Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4qZDjCJkrH6c5vmpNF1mAf_2IGw.roa
File:                     4qZDjCJkrH6c5vmpNF1mAf_2IGw.roa (raw, json)
Hash identifier:          UYESeC15ZOzqO8WexU9J59idoq9Tz/MVx6yhwkTna3w=
Subject key identifier:   E2:A6:43:8C:22:64:AC:7E:9C:E6:F9:A9:34:5D:66:01:FF:F6:20:6C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0185E229F1871566A51F3041B9E88F2F3C4E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4qZDjCJkrH6c5vmpNF1mAf_2IGw.roa
Signing time:             Tue 24 Jan 2023 05:04:37 +0000
ROA not before:           Tue 24 Jan 2023 05:04:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:185:e229:ba56/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e2:29:f1:87:15:66:a5:1f:30:41:b9:e8:8f:2f:3c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jan 24 05:04:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e2a6438c2264ac7e9ce6f9a9345d6601fff6206c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:05:c9:2c:7c:96:e4:2a:a5:bc:24:27:6d:64:
                    f2:b0:cd:3f:68:de:36:a8:19:7f:db:fd:00:ec:79:
                    b1:4b:bc:45:22:89:e2:e9:f3:41:22:2e:f3:9f:af:
                    1e:52:57:a9:bb:8a:d7:e8:a7:ec:45:06:66:c8:c5:
                    02:fb:61:8e:73:d9:ac:11:37:11:02:4f:fa:c0:d0:
                    a6:7e:c5:59:d8:20:f3:26:5e:6b:25:4d:39:62:41:
                    75:d7:17:52:ac:06:23:58:cf:6e:fe:ea:89:ea:42:
                    4b:19:88:35:9c:be:05:72:f6:0f:26:da:9f:1b:85:
                    bf:19:15:42:53:27:99:7c:c7:e5:23:34:e8:7e:0b:
                    4d:98:91:57:64:5f:1c:5d:b4:45:fc:bc:1a:8d:ca:
                    9a:dd:3f:17:c0:6d:3f:d8:cd:0b:9a:37:f7:92:d8:
                    77:d0:e0:22:8f:64:df:14:28:86:5a:0f:a5:7b:1a:
                    83:04:cb:3c:e9:81:47:b0:f2:9c:68:ac:34:56:c0:
                    2a:35:41:11:41:94:2c:99:1b:22:a9:6d:77:07:5c:
                    a3:51:c6:e1:78:89:de:39:39:32:8e:52:e9:09:bd:
                    86:11:c9:01:39:61:41:94:8e:4e:fd:e0:8c:56:4a:
                    4b:db:08:84:df:b2:7e:f8:92:0f:bb:64:4c:b3:36:
                    7f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A6:43:8C:22:64:AC:7E:9C:E6:F9:A9:34:5D:66:01:FF:F6:20:6C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4qZDjCJkrH6c5vmpNF1mAf_2IGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:d1:0b:d7:a3:8f:0a:08:14:00:cf:39:cd:6a:df:d6:7d:d2:
         47:3b:e7:28:ae:30:d4:c1:39:9b:17:60:a5:41:1e:66:15:d7:
         0b:86:c8:47:a4:4e:ba:d8:f1:7f:93:bf:ef:44:44:0f:8c:40:
         c3:b1:5f:e0:27:8a:b8:d9:d6:1b:88:3e:d0:07:23:af:40:e8:
         f8:77:97:d9:e7:a8:4c:63:b5:8d:ef:54:e9:fc:59:03:33:14:
         b5:4b:9b:e7:4b:4e:77:47:fe:13:a4:e6:da:2a:57:27:c3:b4:
         13:ae:bd:35:d3:34:6d:15:44:fe:f2:e6:9e:8c:1e:15:1e:d1:
         89:86:66:60:f0:dd:27:e6:bf:80:31:cb:c9:7e:d5:77:f4:06:
         2b:44:4f:01:fe:86:b9:32:f1:ec:8a:cd:0e:9f:15:85:72:9d:
         13:7d:41:bb:d8:10:a8:1f:2e:f0:d9:7d:57:f5:3f:62:aa:c0:
         5f:48:9c:b4:84:00:8c:51:34:d0:c8:ea:13:3e:dc:fb:b3:c7:
         0a:f0:a2:cb:c9:bc:e2:47:e0:19:9b:11:1c:2e:87:75:67:40:
         c2:94:91:36:81:f9:92:f6:d4:e8:08:3f:66:1f:a1:c6:fc:54:
         14:b6:d2:50:bb:72:3f:24:f7:33:fb:02:c8:7c:10:fc:78:e4:
         17:50:bd:04
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYXiKfGHFWalHzBBueiPLzxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTI0MDUwNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE2NDM4YzIyNjRhYzdlOWNlNmY5YTkzNDVkNjYwMWZmZjYyMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAXJLHyW5CqlvCQnbWTysM0/aN42
qBl/2/0A7HmxS7xFIoni6fNBIi7zn68eUlepu4rX6KfsRQZmyMUC+2GOc9msETcR
Ak/6wNCmfsVZ2CDzJl5rJU05YkF11xdSrAYjWM9u/uqJ6kJLGYg1nL4FcvYPJtqf
G4W/GRVCUyeZfMflIzTofgtNmJFXZF8cXbRF/Lwajcqa3T8XwG0/2M0Lmjf3kth3
0OAij2TfFCiGWg+lexqDBMs86YFHsPKcaKw0VsAqNUERQZQsmRsiqW13B1yjUcbh
eIneOTkyjlLpCb2GEckBOWFBlI5O/eCMVkpL2wiE37J++JIPu2RMszZ/KQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOKmQ4wiZKx+nOb5qTRdZgH/9iBsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNHFaRGpDSmtySDZjNXZtcE5GMW1BZl8ySUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEjRC9ejjwoIFADPOc1q
39Z90kc75yiuMNTBOZsXYKVBHmYV1wuGyEekTrrY8X+Tv+9ERA+MQMOxX+AnirjZ
1huIPtAHI69A6Ph3l9nnqExjtY3vVOn8WQMzFLVLm+dLTndH/hOk5toqVyfDtBOu
vTXTNG0VRP7y5p6MHhUe0YmGZmDw3Sfmv4Axy8l+1Xf0BitETwH+hrky8eyKzQ6f
FYVynRN9QbvYEKgfLvDZfVf1P2KqwF9InLSEAIxRNNDI6hM+3PuzxwrwosvJvOJH
4BmbERwuh3VnQMKUkTaB+ZL21OgIP2Yfocb8VBS20lC7cj8k9zP7Ash8EPx45BdQ
vQQ=
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:11:14 2025 by rpki-client