Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IzLy-KnGQylkgL4YPNWgRCIWYvc.roa
File:                     IzLy-KnGQylkgL4YPNWgRCIWYvc.roa (raw, json)
Hash identifier:          o2g+vtdqmZFDaq6Jk8W3P7r6xTfTCzel3c/2qZo/scQ=
Subject key identifier:   23:32:F2:F8:A9:C6:43:29:64:80:BE:18:3C:D5:A0:44:22:16:62:F7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01857B9D4B18DB18FD479106480FB6605149
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IzLy-KnGQylkgL4YPNWgRCIWYvc.roa
Signing time:             Wed 04 Jan 2023 07:09:43 +0000
ROA not before:           Wed 04 Jan 2023 07:09:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:7b:9d:4b:18:db:18:fd:47:91:06:48:0f:b6:60:51:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jan  4 07:09:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2332f2f8a9c643296480be183cd5a044221662f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c5:7f:51:74:50:1b:5e:89:58:f9:5c:4c:c0:
                    11:c3:da:6e:08:0e:d1:1a:f3:a4:3e:dd:4b:ea:2d:
                    59:6a:b8:7a:87:58:9c:7f:98:5c:b0:9c:9b:ff:5b:
                    d3:be:7f:6d:a2:e4:c1:ff:77:c8:33:bd:51:31:2e:
                    57:25:95:4a:2a:b5:a2:3e:30:18:64:dd:41:d0:f3:
                    75:2d:a4:28:b3:ba:dc:80:4e:31:a7:6a:b1:ac:c8:
                    1e:b5:d5:7f:3c:6e:b7:a3:54:03:99:c4:80:38:ea:
                    71:66:10:e8:c6:da:1d:95:b9:6b:87:b2:89:0c:67:
                    b4:72:8e:6e:10:91:86:66:ed:2c:56:d6:53:84:40:
                    75:d8:28:28:8b:cd:7e:3e:3f:ae:c5:9d:99:57:e2:
                    5d:e7:9e:ca:c3:c8:60:16:1f:8a:03:22:9c:38:60:
                    0a:0e:48:17:9c:d2:72:91:ad:a3:a4:82:ac:f1:d9:
                    3d:b1:c7:5e:5c:c5:50:8d:a3:4c:2d:8d:e2:ba:0f:
                    e6:b2:c1:af:c0:70:fe:fd:88:e6:aa:23:7c:3d:0e:
                    bc:1e:8a:3b:f2:33:44:14:16:2d:cf:26:98:4b:a8:
                    08:5a:b9:fc:f8:87:0e:37:bb:a9:d2:07:f7:80:ed:
                    db:9f:5a:7d:f7:4d:b2:dc:12:84:66:03:a0:02:1c:
                    02:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:32:F2:F8:A9:C6:43:29:64:80:BE:18:3C:D5:A0:44:22:16:62:F7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IzLy-KnGQylkgL4YPNWgRCIWYvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:75:91:a3:b1:b5:ff:c0:ac:54:61:03:fc:dc:ac:cd:e9:d5:
         94:8a:9f:8d:97:96:7f:b3:d2:2a:35:74:19:53:be:35:3c:fa:
         68:d3:87:a3:18:8c:73:81:98:66:50:d5:58:c4:1b:a4:6b:1a:
         83:e6:93:d2:4e:55:e2:f5:96:b7:26:a7:79:60:78:ca:f3:96:
         7f:31:7b:8a:3a:27:81:21:b4:95:68:8e:37:28:3b:5e:a6:51:
         4c:c8:b5:28:0c:8e:ec:8f:23:b9:c0:35:f2:3a:3f:7d:5e:46:
         e9:c2:f4:d3:61:04:f4:66:7e:f5:5c:54:22:78:f6:88:44:0a:
         5e:40:70:f8:88:b7:08:83:6d:63:d2:f5:9b:a5:48:b3:f3:bc:
         8c:5e:52:80:4a:ca:5f:71:0c:e3:09:cd:2e:f2:d7:71:92:c0:
         87:48:9e:b7:e5:54:66:7a:13:09:da:6c:2f:71:b8:87:17:4e:
         fd:4a:93:e7:f0:b0:7f:89:25:60:cb:64:78:85:d7:06:ac:57:
         19:d7:1c:1a:ff:3b:df:0d:20:9c:8f:b7:09:c7:74:57:2d:88:
         00:8a:10:97:ce:b4:36:98:19:61:bc:bf:28:d0:91:1a:c1:62:
         3a:7e:e6:ad:d0:7c:55:09:a1:7c:5b:70:2a:88:23:e6:e8:2c:
         12:a0:a5:a2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYV7nUsY2xj9R5EGSA+2YFFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTA0MDcwOTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMyZjJmOGE5YzY0MzI5NjQ4MGJlMTgzY2Q1YTA0NDIyMTY2MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcV/UXRQG16JWPlcTMARw9puCA7R
GvOkPt1L6i1Zarh6h1icf5hcsJyb/1vTvn9touTB/3fIM71RMS5XJZVKKrWiPjAY
ZN1B0PN1LaQos7rcgE4xp2qxrMgetdV/PG63o1QDmcSAOOpxZhDoxtodlblrh7KJ
DGe0co5uEJGGZu0sVtZThEB12Cgoi81+Pj+uxZ2ZV+Jd557Kw8hgFh+KAyKcOGAK
DkgXnNJyka2jpIKs8dk9scdeXMVQjaNMLY3iug/mssGvwHD+/YjmqiN8PQ68Hoo7
8jNEFBYtzyaYS6gIWrn8+IcON7up0gf3gO3bn1p9902y3BKEZgOgAhwCWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCMy8vipxkMpZIC+GDzVoEQiFmL3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSXpMeS1LbkdReWxrZ0w0WVBOV2dSQ0lXWXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC11kaOxtf/ArFRhA/zc
rM3p1ZSKn42Xln+z0io1dBlTvjU8+mjTh6MYjHOBmGZQ1VjEG6RrGoPmk9JOVeL1
lrcmp3lgeMrzln8xe4o6J4EhtJVojjcoO16mUUzItSgMjuyPI7nANfI6P31eRunC
9NNhBPRmfvVcVCJ49ohECl5AcPiItwiDbWPS9ZulSLPzvIxeUoBKyl9xDOMJzS7y
13GSwIdInrflVGZ6EwnabC9xuIcXTv1Kk+fwsH+JJWDLZHiF1wasVxnXHBr/O98N
IJyPtwnHdFctiACKEJfOtDaYGWG8vyjQkRrBYjp+5q3QfFUJoXxbcCqII+boLBKg
paI=
-----END CERTIFICATE-----
Generated at Thu Jun 12 10:17:42 2025 by rpki-client