Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3EqHsVrdNmhycdKW8qcSRjjN75k.roa
File:                     3EqHsVrdNmhycdKW8qcSRjjN75k.roa (raw, json)
Hash identifier:          P9NwXj77BczcGh9xaNldmjWvAIPRPFl85QaTC1zHwn4=
Subject key identifier:   DC:4A:87:B1:5A:DD:36:68:72:71:D2:96:F2:A7:12:46:38:CD:EF:99
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0182395C3FFE49ADB652C6C755D77B538819
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3EqHsVrdNmhycdKW8qcSRjjN75k.roa
Signing time:             Tue 26 Jul 2022 07:15:23 +0000
ROA not before:           Tue 26 Jul 2022 07:15:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:182:383f:6b78/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:39:5c:3f:fe:49:ad:b6:52:c6:c7:55:d7:7b:53:88:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 26 07:15:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc4a87b15add36687271d296f2a7124638cdef99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4f:8a:f4:52:41:d0:4e:d1:47:a0:60:e6:47:
                    48:42:72:2a:94:ba:32:60:5d:3c:c7:83:b6:54:ad:
                    e8:fc:4c:78:48:e2:2c:b7:43:87:f0:b7:f9:f3:9b:
                    e8:c1:7f:76:ea:45:d9:17:69:c1:ba:48:21:10:42:
                    4f:db:7a:d5:66:17:98:f1:7b:3d:52:49:03:cb:eb:
                    02:d7:35:0b:87:44:ba:bd:b5:01:08:d7:3f:c4:4a:
                    8c:3d:2f:6f:0c:e4:b6:d9:a4:69:82:62:36:ac:7b:
                    dd:6a:29:70:e3:d7:e9:75:10:5c:02:a7:36:72:ed:
                    84:ef:e3:b0:a6:ee:67:62:c1:08:74:0a:2c:3d:78:
                    59:2f:7e:d9:48:0d:0a:4f:5b:4b:62:bd:bb:e1:4e:
                    be:89:e0:1b:2d:26:fb:58:b6:ad:e5:82:d3:f0:94:
                    7c:27:57:58:84:b3:1f:3f:f9:9b:30:31:b4:9e:bc:
                    23:57:f2:09:3f:4d:bc:6a:51:78:a0:0a:10:a9:7b:
                    cc:dd:34:f9:35:b9:74:b6:2d:19:bc:a9:a3:c9:76:
                    59:9f:a5:7c:6b:0d:a5:ed:7a:c6:96:59:d2:26:9a:
                    34:3f:59:94:d4:f3:df:d8:ac:e6:63:73:22:f4:66:
                    02:59:5a:25:28:cb:11:de:d5:61:d1:be:5f:a0:32:
                    b9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:4A:87:B1:5A:DD:36:68:72:71:D2:96:F2:A7:12:46:38:CD:EF:99
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3EqHsVrdNmhycdKW8qcSRjjN75k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:78:c9:59:cf:8e:bd:10:07:45:49:14:ee:4c:6d:0e:0e:78:
         72:e4:06:b1:ee:d0:75:ab:8b:19:37:15:e9:c5:e8:2a:dc:8a:
         02:e9:f7:8c:d4:1c:97:be:e2:98:38:6a:44:0c:d5:23:61:b9:
         84:90:13:a6:22:76:e0:d9:7a:b1:7b:43:53:b3:14:40:7f:fb:
         37:39:72:a1:82:aa:9b:39:42:a0:78:11:b4:bf:02:95:b5:dc:
         55:f0:b8:de:32:49:83:e3:29:f0:2a:94:b6:8d:a9:d6:03:91:
         04:7e:53:65:be:08:69:b9:d3:fa:03:e1:08:05:95:4f:99:4f:
         5b:05:cd:9c:a3:05:9b:19:a0:96:50:a0:a2:cf:1b:e2:1f:87:
         00:49:48:e7:65:e3:37:2c:08:83:1a:59:18:17:4b:7a:4a:7a:
         5b:8b:c2:35:a8:a0:b8:1a:fb:00:98:1c:d1:42:59:4e:2e:6e:
         9f:9c:f7:fc:30:11:07:00:09:b7:b4:12:58:81:3c:0b:3f:89:
         2c:99:14:fa:2c:dc:a4:b5:a3:56:36:82:80:95:59:de:a4:8b:
         bc:88:f9:be:29:de:fa:94:18:b0:10:4d:ca:61:24:f9:82:db:
         83:b0:97:51:0a:13:78:9e:c8:c3:3a:bf:66:54:f2:99:e8:4a:
         d2:85:a4:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYI5XD/+Sa22UsbHVdd7U4gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIwNzI2MDcxNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzRhODdiMTVhZGQzNjY4NzI3MWQyOTZmMmE3MTI0NjM4Y2RlZjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU+K9FJB0E7RR6Bg5kdIQnIqlLoy
YF08x4O2VK3o/Ex4SOIst0OH8Lf585vowX926kXZF2nBukghEEJP23rVZheY8Xs9
UkkDy+sC1zULh0S6vbUBCNc/xEqMPS9vDOS22aRpgmI2rHvdailw49fpdRBcAqc2
cu2E7+Owpu5nYsEIdAosPXhZL37ZSA0KT1tLYr274U6+ieAbLSb7WLat5YLT8JR8
J1dYhLMfP/mbMDG0nrwjV/IJP028alF4oAoQqXvM3TT5Nbl0ti0ZvKmjyXZZn6V8
aw2l7XrGllnSJpo0P1mU1PPf2KzmY3Mi9GYCWVolKMsR3tVh0b5foDK5MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNxKh7Fa3TZocnHSlvKnEkY4ze+ZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM0VxSHNWcmRObWh5Y2RLVzhxY1NSampONzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALF4yVnPjr0QB0VJFO5M
bQ4OeHLkBrHu0HWrixk3FenF6CrcigLp94zUHJe+4pg4akQM1SNhuYSQE6YiduDZ
erF7Q1OzFEB/+zc5cqGCqps5QqB4EbS/ApW13FXwuN4ySYPjKfAqlLaNqdYDkQR+
U2W+CGm50/oD4QgFlU+ZT1sFzZyjBZsZoJZQoKLPG+IfhwBJSOdl4zcsCIMaWRgX
S3pKeluLwjWooLga+wCYHNFCWU4ubp+c9/wwEQcACbe0EliBPAs/iSyZFPos3KS1
o1Y2goCVWd6ki7yI+b4p3vqUGLAQTcphJPmC24Owl1EKE3ieyMM6v2ZU8pnoStKF
pIk=
-----END CERTIFICATE-----
Generated at Mon Jun 9 18:57:14 2025 by rpki-client