Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KQNnOpANv-j_cAr2bYxMlSK5YGI.roa
File:                     KQNnOpANv-j_cAr2bYxMlSK5YGI.roa (raw, json)
Hash identifier:          yW7Z54m7umNYde1sVxBdzh9bKLhXpIYsvzpszWGH+CI=
Subject key identifier:   29:03:67:3A:90:0D:BF:E8:FF:70:0A:F6:6D:8C:4C:95:22:B9:60:62
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873EAB6D49AE608D9C23595BABC305218E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KQNnOpANv-j_cAr2bYxMlSK5YGI.roa
Signing time:             Sat 01 Apr 2023 21:13:54 +0000
ROA not before:           Sat 01 Apr 2023 21:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3e:ab:6d:49:ae:60:8d:9c:23:59:5b:ab:c3:05:21:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 21:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2903673a900dbfe8ff700af66d8c4c9522b96062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:24:ab:b1:11:96:02:fd:4a:bc:87:27:dc:f6:
                    51:6b:60:dd:57:83:a7:5f:c8:a4:ee:df:64:42:ee:
                    16:fd:32:1b:c6:b4:42:c6:d7:d4:13:a6:c6:71:af:
                    7d:7a:0e:bb:e6:41:ad:34:45:8f:c1:da:4e:46:7b:
                    6b:dc:7b:47:9f:f1:b7:72:83:02:e7:a6:8e:5f:28:
                    d1:6a:c4:d9:2b:f9:b6:ed:44:48:16:2e:3f:81:0c:
                    02:8b:f3:0d:f9:ac:da:ad:2b:3f:0a:4b:c4:7c:27:
                    52:63:88:90:d4:99:7b:cf:03:2e:3b:62:4a:eb:33:
                    59:e5:65:d7:c8:c4:ba:7b:83:40:ea:d7:4a:56:76:
                    df:46:c5:72:6b:a3:a7:37:82:59:90:11:ae:35:88:
                    89:b2:b5:a8:5d:5b:1a:7b:74:e5:2b:48:b7:e3:b4:
                    88:9f:d0:59:c8:19:8a:e5:bb:5e:4b:41:9c:78:82:
                    84:25:12:79:21:c9:64:9e:a3:37:6d:60:b2:86:d6:
                    2f:bf:55:16:ab:fa:f8:ba:0e:82:01:b7:53:92:d0:
                    86:8c:68:3b:c1:ec:97:5d:96:3d:b6:4b:4a:72:71:
                    c9:9d:38:e7:09:0c:3f:37:28:4b:d5:93:52:f8:11:
                    d6:d1:69:22:f0:d2:82:c3:9d:a2:96:33:24:37:da:
                    a6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:03:67:3A:90:0D:BF:E8:FF:70:0A:F6:6D:8C:4C:95:22:B9:60:62
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KQNnOpANv-j_cAr2bYxMlSK5YGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:0c:52:43:77:ab:ca:8e:20:33:a2:e3:e5:97:30:ba:e7:ea:
         99:58:1d:60:de:54:b0:57:36:ac:ac:69:4e:41:38:35:88:f2:
         05:a7:e2:36:35:00:4f:77:b9:56:74:46:53:48:ea:b2:fe:93:
         44:98:27:20:bf:82:1e:65:73:a1:ba:38:08:7d:77:cc:ea:01:
         a9:12:41:63:3c:6d:e1:0a:38:d6:08:fd:8f:fd:b3:76:86:11:
         82:9d:14:50:dd:42:88:74:7e:ae:83:7b:61:4c:be:6d:8d:e9:
         d3:e6:18:67:26:4b:ff:08:7c:d2:10:11:f2:ea:e7:d5:8c:5e:
         1e:9c:ba:40:f9:d5:81:d6:5a:5a:b3:90:c8:95:4d:b6:5f:2a:
         6d:3c:a5:c7:96:eb:e1:fa:79:30:fa:00:e1:38:fc:34:84:8c:
         f7:ff:45:3d:01:f8:53:c4:dc:62:0f:ed:86:48:39:5b:26:15:
         ba:c9:41:bc:6c:f1:61:08:5a:67:86:17:f5:3f:17:73:a3:a9:
         4c:6c:ec:59:65:ed:66:83:1f:82:1a:46:dd:96:a4:8d:8c:ca:
         73:37:4c:8d:bf:68:7f:db:45:54:df:4e:ff:aa:c2:9a:33:9c:
         d9:f9:58:78:1d:f3:ea:2d:52:08:18:57:c1:c3:9a:c9:5b:69:
         52:32:fb:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc+q21JrmCNnCNZW6vDBSGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMjExMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTAzNjczYTkwMGRiZmU4ZmY3MDBhZjY2ZDhjNGM5NTIyYjk2MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiSrsRGWAv1KvIcn3PZRa2DdV4On
X8ik7t9kQu4W/TIbxrRCxtfUE6bGca99eg675kGtNEWPwdpORntr3HtHn/G3coMC
56aOXyjRasTZK/m27URIFi4/gQwCi/MN+azarSs/CkvEfCdSY4iQ1Jl7zwMuO2JK
6zNZ5WXXyMS6e4NA6tdKVnbfRsVya6OnN4JZkBGuNYiJsrWoXVsae3TlK0i347SI
n9BZyBmK5bteS0GceIKEJRJ5IclknqM3bWCyhtYvv1UWq/r4ug6CAbdTktCGjGg7
weyXXZY9tktKcnHJnTjnCQw/NyhL1ZNS+BHW0Wki8NKCw52iljMkN9qmyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCkDZzqQDb/o/3AK9m2MTJUiuWBiMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS1FObk9wQU52LWpfY0FyMmJZeE1sU0s1WUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACoMUkN3q8qOIDOi4+WX
MLrn6plYHWDeVLBXNqysaU5BODWI8gWn4jY1AE93uVZ0RlNI6rL+k0SYJyC/gh5l
c6G6OAh9d8zqAakSQWM8beEKONYI/Y/9s3aGEYKdFFDdQoh0fq6De2FMvm2N6dPm
GGcmS/8IfNIQEfLq59WMXh6cukD51YHWWlqzkMiVTbZfKm08pceW6+H6eTD6AOE4
/DSEjPf/RT0B+FPE3GIP7YZIOVsmFbrJQbxs8WEIWmeGF/U/F3OjqUxs7Fll7WaD
H4IaRt2WpI2MynM3TI2/aH/bRVTfTv+qwpoznNn5WHgd8+otUggYV8HDmslbaVIy
+zg=
-----END CERTIFICATE-----
Generated at Wed Jun 11 14:06:15 2025 by rpki-client