Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/863hQoSYf7Fi8cYneG6WhSn5uDQ.roa
File:                     863hQoSYf7Fi8cYneG6WhSn5uDQ.roa (raw, json)
Hash identifier:          7JhYBSQcDhYm+kCXPVgUE4m4VeSD1Lu2x5Lm1MA9svg=
Subject key identifier:   F3:AD:E1:42:84:98:7F:B1:62:F1:C6:27:78:6E:96:85:29:F9:B8:34
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       68D202C6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/863hQoSYf7Fi8cYneG6WhSn5uDQ.roa
Signing time:             Tue 08 Feb 2022 03:08:57 +0000
ROA not before:           Tue 08 Feb 2022 03:08:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:17e:d592:92a4/128 maxlen: 128
                          2001:67c:64:ffff:0:17e:d600:60b0/128 maxlen: 128
                          2001:67c:64:ffff:0:17e:a0dd:2f5b/128 maxlen: 128
                          2001:67c:64:ffff:0:17e:d524:ead9/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:17e:d6a5:23ae/128 maxlen: 128
                          2001:67c:64:ffff:0:17e:d713:9aeb/128 maxlen: 128
                          2001:67c:64:ffff:0:17e:d55b:c264/128 maxlen: 128
                          2001:67c:64:ffff:0:17e:d66e:8559/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1758593734 (0x68d202c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb  8 03:08:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f3ade14284987fb162f1c627786e968529f9b834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8a:91:ee:1a:b1:65:34:65:a6:b3:8f:1d:3d:
                    a0:33:5e:da:f4:5d:5e:4e:b5:c4:19:5f:36:23:e9:
                    4a:21:d1:e8:65:61:e7:66:f9:77:1e:68:31:71:d3:
                    82:e1:64:c0:ff:12:9a:9d:22:ef:55:93:49:5e:42:
                    93:ff:04:61:04:e4:34:47:ff:32:2d:12:f9:82:83:
                    26:76:a7:c9:13:22:58:e5:32:64:0f:3f:22:bd:37:
                    45:48:6d:3d:3f:fd:ec:9f:4a:0f:e9:d8:f0:2e:61:
                    ff:3e:8e:57:95:37:a6:bb:fa:0b:08:02:66:aa:0a:
                    8e:d2:9d:5b:c5:04:38:8b:bf:aa:c4:21:ce:cf:a7:
                    dc:b0:95:b9:b3:7e:d6:a6:1f:a9:81:2a:89:e2:84:
                    1b:be:cf:30:70:f1:a0:67:18:ad:01:8c:7f:d1:17:
                    70:01:b7:4a:5f:bc:27:3c:24:af:cb:1e:7e:17:43:
                    8c:b2:d5:9b:74:a8:26:7a:57:8e:3a:45:5b:5a:c5:
                    8f:0c:aa:5a:f4:db:ad:df:7c:e0:a1:72:8a:f3:43:
                    2d:3f:aa:8f:03:c8:cc:4a:38:4d:b5:0e:58:8a:3c:
                    72:64:29:e8:4f:88:21:3d:e3:54:e0:8f:10:10:f5:
                    c2:ab:81:83:f6:72:ca:6f:14:74:9d:76:a1:87:da:
                    ac:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AD:E1:42:84:98:7F:B1:62:F1:C6:27:78:6E:96:85:29:F9:B8:34
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/863hQoSYf7Fi8cYneG6WhSn5uDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:85:3a:13:92:13:86:c7:f4:72:b1:61:d0:81:0a:33:89:0e:
         54:63:1a:ad:07:3a:8c:f7:58:f4:89:75:71:ae:17:41:d2:83:
         f2:c4:f8:cc:c4:3d:c4:68:33:c9:aa:cd:6e:8c:e3:0a:bf:85:
         e6:96:6d:d2:c0:65:d0:0f:3f:15:75:7b:4a:a1:d9:1d:e7:87:
         34:90:54:74:d4:8d:df:1a:e4:16:d6:e9:44:8a:2d:54:91:16:
         9a:f1:a1:27:a7:03:3a:65:1a:6f:8c:f9:75:79:86:21:f9:73:
         78:00:9f:24:0a:08:88:cb:cd:cf:07:37:b5:55:ee:e6:4e:37:
         07:88:f2:19:7d:e3:5a:04:70:d5:37:81:51:4c:19:22:e2:1b:
         4f:de:c9:0e:fc:d1:67:21:ca:3f:18:34:88:93:f9:a3:d4:9a:
         b3:d3:3b:49:69:39:1e:d2:c7:b4:c8:f4:ac:3d:19:56:98:ae:
         0f:b4:91:6d:f8:96:2c:bb:13:db:11:73:bd:b0:12:bc:32:58:
         ac:e0:92:e4:b7:e7:62:13:4c:9f:b0:93:72:85:8e:e7:1e:3c:
         a4:71:ae:b3:51:a2:54:02:e7:5e:df:1a:61:c4:d4:12:99:63:
         57:75:f5:bd:3e:eb:bb:b8:84:5a:b9:20:ef:e8:c9:6f:37:dd:
         fa:00:51:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIEaNICxjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MjA0N2JlMTViMjc1OTAyZGNmNjE3ZGMzZDBlMTZkYzFmMzA4MDIyMB4XDTIyMDIw
ODAzMDg1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjNhZGUxNDI4NDk4
N2ZiMTYyZjFjNjI3Nzg2ZTk2ODUyOWY5YjgzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANuKke4asWU0Zaazjx09oDNe2vRdXk61xBlfNiPpSiHR6GVh
52b5dx5oMXHTguFkwP8Smp0i71WTSV5Ck/8EYQTkNEf/Mi0S+YKDJnanyRMiWOUy
ZA8/Ir03RUhtPT/97J9KD+nY8C5h/z6OV5U3prv6CwgCZqoKjtKdW8UEOIu/qsQh
zs+n3LCVubN+1qYfqYEqieKEG77PMHDxoGcYrQGMf9EXcAG3Sl+8Jzwkr8sefhdD
jLLVm3SoJnpXjjpFW1rFjwyqWvTbrd984KFyivNDLT+qjwPIzEo4TbUOWIo8cmQp
6E+IIT3jVOCPEBD1wquBg/Zyym8UdJ12oYfarM8CAwEAAaOCAhowggIWMB0GA1Ud
DgQWBBTzreFChJh/sWLxxid4bpaFKfm4NDAfBgNVHSMEGDAWgBRyBHvhWydZAtz2
F9w9DhbcHzCAIjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFhNi8x
Lzg2M2hRb1NZZjdGaThjWW5lRzZXaFNuNXVEUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUv
Nzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFhNi8xL2NnUjc0VnNuV1FM
YzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAw
BggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAPBAIAAjAJAwcAIAEGfABk
MA0GCSqGSIb3DQEBCwUAA4IBAQAEhToTkhOGx/RysWHQgQoziQ5UYxqtBzqM91j0
iXVxrhdB0oPyxPjMxD3EaDPJqs1ujOMKv4Xmlm3SwGXQDz8VdXtKodkd54c0kFR0
1I3fGuQW1ulEii1UkRaa8aEnpwM6ZRpvjPl1eYYh+XN4AJ8kCgiIy83PBze1Ve7m
TjcHiPIZfeNaBHDVN4FRTBki4htP3skO/NFnIco/GDSIk/mj1Jqz0ztJaTke0se0
yPSsPRlWmK4PtJFt+JYsuxPbEXO9sBK8Mlis4JLkt+diE0yfsJNyhY7nHjykca6z
UaJUAude3xphxNQSmWNXdfW9Puu7uIRauSDv6MlvN936AFF5
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:02:08 2025 by rpki-client