Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-KOD9Ec3ZPkGCDye7xgCgCnE0sw.roa
File:                     1-KOD9Ec3ZPkGCDye7xgCgCnE0sw.roa (raw, json)
Hash identifier:          Aqqwia+2taKS5u1Hj48iwDGYSRqmTeNPA+F3NDP8DMM=
Subject key identifier:   F8:A3:83:F4:47:37:64:F9:06:08:3C:9E:EF:18:02:80:29:C4:D2:CC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C5AD9661BC3F026E97CA997AD25CE7F2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-KOD9Ec3ZPkGCDye7xgCgCnE0sw.roa
Signing time:             Thu 09 Mar 2023 09:22:13 +0000
ROA not before:           Thu 09 Mar 2023 09:22:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c5:ad:96:61:bc:3f:02:6e:97:ca:99:7a:d2:5c:e7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 09:22:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8a383f4473764f906083c9eef18028029c4d2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4e:e3:cd:79:9d:b2:df:b0:42:d3:f9:44:9e:
                    05:19:c8:e2:c8:17:0c:a0:e1:c9:8e:45:37:ab:05:
                    30:e6:73:53:50:1d:10:12:71:b6:5b:2f:fb:8e:bd:
                    ae:ce:98:75:13:5e:92:1f:b3:60:9a:59:a2:b3:cd:
                    96:ad:98:cb:00:11:bd:1a:94:ed:78:ef:b2:7c:ed:
                    62:74:45:03:97:46:35:44:cf:36:55:7f:ef:9a:92:
                    0b:fc:83:2e:aa:82:57:27:ee:dc:33:30:3a:9e:ca:
                    eb:b3:b1:40:de:26:78:a3:ba:fa:3e:f4:89:f1:af:
                    32:7b:58:cc:ea:d7:8c:98:2e:4b:cf:0d:98:45:48:
                    ad:1d:a8:0a:98:c6:a9:8c:49:54:79:d9:10:ae:1c:
                    34:b7:6f:ec:68:68:a6:af:6f:e3:e8:31:bc:50:ae:
                    65:7e:b4:c6:d7:f2:b4:8d:94:ae:25:7b:fe:8f:9c:
                    d3:6d:68:b7:f7:dd:ec:dc:d8:81:2a:9b:a7:56:9b:
                    4b:e0:87:92:2f:a9:a2:8b:93:c0:4b:09:00:32:33:
                    87:01:bd:14:53:a6:ac:2a:90:5b:04:96:8a:ca:94:
                    44:90:92:c2:ae:01:33:70:1b:22:9a:40:5d:a9:b3:
                    d3:bd:d0:7d:83:92:20:fc:c1:e3:af:3d:c3:5e:e4:
                    da:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A3:83:F4:47:37:64:F9:06:08:3C:9E:EF:18:02:80:29:C4:D2:CC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-KOD9Ec3ZPkGCDye7xgCgCnE0sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:7e:f6:78:e2:4e:f1:aa:bb:21:20:56:04:df:48:78:bf:b9:
         e3:7d:13:e5:f4:67:f7:1a:b3:98:7b:72:c6:1b:ea:94:19:83:
         3b:79:17:88:25:2f:01:2d:78:59:77:29:4d:58:e8:f9:b5:0b:
         82:c8:76:32:6e:de:32:7d:71:07:70:a3:ab:a5:90:04:47:ac:
         4f:09:e0:99:5a:3d:34:10:8e:95:e0:68:29:41:32:88:7f:34:
         3e:d2:69:ca:c3:7a:3d:22:ed:87:ba:20:1a:4f:48:c3:de:1e:
         1a:ae:10:45:ad:20:c5:fc:09:13:fa:f9:b8:b6:48:b2:e1:b0:
         f6:37:0f:94:ae:a4:fe:76:d9:78:b3:0d:00:a9:7b:cc:0f:a0:
         09:c0:c9:bf:11:8b:84:e5:82:f2:24:66:0f:ef:51:14:a8:19:
         be:40:d3:54:9e:6e:13:b0:55:2b:d5:95:bf:b0:af:a1:fc:bb:
         69:1a:d3:d6:d0:99:f6:17:36:32:f4:3c:fe:cb:26:a6:f2:e7:
         a0:01:2e:18:87:ef:ba:eb:d6:3f:0c:51:cc:ab:fa:fd:7d:c6:
         b0:d9:51:0d:37:dc:a3:a7:58:0a:05:6e:ba:7f:75:19:5e:c7:
         d9:de:dd:27:35:4e:f9:f3:7d:a0:8b:d4:0c:9d:58:41:e7:d4:
         2e:41:51:80
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYbFrZZhvD8CbpfKmXrSXOfyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MDkyMjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGEzODNmNDQ3Mzc2NGY5MDYwODNjOWVlZjE4MDI4MDI5YzRkMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk7jzXmdst+wQtP5RJ4FGcjiyBcM
oOHJjkU3qwUw5nNTUB0QEnG2Wy/7jr2uzph1E16SH7Ngmlmis82WrZjLABG9GpTt
eO+yfO1idEUDl0Y1RM82VX/vmpIL/IMuqoJXJ+7cMzA6nsrrs7FA3iZ4o7r6PvSJ
8a8ye1jM6teMmC5Lzw2YRUitHagKmMapjElUedkQrhw0t2/saGimr2/j6DG8UK5l
frTG1/K0jZSuJXv+j5zTbWi3993s3NiBKpunVptL4IeSL6mii5PASwkAMjOHAb0U
U6asKpBbBJaKypREkJLCrgEzcBsimkBdqbPTvdB9g5Ig/MHjrz3DXuTaoQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPijg/RHN2T5Bgg8nu8YAoApxNLMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1LT0Q5RWMzWlBrR0NEeWU3eGdDZ0NuRTBzdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQADfvZ44k7xqrshIFYE
30h4v7njfRPl9Gf3GrOYe3LGG+qUGYM7eReIJS8BLXhZdylNWOj5tQuCyHYybt4y
fXEHcKOrpZAER6xPCeCZWj00EI6V4GgpQTKIfzQ+0mnKw3o9Iu2HuiAaT0jD3h4a
rhBFrSDF/AkT+vm4tkiy4bD2Nw+UrqT+dtl4sw0AqXvMD6AJwMm/EYuE5YLyJGYP
71EUqBm+QNNUnm4TsFUr1ZW/sK+h/LtpGtPW0Jn2FzYy9Dz+yyam8uegAS4Yh++6
69Y/DFHMq/r9fcaw2VENN9yjp1gKBW66f3UZXsfZ3t0nNU75832gi9QMnVhB59Qu
QVGA
-----END CERTIFICATE-----
Generated at Tue Jun 10 20:23:32 2025 by rpki-client