Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2iZ30Y3t-LfkmepYXigcysbpewk.roa
File:                     2iZ30Y3t-LfkmepYXigcysbpewk.roa (raw, json)
Hash identifier:          ZiNqdJtaP0xtl3w3BL2T/da3EToG+2lfRgfm+uHLRBA=
Subject key identifier:   DA:26:77:D1:8D:ED:F8:B7:E4:99:EA:58:5E:28:1C:CA:C6:E9:7B:09
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189C52EAEBA6B5998EF86C1742B09E2A664
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2iZ30Y3t-LfkmepYXigcysbpewk.roa
Signing time:             Sat 05 Aug 2023 10:11:58 +0000
ROA not before:           Sat 05 Aug 2023 10:11:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c5:2e:ae:ba:6b:59:98:ef:86:c1:74:2b:09:e2:a6:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug  5 10:11:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da2677d18dedf8b7e499ea585e281ccac6e97b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f9:83:9e:a7:c5:68:eb:7e:0f:8b:7a:e5:a9:
                    ea:41:b4:6d:8f:50:b2:ab:fa:2c:38:0c:df:9d:6a:
                    d8:bb:02:e0:22:50:7e:bb:d2:2e:1c:f3:58:09:7f:
                    8e:cc:1e:55:45:53:5e:ae:74:14:80:9b:5a:27:d6:
                    58:ca:ec:9c:dc:ed:08:f1:5c:d7:4b:50:a2:97:45:
                    76:16:4c:2f:d7:79:7c:a4:6c:ab:7f:5d:d3:79:f5:
                    79:1f:18:1f:dc:d5:72:75:da:d5:eb:a2:83:96:5e:
                    98:d6:cd:9a:33:f0:bb:fe:2c:20:11:ae:d4:9b:80:
                    52:94:57:d5:32:81:c2:87:8b:b5:7b:76:46:20:ed:
                    ac:2c:a1:8f:ba:06:f5:ab:e9:94:c8:2d:8f:06:40:
                    fc:ac:75:70:18:ab:53:1e:df:6e:3d:47:c3:8f:c0:
                    3f:e8:57:10:ca:b4:a5:7b:f0:95:7d:7a:2a:3b:1e:
                    17:75:f8:3b:b5:bb:6e:69:68:c9:16:99:f7:03:f2:
                    ee:f6:e2:77:2c:eb:0a:69:cd:32:f8:86:00:41:79:
                    3a:7a:36:49:4e:61:90:38:52:1c:08:6d:ce:ed:60:
                    7d:7d:bb:2c:de:77:97:80:24:e3:7b:d0:bf:3d:4b:
                    d5:84:a4:96:8b:eb:00:d2:55:1d:38:5f:31:52:13:
                    35:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:26:77:D1:8D:ED:F8:B7:E4:99:EA:58:5E:28:1C:CA:C6:E9:7B:09
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2iZ30Y3t-LfkmepYXigcysbpewk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:d1:6e:45:64:17:8f:92:33:d3:30:b1:df:dd:ac:f6:4d:e7:
         66:24:ec:f9:80:75:a4:31:13:51:1b:01:a5:85:7a:5f:87:dc:
         65:c0:ff:0c:59:a6:d2:4f:ff:4a:64:f6:93:0c:0b:77:fd:b8:
         1f:a7:00:95:df:fa:ee:c3:29:54:12:c6:8d:58:78:39:05:58:
         8e:b7:9c:10:cd:a9:94:02:c5:f5:bd:43:3e:51:09:b0:2d:18:
         58:06:64:92:25:c9:8c:70:db:d9:6c:a8:df:32:40:93:77:b8:
         30:34:f8:0b:3e:b0:63:77:6e:32:98:2d:06:61:6c:a6:b3:66:
         78:d3:82:9e:98:b6:e3:c7:bc:f9:86:d3:45:cc:de:84:0e:43:
         04:9f:ee:8c:0e:30:77:99:63:3c:90:99:ef:d0:57:6d:dc:a6:
         0a:75:79:6e:59:53:5f:31:3f:12:77:18:f3:20:6a:85:cb:ef:
         ea:e7:7a:92:45:de:bd:58:0f:b7:3a:f2:1c:d9:3d:b8:91:17:
         63:f1:74:e1:8f:2d:a5:87:ec:65:53:ef:c5:0e:72:aa:6f:49:
         fe:44:0c:5c:7a:9a:01:43:37:b0:ed:0c:63:02:14:f0:5b:d8:
         c5:30:75:a6:2b:d6:7d:ae:c1:30:d7:12:e1:bb:f9:f1:81:65:
         5f:13:f1:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYnFLq66a1mY74bBdCsJ4qZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODA1MTAxMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTI2NzdkMThkZWRmOGI3ZTQ5OWVhNTg1ZTI4MWNjYWM2ZTk3YjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPmDnqfFaOt+D4t65anqQbRtj1Cy
q/osOAzfnWrYuwLgIlB+u9IuHPNYCX+OzB5VRVNernQUgJtaJ9ZYyuyc3O0I8VzX
S1Cil0V2Fkwv13l8pGyrf13TefV5Hxgf3NVyddrV66KDll6Y1s2aM/C7/iwgEa7U
m4BSlFfVMoHCh4u1e3ZGIO2sLKGPugb1q+mUyC2PBkD8rHVwGKtTHt9uPUfDj8A/
6FcQyrSle/CVfXoqOx4Xdfg7tbtuaWjJFpn3A/Lu9uJ3LOsKac0y+IYAQXk6ejZJ
TmGQOFIcCG3O7WB9fbss3neXgCTje9C/PUvVhKSWi+sA0lUdOF8xUhM1YQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNomd9GN7fi35JnqWF4oHMrG6XsJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMmlaMzBZM3QtTGZrbWVwWVhpZ2N5c2JwZXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHXRbkVkF4+SM9Mwsd/d
rPZN52Yk7PmAdaQxE1EbAaWFel+H3GXA/wxZptJP/0pk9pMMC3f9uB+nAJXf+u7D
KVQSxo1YeDkFWI63nBDNqZQCxfW9Qz5RCbAtGFgGZJIlyYxw29lsqN8yQJN3uDA0
+As+sGN3bjKYLQZhbKazZnjTgp6YtuPHvPmG00XM3oQOQwSf7owOMHeZYzyQme/Q
V23cpgp1eW5ZU18xPxJ3GPMgaoXL7+rnepJF3r1YD7c68hzZPbiRF2PxdOGPLaWH
7GVT78UOcqpvSf5EDFx6mgFDN7DtDGMCFPBb2MUwdaYr1n2uwTDXEuG7+fGBZV8T
8Rg=
-----END CERTIFICATE-----
Generated at Mon Jun 9 16:32:04 2025 by rpki-client