Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JJld4bo5WQHpaTq_7okTD4WBHmk.roa
File:                     JJld4bo5WQHpaTq_7okTD4WBHmk.roa (raw, json)
Hash identifier:          niB09/PGWXz6sDzS3GVT5cmPivIjvs8o7m+me8PzNFY=
Subject key identifier:   24:99:5D:E1:BA:39:59:01:E9:69:3A:BF:EE:89:13:0F:85:81:1E:69
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01855F4A493A0010426BA1FA0D40C3635AF2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JJld4bo5WQHpaTq_7okTD4WBHmk.roa
Signing time:             Thu 29 Dec 2022 19:09:41 +0000
ROA not before:           Thu 29 Dec 2022 19:09:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5f:4a:49:3a:00:10:42:6b:a1:fa:0d:40:c3:63:5a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec 29 19:09:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=24995de1ba395901e9693abfee89130f85811e69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:58:55:27:44:ec:d9:34:53:c2:ae:cb:41:30:
                    39:54:e2:ce:eb:65:85:7e:5d:29:c9:83:30:d9:e2:
                    49:2c:7a:f9:31:99:1b:08:15:50:2a:0b:37:37:26:
                    ff:e9:2f:5f:e2:ee:a9:f0:43:89:f5:bc:ad:f5:73:
                    26:83:8b:bf:77:bd:29:ad:0a:2f:34:a0:11:13:2e:
                    d6:d8:6f:95:e9:dc:44:30:da:33:2f:e5:37:76:b4:
                    dc:d4:6f:d2:b6:a2:48:e7:b4:2f:e0:b2:54:2c:75:
                    6f:b9:64:f8:c9:cf:6e:c0:a2:20:c8:3e:dc:b4:e1:
                    d6:26:9b:d3:61:15:90:ef:6e:3f:30:c8:99:ba:73:
                    73:4f:82:bc:6a:4e:70:d9:84:38:05:9c:00:33:85:
                    f8:6f:cb:5b:7e:e2:cf:cb:98:53:2a:3f:e2:8a:be:
                    0b:38:17:7d:ff:d2:18:0b:d9:76:7e:db:de:00:79:
                    0b:a7:49:ed:4e:c8:64:12:4b:52:9e:6a:b8:fa:da:
                    69:cb:e5:8d:5a:50:0b:64:3c:30:b1:28:47:53:d3:
                    e9:a7:5c:9a:63:4f:c9:32:89:30:bc:66:4b:c2:0d:
                    ec:85:7e:5b:8b:2f:59:03:d8:fb:67:b3:c6:ee:f9:
                    ad:e5:39:f4:ee:70:f2:19:16:4c:ee:46:91:26:f6:
                    4d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:99:5D:E1:BA:39:59:01:E9:69:3A:BF:EE:89:13:0F:85:81:1E:69
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JJld4bo5WQHpaTq_7okTD4WBHmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:63:7a:77:6b:82:ac:55:43:0d:6b:ed:04:d1:1b:95:46:0c:
         95:f8:2a:a5:ea:13:a0:12:e1:f4:59:d0:90:9e:7a:1f:d2:1c:
         d2:b2:82:96:52:e4:2d:ad:60:fb:65:94:2f:70:90:51:f9:5f:
         28:5c:a8:1b:2b:86:7f:11:8b:ee:08:90:36:bc:17:20:f1:e6:
         d5:62:16:93:b8:91:d5:44:e5:77:a7:c9:3a:63:53:9b:73:e2:
         5b:b4:35:90:91:44:41:a9:e2:09:cb:72:6a:4b:9d:35:60:a9:
         48:a3:e9:2f:59:20:56:04:27:bb:9b:74:6f:1d:ab:dd:53:c5:
         ce:71:93:6a:0c:9f:09:2e:12:b6:79:03:27:7e:11:6a:de:7d:
         cb:50:54:95:8b:43:8a:91:45:38:b2:3f:ad:f7:9d:b4:38:86:
         63:f3:f8:78:de:dd:6e:36:c3:e9:0f:a2:e9:b6:73:5b:f4:02:
         17:e4:94:d6:cb:97:54:63:6e:29:bf:da:ac:21:97:cc:ce:18:
         17:1a:00:b2:a9:45:ed:52:30:c1:b2:8b:d6:43:23:66:6d:ee:
         00:49:d9:85:0e:c6:b8:b2:11:83:41:ea:af:19:d2:20:4a:27:
         ee:64:86:59:e1:1f:12:75:e5:90:38:ae:e0:14:82:c4:41:ed:
         d9:cc:58:59
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVfSkk6ABBCa6H6DUDDY1ryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjI5MTkwOTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDk5NWRlMWJhMzk1OTAxZTk2OTNhYmZlZTg5MTMwZjg1ODExZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFhVJ0Ts2TRTwq7LQTA5VOLO62WF
fl0pyYMw2eJJLHr5MZkbCBVQKgs3Nyb/6S9f4u6p8EOJ9byt9XMmg4u/d70prQov
NKAREy7W2G+V6dxEMNozL+U3drTc1G/StqJI57Qv4LJULHVvuWT4yc9uwKIgyD7c
tOHWJpvTYRWQ724/MMiZunNzT4K8ak5w2YQ4BZwAM4X4b8tbfuLPy5hTKj/iir4L
OBd9/9IYC9l2ftveAHkLp0ntTshkEktSnmq4+tppy+WNWlALZDwwsShHU9Ppp1ya
Y0/JMokwvGZLwg3shX5biy9ZA9j7Z7PG7vmt5Tn07nDyGRZM7kaRJvZNzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCSZXeG6OVkB6Wk6v+6JEw+FgR5pMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSkpsZDRibzVXUUhwYVRxXzdva1RENFdCSG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACtjendrgqxVQw1r7QTR
G5VGDJX4KqXqE6AS4fRZ0JCeeh/SHNKygpZS5C2tYPtllC9wkFH5XyhcqBsrhn8R
i+4IkDa8FyDx5tViFpO4kdVE5XenyTpjU5tz4lu0NZCRREGp4gnLcmpLnTVgqUij
6S9ZIFYEJ7ubdG8dq91Txc5xk2oMnwkuErZ5Ayd+EWrefctQVJWLQ4qRRTiyP633
nbQ4hmPz+Hje3W42w+kPoum2c1v0AhfklNbLl1Rjbim/2qwhl8zOGBcaALKpRe1S
MMGyi9ZDI2Zt7gBJ2YUOxriyEYNB6q8Z0iBKJ+5khlnhHxJ15ZA4ruAUgsRB7dnM
WFk=
-----END CERTIFICATE-----
Generated at Tue Jun 10 04:01:56 2025 by rpki-client