Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0MbnlJCKAni8fh8QNKCsG4TUfRg.roa
File:                     0MbnlJCKAni8fh8QNKCsG4TUfRg.roa (raw, json)
Hash identifier:          wz3gWede9GoosKCj1AL9pXW6ROHqhqPki9fKRIYNz6w=
Subject key identifier:   D0:C6:E7:94:90:8A:02:78:BC:7E:1F:10:34:A0:AC:1B:84:D4:7D:18
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018A0AEDB464433A8ED33E91F199F3DB33E9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0MbnlJCKAni8fh8QNKCsG4TUfRg.roa
Signing time:             Fri 18 Aug 2023 23:14:24 +0000
ROA not before:           Fri 18 Aug 2023 23:14:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:0a:ed:b4:64:43:3a:8e:d3:3e:91:f1:99:f3:db:33:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug 18 23:14:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d0c6e794908a0278bc7e1f1034a0ac1b84d47d18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c7:78:2a:f5:7b:de:ee:6c:53:14:3d:fa:fe:
                    5a:1a:88:4d:b9:46:b7:97:2b:a2:e7:5f:e8:94:82:
                    f3:47:9e:bb:0d:61:e8:07:0f:f8:29:2f:cf:74:29:
                    22:df:f4:1f:72:c1:4f:05:c4:7c:2b:7d:6a:16:03:
                    f6:6f:26:62:de:4d:3a:ca:a9:16:b6:1b:be:7e:49:
                    07:f1:8d:31:16:b2:cd:2a:b5:45:15:14:3b:80:1b:
                    4c:d8:2a:5e:5d:80:cf:3b:87:a0:0b:7b:5a:42:61:
                    4b:8b:5c:a7:8c:35:6f:c8:1e:ba:83:68:9b:3f:b6:
                    fa:47:bf:73:fb:7f:70:fc:f7:0b:9e:93:29:45:ca:
                    eb:72:16:a1:28:66:5d:21:33:bb:b8:bd:e5:a2:8b:
                    72:a8:29:0b:1c:cb:3e:5d:cc:0f:ec:bd:0b:90:1e:
                    cc:51:2b:0b:d3:3c:05:2d:61:4b:44:dd:1b:07:39:
                    42:9b:69:a2:65:fb:f8:80:a3:65:43:5e:9c:4b:c0:
                    8f:da:73:83:96:a1:85:ea:16:28:12:d8:66:8f:e2:
                    c1:7a:41:71:f3:a1:06:2b:ab:6e:0f:fe:b9:76:7f:
                    fc:6f:2e:92:1a:2c:ae:c3:0f:64:e3:f0:93:e0:7e:
                    7a:a7:80:63:c3:cb:7c:f9:48:c6:d7:88:42:41:fa:
                    59:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C6:E7:94:90:8A:02:78:BC:7E:1F:10:34:A0:AC:1B:84:D4:7D:18
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0MbnlJCKAni8fh8QNKCsG4TUfRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:84:1f:eb:c7:7a:c3:07:17:9f:35:9c:83:b7:5f:e8:92:d9:
         33:2f:0d:b1:66:a9:c2:c9:34:af:f2:52:dc:a6:d0:f8:83:5a:
         97:7e:25:11:0f:a8:0e:bf:7e:4c:5c:f7:ee:53:03:d1:77:21:
         2c:dd:16:b2:cf:0b:da:cf:30:af:ce:9e:b6:92:68:ef:e3:8b:
         b8:c8:83:b7:0a:09:51:a8:19:76:a1:0b:76:22:1c:13:aa:cf:
         3e:ea:af:c9:ee:d6:66:db:9e:d0:a6:f9:5a:01:c8:df:25:7b:
         ad:ba:b7:ec:70:85:87:a2:df:06:ac:06:32:25:29:2d:43:e2:
         8a:b4:f5:a5:b5:95:47:38:c4:ea:16:f5:60:9d:39:de:0f:d6:
         6f:c9:ae:3d:97:3d:be:75:a7:f8:18:c5:be:09:3f:1f:66:e6:
         0e:fc:b5:03:c1:9f:50:47:bd:0c:4a:39:bb:8d:92:d4:ef:c5:
         0e:35:bd:64:0b:a1:f4:ef:c8:fe:66:d8:d6:b6:c4:ad:d6:98:
         ac:f3:c3:24:a9:c0:05:10:03:1c:8b:f7:6b:24:fa:b8:42:e8:
         9f:84:02:73:f0:d1:55:b9:55:7a:80:0a:28:ad:d4:82:ee:e3:
         7b:31:76:61:ac:4b:7d:2b:49:33:02:d7:4b:7f:f4:4b:4c:0e:
         9e:23:47:e1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYoK7bRkQzqO0z6R8Znz2zPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODE4MjMxNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGM2ZTc5NDkwOGEwMjc4YmM3ZTFmMTAzNGEwYWMxYjg0ZDQ3ZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMd4KvV73u5sUxQ9+v5aGohNuUa3
lyui51/olILzR567DWHoBw/4KS/PdCki3/QfcsFPBcR8K31qFgP2byZi3k06yqkW
thu+fkkH8Y0xFrLNKrVFFRQ7gBtM2CpeXYDPO4egC3taQmFLi1ynjDVvyB66g2ib
P7b6R79z+39w/PcLnpMpRcrrchahKGZdITO7uL3lootyqCkLHMs+XcwP7L0LkB7M
USsL0zwFLWFLRN0bBzlCm2miZfv4gKNlQ16cS8CP2nODlqGF6hYoEthmj+LBekFx
86EGK6tuD/65dn/8by6SGiyuww9k4/CT4H56p4Bjw8t8+UjG14hCQfpZpQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNDG55SQigJ4vH4fEDSgrBuE1H0YMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvME1ibmxKQ0tBbmk4Zmg4UU5LQ3NHNFRVZlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKmEH+vHesMHF581nIO3
X+iS2TMvDbFmqcLJNK/yUtym0PiDWpd+JREPqA6/fkxc9+5TA9F3ISzdFrLPC9rP
MK/OnraSaO/ji7jIg7cKCVGoGXahC3YiHBOqzz7qr8nu1mbbntCm+VoByN8le626
t+xwhYei3wasBjIlKS1D4oq09aW1lUc4xOoW9WCdOd4P1m/Jrj2XPb51p/gYxb4J
Px9m5g78tQPBn1BHvQxKObuNktTvxQ41vWQLofTvyP5m2Na2xK3WmKzzwySpwAUQ
AxyL92sk+rhC6J+EAnPw0VW5VXqACiit1ILu43sxdmGsS30rSTMC10t/9EtMDp4j
R+E=
-----END CERTIFICATE-----
Generated at Mon Jun 9 16:28:44 2025 by rpki-client