Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jicCfenSLiZcSHyKrbmV_F0x0Vo.roa
File:                     jicCfenSLiZcSHyKrbmV_F0x0Vo.roa (raw, json)
Hash identifier:          w16aZGMCJCh6RmBmFcnBVonqmGPg2BwpJAoQTwg1/6I=
Subject key identifier:   8E:27:02:7D:E9:D2:2E:26:5C:48:7C:8A:AD:B9:95:FC:5D:31:D1:5A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018582B200A9433CF27AC4CC9934D7DA4B1E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jicCfenSLiZcSHyKrbmV_F0x0Vo.roa
Signing time:             Thu 05 Jan 2023 16:09:41 +0000
ROA not before:           Thu 05 Jan 2023 16:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:82:b2:00:a9:43:3c:f2:7a:c4:cc:99:34:d7:da:4b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jan  5 16:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e27027de9d22e265c487c8aadb995fc5d31d15a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ee:2c:d9:f3:48:fa:23:9c:13:f2:41:24:5f:
                    5d:3e:75:a3:b3:7b:b8:55:fb:8f:c3:2b:6e:fa:0c:
                    41:22:f7:cb:d3:fb:88:c5:76:2e:89:b3:ee:63:fe:
                    a2:84:90:ce:de:63:f4:21:9a:0a:6e:9b:c1:8a:56:
                    5e:cf:ee:19:de:d3:0b:e5:95:19:75:e1:17:fe:8f:
                    ac:63:ec:ee:88:b2:16:fb:2d:d4:bb:d1:20:bc:cb:
                    f1:34:88:48:97:70:2a:2b:f4:83:bc:72:3b:05:3f:
                    95:a1:cb:98:a6:98:66:d3:d4:81:83:44:30:e8:0e:
                    04:59:2b:11:56:94:7d:9d:ce:54:43:95:f3:5f:e5:
                    d0:ec:0f:11:f4:9b:15:5a:35:0e:62:38:92:0a:e4:
                    79:e3:10:ee:6f:da:ce:d6:7d:43:40:12:a2:45:ed:
                    69:e9:7f:7f:43:f7:0c:df:ff:b1:12:87:f6:ef:05:
                    e8:01:78:b0:76:34:cf:50:25:c8:7c:c4:94:de:d2:
                    97:17:52:7c:91:47:c9:58:67:f5:51:94:1e:99:d9:
                    49:c4:b3:c5:f0:09:1f:ce:d0:8b:a5:fb:4e:c3:d5:
                    0d:ae:00:1b:ab:17:1c:9f:48:52:ca:fd:8d:e1:68:
                    2d:71:14:77:da:bb:fa:01:f2:dd:07:6c:4c:f5:75:
                    44:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:27:02:7D:E9:D2:2E:26:5C:48:7C:8A:AD:B9:95:FC:5D:31:D1:5A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jicCfenSLiZcSHyKrbmV_F0x0Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:67:6b:c4:67:e1:ea:5f:e1:e2:83:c6:e5:8e:f1:2d:cc:1f:
         45:1d:75:b8:61:f0:89:3f:42:96:1b:5c:3f:f3:0e:9c:ce:09:
         05:6e:b5:b2:e4:48:bd:5e:a7:e6:31:26:a8:7a:34:52:23:72:
         6f:a8:bf:00:7a:12:18:37:0a:f0:b4:2b:1c:cf:9a:23:a5:34:
         5b:53:2f:5f:ca:2d:56:7f:26:ed:f3:06:e8:9d:d9:0b:89:b3:
         aa:4f:5d:7b:0b:b5:5d:07:36:d8:67:1b:75:f9:82:8b:1a:34:
         1f:e5:de:70:aa:cf:62:cd:c0:ad:bd:c3:83:b2:8a:bb:1a:c0:
         fc:1e:3b:1d:4c:70:17:a3:fb:4e:b2:d5:08:27:1a:72:cb:8b:
         b5:ec:00:02:f6:ad:54:76:c6:c7:6b:61:c5:a4:51:a4:8c:a2:
         09:1a:6a:54:30:fc:cd:93:ec:81:a6:4e:89:ee:c3:b5:90:e7:
         5a:e2:68:0d:aa:da:e2:c6:61:0a:af:f2:4e:e6:5d:ae:35:19:
         2d:27:b4:1c:fb:59:d4:80:0c:a9:e1:5d:e5:9a:71:7b:66:5a:
         d5:0d:d9:56:68:32:26:86:de:2b:4c:a8:7b:49:f9:c8:78:f8:
         0c:c0:ca:c7:9a:d1:55:70:f0:d7:08:1f:45:fb:25:22:dc:0a:
         00:36:fb:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYWCsgCpQzzyesTMmTTX2kseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTA1MTYwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTI3MDI3ZGU5ZDIyZTI2NWM0ODdjOGFhZGI5OTVmYzVkMzFkMTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe4s2fNI+iOcE/JBJF9dPnWjs3u4
VfuPwytu+gxBIvfL0/uIxXYuibPuY/6ihJDO3mP0IZoKbpvBilZez+4Z3tML5ZUZ
deEX/o+sY+zuiLIW+y3Uu9EgvMvxNIhIl3AqK/SDvHI7BT+VocuYpphm09SBg0Qw
6A4EWSsRVpR9nc5UQ5XzX+XQ7A8R9JsVWjUOYjiSCuR54xDub9rO1n1DQBKiRe1p
6X9/Q/cM3/+xEof27wXoAXiwdjTPUCXIfMSU3tKXF1J8kUfJWGf1UZQemdlJxLPF
8AkfztCLpftOw9UNrgAbqxccn0hSyv2N4WgtcRR32rv6AfLdB2xM9XVEqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI4nAn3p0i4mXEh8iq25lfxdMdFaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvamljQ2ZlblNMaVpjU0h5S3JibVZfRjB4MFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAClna8Rn4epf4eKDxuWO
8S3MH0Uddbhh8Ik/QpYbXD/zDpzOCQVutbLkSL1ep+YxJqh6NFIjcm+ovwB6Ehg3
CvC0KxzPmiOlNFtTL1/KLVZ/Ju3zBuid2QuJs6pPXXsLtV0HNthnG3X5gosaNB/l
3nCqz2LNwK29w4OyirsawPweOx1McBej+06y1QgnGnLLi7XsAAL2rVR2xsdrYcWk
UaSMogkaalQw/M2T7IGmTonuw7WQ51riaA2q2uLGYQqv8k7mXa41GS0ntBz7WdSA
DKnhXeWacXtmWtUN2VZoMiaG3itMqHtJ+ch4+AzAysea0VVw8NcIH0X7JSLcCgA2
+5U=
-----END CERTIFICATE-----
Generated at Thu May 1 23:25:28 2025 by rpki-client