Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GAZHSNCwGvBcCBDlvjEbsLcbC1Q.roa
File:                     GAZHSNCwGvBcCBDlvjEbsLcbC1Q.roa (raw, json)
Hash identifier:          H9xFfjQdv4AGzSxIbmSJ1n7REv3BcVMso0mb0gY/V6Q=
Subject key identifier:   18:06:47:48:D0:B0:1A:F0:5C:08:10:E5:BE:31:1B:B0:B7:1B:0B:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01863B6DF8380EDA43E12E2510D8B219B8BB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GAZHSNCwGvBcCBDlvjEbsLcbC1Q.roa
Signing time:             Fri 10 Feb 2023 13:05:08 +0000
ROA not before:           Fri 10 Feb 2023 13:05:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:3b6d:26a3/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:3b:6d:f8:38:0e:da:43:e1:2e:25:10:d8:b2:19:b8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 10 13:05:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=18064748d0b01af05c0810e5be311bb0b71b0b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1b:2d:82:67:77:b3:43:fc:be:3b:08:fd:53:
                    5e:1e:4b:d4:c5:e6:1b:0d:38:ff:16:78:8a:fd:e7:
                    43:36:b5:07:80:77:99:05:3c:47:83:ca:79:c4:d2:
                    fd:47:ad:2e:f8:ff:c2:70:2d:a1:59:b3:e0:e9:09:
                    7e:5d:b9:b7:73:d7:2d:c4:74:84:2f:55:f6:d5:76:
                    13:80:d8:6b:5d:05:3f:fe:65:1c:6e:26:e2:c3:92:
                    eb:93:93:3f:0d:d3:00:33:d4:69:63:a8:5f:c3:df:
                    06:86:31:3a:e7:1f:32:b8:4e:a5:bf:0f:fd:1b:15:
                    e4:af:f9:b7:54:68:86:44:b0:c3:4c:b3:00:d1:1e:
                    be:e6:58:86:e2:fb:95:f2:d3:33:7e:81:bb:7a:e6:
                    01:86:05:4c:59:3c:2b:3d:d7:24:72:61:f1:bd:e3:
                    ca:7c:80:45:93:2b:06:05:4d:a4:14:0d:94:5d:d0:
                    55:2a:46:59:73:75:dd:47:2f:96:02:00:b8:48:74:
                    7a:18:6c:42:5e:7e:2c:92:f4:85:f2:cc:34:6e:7d:
                    fd:26:6f:06:5f:3f:8b:95:29:a9:8d:f5:d9:5c:13:
                    81:57:e7:8e:1f:5c:24:ae:f5:da:06:70:29:0d:c6:
                    dc:45:53:9a:8f:09:fe:5d:52:76:64:67:1a:7d:5a:
                    23:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:06:47:48:D0:B0:1A:F0:5C:08:10:E5:BE:31:1B:B0:B7:1B:0B:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GAZHSNCwGvBcCBDlvjEbsLcbC1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:38:5e:68:03:d4:81:19:aa:af:b7:37:e3:be:6a:93:66:94:
         3b:b6:ec:84:73:12:45:be:87:c6:f5:9d:2a:df:4b:96:3d:ea:
         f6:43:49:2d:19:a9:f4:c7:47:66:47:55:14:11:33:87:3e:d8:
         64:c1:1c:12:bb:cd:d1:53:c0:55:c7:92:6e:25:7e:c0:35:07:
         eb:11:87:92:6f:05:3c:8b:0a:fa:e7:4d:e4:a5:32:b2:66:bd:
         ff:50:c3:e5:bd:84:5e:a5:d6:bc:02:4a:36:ff:c5:f5:c0:57:
         84:a8:a5:34:cc:70:f7:19:88:38:9c:47:08:a0:f3:db:40:c0:
         c2:99:4f:60:18:30:7b:37:1c:a7:af:8c:31:96:af:84:61:93:
         67:e3:df:6f:ca:e7:64:41:4f:53:23:7e:fd:99:20:d9:d8:8c:
         b7:9d:8e:32:6b:94:40:fc:d7:00:75:ff:e6:74:3f:c7:47:6d:
         40:7a:9f:7f:64:aa:88:ae:14:f8:67:47:da:2e:1e:d4:4b:aa:
         f4:ba:01:45:c2:f8:d9:87:65:c6:7b:40:c5:cc:5e:99:7d:9e:
         29:e8:3d:0f:26:b7:59:35:ae:39:6b:d9:82:a1:3e:3a:96:75:
         ca:f6:5e:49:1f:a6:5b:c2:b9:7f:e4:d8:f5:16:12:39:67:a7:
         b2:21:2c:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYY7bfg4DtpD4S4lENiyGbi7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjEwMTMwNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA2NDc0OGQwYjAxYWYwNWMwODEwZTViZTMxMWJiMGI3MWIwYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhstgmd3s0P8vjsI/VNeHkvUxeYb
DTj/FniK/edDNrUHgHeZBTxHg8p5xNL9R60u+P/CcC2hWbPg6Ql+Xbm3c9ctxHSE
L1X21XYTgNhrXQU//mUcbibiw5Lrk5M/DdMAM9RpY6hfw98GhjE65x8yuE6lvw/9
GxXkr/m3VGiGRLDDTLMA0R6+5liG4vuV8tMzfoG7euYBhgVMWTwrPdckcmHxvePK
fIBFkysGBU2kFA2UXdBVKkZZc3XdRy+WAgC4SHR6GGxCXn4skvSF8sw0bn39Jm8G
Xz+LlSmpjfXZXBOBV+eOH1wkrvXaBnApDcbcRVOajwn+XVJ2ZGcafVojRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBgGR0jQsBrwXAgQ5b4xG7C3GwtUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvR0FaSFNOQ3dHdkJjQ0JEbHZqRWJzTGNiQzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAI4XmgD1IEZqq+3N+O+
apNmlDu27IRzEkW+h8b1nSrfS5Y96vZDSS0ZqfTHR2ZHVRQRM4c+2GTBHBK7zdFT
wFXHkm4lfsA1B+sRh5JvBTyLCvrnTeSlMrJmvf9Qw+W9hF6l1rwCSjb/xfXAV4So
pTTMcPcZiDicRwig89tAwMKZT2AYMHs3HKevjDGWr4Rhk2fj32/K52RBT1Mjfv2Z
INnYjLedjjJrlED81wB1/+Z0P8dHbUB6n39kqoiuFPhnR9ouHtRLqvS6AUXC+NmH
ZcZ7QMXMXpl9ninoPQ8mt1k1rjlr2YKhPjqWdcr2XkkfplvCuX/k2PUWEjlnp7Ih
LBs=
-----END CERTIFICATE-----
Generated at Mon Jun 9 19:38:36 2025 by rpki-client