2YTI5Mzg2MmEwN2NjYmIzODFjNDI5NWMyMTkyZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly8HJaoVEB48jM+ERVUiZKXD3uh6
TFDj+wd9qoTwflOVZ0Xwprs9irujVBV+rarU79bG6Akexqw1PFYQOuzYYkxXAAR5
+i/Wjs60sxc0XBykPn/EeWINBK7I/T1m539v5zZXvCx4toBk//G0MJXmi8A2Og+4
j4+5k/fz3Tz4v5dyIMqmuU7LS7xKGl26UpsjAvfWJSfJrYwVYoT0o4mAkTw7FsRH
3p2OKN3xPYdwb1AW683fCyErhqtxmEeS7WLov5Z9bANLMvy3u28F5ntvbalZTfYe
NXkrGVFM4z7ONEutdKxEuXkQyy8xoTrar/QudihAqY2ITr5mVlcznypL5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP7I/WJWopOGKgfMuzgcQpXCGS8VMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX3NqOVlsYWlrNFlxQjh5N09CeENsY0laTHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAeEPxThWNbEk1bm9LEh
izbyjfA43k9ro6O7yYu7/ukQgWRxY2AY2+vd545Vlbb4RtTIht+Sz071ZxDeX8pF
4OEDktlijXSmvDM8HANr8H5JrWa/txj8NyCop4xlXoffdO2jhyxfsQkIz1sxWkPP
5NAO/gK6zIG7edK0WjKdlZ5h17myExnH+lF20BMmupDrHNXLZWTH4iZbp31hWYCh
K/PRmxfn/R9H2Irt/ubUpc1l+zz3r0AH5jRyJo2UqkDpcQvt26TINz31r1sHMP/4
fmD7i6kO3qCfSvnlM6OYqnKQuYD24iWfKSLgOlSsLTcLcbScRdZ3vsGhYIeXWnDN
gvw=
-----END CERTIFICATE-----
Generated at Thu May 1 23:34:46 2025 by rpki-client