Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/20f-bPvDbWFuvE9Yy7gZ21o0suw.roa
File:                     20f-bPvDbWFuvE9Yy7gZ21o0suw.roa (raw, json)
Hash identifier:          KbaBCSD9SzEiZEhnSjDEIvrEftNpt9xMobJ6BRQFNfc=
Subject key identifier:   DB:47:FE:6C:FB:C3:6D:61:6E:BC:4F:58:CB:B8:19:DB:5A:34:B2:EC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01857AF9606899FD3A9C7D90E29EFBFDF649
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/20f-bPvDbWFuvE9Yy7gZ21o0suw.roa
Signing time:             Wed 04 Jan 2023 04:10:41 +0000
ROA not before:           Wed 04 Jan 2023 04:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:7a:f9:60:68:99:fd:3a:9c:7d:90:e2:9e:fb:fd:f6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jan  4 04:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db47fe6cfbc36d616ebc4f58cbb819db5a34b2ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:74:99:35:c3:c3:e3:f1:00:c9:fc:6f:dd:c7:
                    d6:84:42:d3:14:1c:5d:eb:89:f1:3f:73:35:a6:e2:
                    03:a3:af:91:60:d6:b0:85:7b:63:4d:e3:fb:bb:8f:
                    c4:43:1d:bb:84:1d:97:65:ea:2c:0e:1f:60:96:68:
                    80:0e:ec:ec:34:44:d0:2f:a3:d3:e3:18:bc:13:e8:
                    9f:23:94:45:e9:fa:c6:8c:71:91:2e:59:3d:d1:c0:
                    1e:a4:6c:23:3e:74:93:ff:b7:59:f4:55:bd:e7:bd:
                    00:90:8c:0b:f2:fa:91:d6:99:1e:b9:0f:f1:1c:fd:
                    d9:c9:84:45:e6:de:cd:21:69:b6:f8:2b:91:f7:4f:
                    fc:63:f9:1a:77:b3:c4:c3:e6:7a:7e:8a:40:7b:f9:
                    5f:c1:18:92:65:19:58:88:ad:ee:dd:ca:7e:47:9a:
                    b6:5c:2d:e5:6d:80:5c:66:09:4e:72:ff:01:d6:04:
                    f7:85:d0:20:fc:1d:41:6d:3d:b7:b4:96:8a:6b:82:
                    d8:e2:88:b4:17:de:98:0f:a4:34:e4:7a:d8:9c:a6:
                    11:00:6b:7c:44:71:85:91:79:07:bb:aa:55:03:85:
                    0c:de:dc:48:e0:51:51:f8:11:77:3a:7d:a1:54:59:
                    60:c3:92:0a:aa:0e:1f:73:30:3e:14:cc:d4:eb:98:
                    03:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:47:FE:6C:FB:C3:6D:61:6E:BC:4F:58:CB:B8:19:DB:5A:34:B2:EC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/20f-bPvDbWFuvE9Yy7gZ21o0suw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:15:78:3e:07:5c:1f:3e:3c:2e:1a:b6:ef:b1:10:24:61:c3:
         2b:08:81:15:e2:8a:a0:a7:ba:75:78:24:a6:df:ab:14:d1:ff:
         49:76:2a:7a:61:82:31:d7:a1:cf:2c:7e:67:73:e5:38:b0:66:
         e6:87:57:e9:7d:67:f8:a5:1c:b0:3c:cb:9e:e1:00:56:d0:dd:
         aa:b0:e9:a1:8b:45:ee:a7:42:61:2c:89:87:00:b5:32:d9:9b:
         f0:ba:96:14:60:22:c6:f1:c2:94:75:02:03:fb:ef:ee:e2:fb:
         a4:b0:3e:eb:27:d9:93:c0:6b:4b:69:40:af:2a:13:d2:66:20:
         e2:89:90:22:93:08:6d:4c:d1:3e:a5:04:37:7d:14:1c:3e:6d:
         65:b4:df:aa:a7:e2:5c:9f:81:f9:e5:ff:fd:da:ea:2e:43:40:
         26:c7:40:c6:d0:e4:c5:e6:09:1f:cd:fa:ca:ca:b2:68:c7:bd:
         2e:f2:49:d2:ba:57:a3:ba:23:b7:ff:a9:80:7e:b3:83:03:f6:
         af:7c:d0:f4:da:aa:ea:82:8c:05:5e:a4:c4:b0:4f:3d:71:3e:
         5e:a3:3b:aa:ec:07:90:36:15:1c:7a:85:6c:db:34:d2:ac:07:
         bf:22:b4:7a:3a:c5:69:60:53:e1:f6:5a:ed:73:8d:58:61:c1:
         93:df:b5:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYV6+WBomf06nH2Q4p77/fZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTA0MDQxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQ3ZmU2Y2ZiYzM2ZDYxNmViYzRmNThjYmI4MTlkYjVhMzRiMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXSZNcPD4/EAyfxv3cfWhELTFBxd
64nxP3M1puIDo6+RYNawhXtjTeP7u4/EQx27hB2XZeosDh9glmiADuzsNETQL6PT
4xi8E+ifI5RF6frGjHGRLlk90cAepGwjPnST/7dZ9FW9570AkIwL8vqR1pkeuQ/x
HP3ZyYRF5t7NIWm2+CuR90/8Y/kad7PEw+Z6fopAe/lfwRiSZRlYiK3u3cp+R5q2
XC3lbYBcZglOcv8B1gT3hdAg/B1BbT23tJaKa4LY4oi0F96YD6Q05HrYnKYRAGt8
RHGFkXkHu6pVA4UM3txI4FFR+BF3On2hVFlgw5IKqg4fczA+FMzU65gDXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNtH/mz7w21hbrxPWMu4GdtaNLLsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMjBmLWJQdkRiV0Z1dkU5WXk3Z1oyMW8wc3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEIVeD4HXB8+PC4atu+x
ECRhwysIgRXiiqCnunV4JKbfqxTR/0l2KnphgjHXoc8sfmdz5TiwZuaHV+l9Z/il
HLA8y57hAFbQ3aqw6aGLRe6nQmEsiYcAtTLZm/C6lhRgIsbxwpR1AgP77+7i+6Sw
Pusn2ZPAa0tpQK8qE9JmIOKJkCKTCG1M0T6lBDd9FBw+bWW036qn4lyfgfnl//3a
6i5DQCbHQMbQ5MXmCR/N+srKsmjHvS7ySdK6V6O6I7f/qYB+s4MD9q980PTaquqC
jAVepMSwTz1xPl6jO6rsB5A2FRx6hWzbNNKsB78itHo6xWlgU+H2Wu1zjVhhwZPf
tbc=
-----END CERTIFICATE-----
Generated at Mon Jun 9 20:43:07 2025 by rpki-client