Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hXD9UCi3-ERGgNl88yc2qIUvZ38.roa
File:                     hXD9UCi3-ERGgNl88yc2qIUvZ38.roa (raw, json)
Hash identifier:          +MYuI2PMOYSzLORS/uWM6fNrAMOVDAwZ+9vdVZpkWC0=
Subject key identifier:   85:70:FD:50:28:B7:F8:44:46:80:D9:7C:F3:27:36:A8:85:2F:67:7F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018826667CBB2C5590709D4F57F029777184
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hXD9UCi3-ERGgNl88yc2qIUvZ38.roa
Signing time:             Tue 16 May 2023 21:10:30 +0000
ROA not before:           Tue 16 May 2023 21:10:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:26:66:7c:bb:2c:55:90:70:9d:4f:57:f0:29:77:71:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 21:10:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8570fd5028b7f8444680d97cf32736a8852f677f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:35:bd:7b:ce:0c:4b:2f:a3:8f:d1:5c:66:6f:
                    d4:d0:a7:1e:bf:cd:32:6b:60:66:98:2a:34:a2:6a:
                    80:7f:54:85:ad:b7:7d:1e:ab:86:48:6c:1a:87:38:
                    de:bb:96:cd:a2:41:30:38:28:ad:d1:31:e5:02:7c:
                    1d:99:5a:d9:f5:33:75:73:ae:3a:8a:d2:b6:e5:51:
                    d1:65:1b:c2:1c:81:23:9a:3f:6d:dc:72:82:6f:ba:
                    b8:cc:9a:1c:56:7c:bc:eb:63:18:34:0c:67:8e:5b:
                    e1:c6:c3:c3:af:0a:2b:f6:31:f0:37:c6:b6:b0:cb:
                    1a:ba:cd:03:70:5d:66:6d:e8:15:d3:0b:c3:69:17:
                    bc:05:7d:da:28:cc:4e:72:62:27:89:5c:ed:b6:ae:
                    1f:8a:36:28:f9:73:78:d9:cc:86:73:f8:22:a5:fa:
                    76:b0:96:88:6e:2d:23:6a:4d:df:2e:c5:eb:bf:87:
                    c7:16:1f:94:36:47:b5:b8:ca:6e:24:e2:d8:c6:3f:
                    db:df:5d:67:84:1c:92:5c:44:55:15:e7:72:c3:44:
                    80:c0:81:98:79:e1:76:1d:a1:20:55:5b:22:6b:c9:
                    e0:c8:fa:cc:58:6b:37:9d:43:07:9a:ff:78:6f:4c:
                    fd:84:81:cb:4b:22:52:80:68:da:e0:d7:a2:3a:e5:
                    29:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:70:FD:50:28:B7:F8:44:46:80:D9:7C:F3:27:36:A8:85:2F:67:7F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hXD9UCi3-ERGgNl88yc2qIUvZ38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:94:8b:69:ad:14:99:83:06:c1:1b:ef:bf:b6:00:e6:57:ec:
         c2:e6:fa:16:ea:18:58:d1:e9:01:8b:b5:6a:06:31:f4:df:f8:
         c2:af:0f:cf:e9:71:0d:3f:a1:1e:06:80:56:21:c6:f0:07:f3:
         9f:2f:40:49:50:44:65:70:22:57:2f:34:d7:eb:aa:f3:b5:9e:
         5d:87:32:ed:7a:fb:90:13:ac:3c:ea:be:10:91:6d:8f:43:a7:
         6d:4f:26:31:94:bb:ae:21:79:6e:08:95:bf:0f:47:64:02:5a:
         1c:52:d0:9c:5e:9a:2a:ca:fb:43:6c:96:b9:37:21:48:66:a9:
         b7:11:95:87:2d:53:a3:a9:ce:9d:4b:65:b4:a6:e3:62:58:6c:
         38:7c:40:70:81:cc:31:ec:de:ad:85:12:18:89:55:46:be:b8:
         57:2c:3d:2c:19:7b:de:03:dc:93:9e:23:75:00:37:58:a9:46:
         98:85:12:4e:76:0c:cc:52:dd:51:6f:3c:70:fe:dc:8b:9a:a4:
         3f:20:0d:c9:dc:d8:1d:8f:c2:09:e5:ad:8b:ad:95:e8:6d:1d:
         b4:5d:e4:c2:4a:6b:e8:6b:a2:b4:a2:f4:4f:f6:61:2b:85:5f:
         c3:c9:05:9f:b8:f8:5f:e4:a3:19:2f:7c:cd:d1:71:5a:f8:ca:
         af:f4:ec:c5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgmZny7LFWQcJ1PV/Apd3GEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MjExMDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcwZmQ1MDI4YjdmODQ0NDY4MGQ5N2NmMzI3MzZhODg1MmY2NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTW9e84MSy+jj9FcZm/U0Kcev80y
a2BmmCo0omqAf1SFrbd9HquGSGwahzjeu5bNokEwOCit0THlAnwdmVrZ9TN1c646
itK25VHRZRvCHIEjmj9t3HKCb7q4zJocVny862MYNAxnjlvhxsPDrwor9jHwN8a2
sMsaus0DcF1mbegV0wvDaRe8BX3aKMxOcmIniVzttq4fijYo+XN42cyGc/gipfp2
sJaIbi0jak3fLsXrv4fHFh+UNke1uMpuJOLYxj/b311nhBySXERVFedyw0SAwIGY
eeF2HaEgVVsia8ngyPrMWGs3nUMHmv94b0z9hIHLSyJSgGja4NeiOuUpYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIVw/VAot/hERoDZfPMnNqiFL2d/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaFhEOVVDaTMtRVJHZ05sODh5YzJxSVV2WjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEuUi2mtFJmDBsEb77+2
AOZX7MLm+hbqGFjR6QGLtWoGMfTf+MKvD8/pcQ0/oR4GgFYhxvAH858vQElQRGVw
IlcvNNfrqvO1nl2HMu16+5ATrDzqvhCRbY9Dp21PJjGUu64heW4Ilb8PR2QCWhxS
0JxemirK+0Nslrk3IUhmqbcRlYctU6Opzp1LZbSm42JYbDh8QHCBzDHs3q2FEhiJ
VUa+uFcsPSwZe94D3JOeI3UAN1ipRpiFEk52DMxS3VFvPHD+3IuapD8gDcnc2B2P
wgnlrYutlehtHbRd5MJKa+hrorSi9E/2YSuFX8PJBZ+4+F/koxkvfM3RcVr4yq/0
7MU=
-----END CERTIFICATE-----
Generated at Fri May 2 00:08:21 2025 by rpki-client