Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HIZEOakR4GcerNU0QZ7YT4Lbui4.roa
File:                     HIZEOakR4GcerNU0QZ7YT4Lbui4.roa (raw, json)
Hash identifier:          maB/FKQVeGFv1WjVDssIk4qWMPgSszoROqv6TNYBtAY=
Subject key identifier:   1C:86:44:39:A9:11:E0:67:1E:AC:D5:34:41:9E:D8:4F:82:DB:BA:2E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01856AA8C1975DF24444EBD56B48D5F4763C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HIZEOakR4GcerNU0QZ7YT4Lbui4.roa
Signing time:             Sun 01 Jan 2023 00:08:42 +0000
ROA not before:           Sun 01 Jan 2023 00:08:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6a:a8:c1:97:5d:f2:44:44:eb:d5:6b:48:d5:f4:76:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jan  1 00:08:42 2023 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1c864439a911e0671eacd534419ed84f82dbba2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:48:5f:d5:e0:44:53:32:1f:b4:5c:75:62:b7:
                    0c:ce:e9:22:89:c7:2b:85:3b:57:a4:f7:bd:3c:46:
                    77:e8:7a:f0:28:84:ff:73:5e:2e:34:07:34:7e:c9:
                    c6:7c:e4:79:f2:77:81:11:69:29:62:1b:3b:15:60:
                    56:8e:ed:ec:09:57:5d:87:99:fc:cf:88:02:48:6b:
                    8a:50:e3:3d:78:d6:03:8b:16:70:e0:2b:f7:31:45:
                    a4:58:40:12:2e:b2:38:ef:a6:9c:8f:05:5a:ca:a3:
                    ee:31:a5:60:75:a6:06:5f:16:52:df:cd:25:f7:c8:
                    6f:98:cc:fb:9e:a5:89:ec:a1:c7:30:4c:af:ac:7f:
                    bc:97:bf:e8:cb:b4:8a:ae:a2:36:c2:7f:b5:c9:d7:
                    fe:5c:c5:2b:03:ee:d8:53:fa:47:ea:a1:37:3b:a1:
                    c6:ea:3b:f8:7b:ae:a2:76:48:77:58:93:1c:35:f7:
                    f7:b4:f9:83:02:09:3e:09:02:8b:bf:f6:c2:48:5d:
                    de:65:4f:20:63:27:15:15:4c:6c:5f:82:06:08:55:
                    03:04:5b:4d:c6:9d:46:1b:b3:41:86:dd:00:62:c7:
                    be:b6:05:2b:d8:84:37:0d:db:57:81:e2:46:4c:de:
                    78:f4:08:00:1b:ba:2b:0c:59:56:0c:48:d9:5e:8f:
                    79:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:86:44:39:A9:11:E0:67:1E:AC:D5:34:41:9E:D8:4F:82:DB:BA:2E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HIZEOakR4GcerNU0QZ7YT4Lbui4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:b6:e8:dd:91:cc:d7:3a:0b:b0:74:41:f9:3b:e3:fe:b6:a0:
         32:44:d1:c9:66:bd:3e:2e:38:eb:9a:ad:61:01:17:1d:ba:64:
         6d:aa:3b:64:19:de:c6:63:3b:c3:57:fd:16:09:05:15:3a:df:
         da:b2:b1:e6:2b:24:14:09:9f:07:0b:af:4e:97:77:22:a7:67:
         25:c2:61:78:43:8f:b5:c1:48:f2:87:e4:e6:cc:80:ee:b8:27:
         28:7d:4d:79:ec:33:6e:8b:de:8c:2d:b1:a9:17:50:a4:79:df:
         71:79:93:3f:9d:ff:26:1a:90:d8:15:df:99:e2:b5:e4:7e:e1:
         24:24:73:0a:23:f2:6a:67:be:32:bb:0d:89:ab:c5:81:f1:22:
         cd:ef:79:d0:6a:9e:e3:dd:7f:37:c2:62:f6:17:2c:b2:96:fc:
         37:c4:b4:73:05:ec:96:df:26:74:f9:8b:d0:59:22:24:67:bf:
         2a:21:9c:aa:80:c3:83:9a:ea:ee:98:f0:b0:43:70:76:c7:42:
         32:be:ee:26:2e:ea:e6:24:83:df:5c:59:ff:1e:9d:e4:0b:8e:
         15:de:ba:b3:00:08:bc:6f:48:95:1f:fd:57:29:f6:a3:bb:84:
         e9:f9:56:41:94:d6:20:b6:3c:3a:79:fa:f8:a8:44:34:e7:05:
         48:83:7b:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVqqMGXXfJEROvVa0jV9HY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTAxMDAwODQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg2NDQzOWE5MTFlMDY3MWVhY2Q1MzQ0MTllZDg0ZjgyZGJiYTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0hf1eBEUzIftFx1YrcMzukiiccr
hTtXpPe9PEZ36HrwKIT/c14uNAc0fsnGfOR58neBEWkpYhs7FWBWju3sCVddh5n8
z4gCSGuKUOM9eNYDixZw4Cv3MUWkWEASLrI476acjwVayqPuMaVgdaYGXxZS380l
98hvmMz7nqWJ7KHHMEyvrH+8l7/oy7SKrqI2wn+1ydf+XMUrA+7YU/pH6qE3O6HG
6jv4e66idkh3WJMcNff3tPmDAgk+CQKLv/bCSF3eZU8gYycVFUxsX4IGCFUDBFtN
xp1GG7NBht0AYse+tgUr2IQ3DdtXgeJGTN549AgAG7orDFlWDEjZXo95fwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFByGRDmpEeBnHqzVNEGe2E+C27ouMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSElaRU9ha1I0R2Nlck5VMFFaN1lUNExidWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABi26N2RzNc6C7B0Qfk7
4/62oDJE0clmvT4uOOuarWEBFx26ZG2qO2QZ3sZjO8NX/RYJBRU639qyseYrJBQJ
nwcLr06XdyKnZyXCYXhDj7XBSPKH5ObMgO64Jyh9TXnsM26L3owtsakXUKR533F5
kz+d/yYakNgV35niteR+4SQkcwoj8mpnvjK7DYmrxYHxIs3vedBqnuPdfzfCYvYX
LLKW/DfEtHMF7JbfJnT5i9BZIiRnvyohnKqAw4Oa6u6Y8LBDcHbHQjK+7iYu6uYk
g99cWf8eneQLjhXeurMACLxvSJUf/Vcp9qO7hOn5VkGU1iC2PDp5+vioRDTnBUiD
e9M=
-----END CERTIFICATE-----
Generated at Tue Jun 10 03:22:19 2025 by rpki-client