Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NY_-vzH4xd6FD_7g39BRnWOmC2c.roa
File:                     NY_-vzH4xd6FD_7g39BRnWOmC2c.roa (raw, json)
Hash identifier:          S5gKPPM+Uw4RC21a9e03NufVKpy3maHsOrlUB8SjgtQ=
Subject key identifier:   35:8F:FE:BF:31:F8:C5:DE:85:0F:FE:E0:DF:D0:51:9D:63:A6:0B:67
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       8429D7D6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NY_-vzH4xd6FD_7g39BRnWOmC2c.roa
Signing time:             Sun 15 May 2022 05:08:40 +0000
ROA not before:           Sun 15 May 2022 05:08:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:180:a810:6542/128 maxlen: 128
                          2001:67c:64:ffff:0:180:466e:42dd/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:180:8961:505f/128 maxlen: 128
                          2001:67c:64:ffff:0:180:457:1e3f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2217334742 (0x8429d7d6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 15 05:08:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=358ffebf31f8c5de850ffee0dfd0519d63a60b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:72:6f:a1:98:04:3e:05:f2:3c:77:ab:b2:94:
                    e4:f8:b1:5f:7c:17:64:a3:c7:3d:41:cd:4f:3e:80:
                    09:69:37:a4:86:91:2b:2d:65:49:dd:b7:8a:8d:83:
                    66:ab:99:10:f2:3d:56:c3:63:6e:00:c0:c3:35:82:
                    cd:5f:13:a8:6a:d8:81:6a:09:9d:97:d7:35:13:f1:
                    5f:6e:a5:57:f3:b2:fa:54:37:b7:b9:df:76:5a:e9:
                    09:65:e6:4d:ca:c6:da:51:b6:e4:1f:bd:39:8a:4f:
                    7c:bb:ae:ff:cc:34:9b:0c:5d:b2:a6:28:7c:06:c7:
                    be:4b:cc:63:1b:9c:bf:7b:8f:c2:25:e1:0e:73:5f:
                    27:a6:b0:71:e2:83:b4:e0:61:7d:3a:73:3a:b9:07:
                    3b:09:79:05:bb:aa:96:2d:32:0c:32:cf:e2:a6:de:
                    41:f1:7d:3f:cb:71:bd:83:9e:2c:84:a5:45:d9:f6:
                    28:87:0d:db:c1:d4:37:4a:07:3a:8a:9e:34:9e:41:
                    34:67:20:b5:7a:71:db:08:d2:73:79:c5:f9:46:a6:
                    75:92:00:d1:01:52:f4:e0:b0:cb:24:83:99:38:d4:
                    a0:ef:ed:dd:b9:46:7f:0b:d5:6c:ac:42:28:6b:ff:
                    4f:6a:d0:f9:0f:f9:b0:c0:67:5a:26:92:38:28:d9:
                    bc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8F:FE:BF:31:F8:C5:DE:85:0F:FE:E0:DF:D0:51:9D:63:A6:0B:67
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NY_-vzH4xd6FD_7g39BRnWOmC2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:b0:97:4d:3e:bb:d1:7a:7c:61:34:15:83:24:90:20:3a:8c:
         62:f8:a3:50:64:c9:41:ee:2e:12:3b:81:b1:22:a7:4a:b0:84:
         79:77:ba:a9:72:a2:a7:f4:c6:b5:b3:93:1d:b4:18:b8:46:6e:
         2b:92:8f:84:c0:a9:94:92:58:91:bc:40:14:de:10:fc:ce:0a:
         2a:d8:4a:4b:f6:e7:fb:ac:ab:95:40:c5:1d:33:94:33:91:d9:
         eb:32:71:78:5c:0a:32:ca:d8:fe:ea:36:f8:7e:b6:21:9b:59:
         aa:79:d7:5e:51:1a:84:00:8d:ab:69:8d:fc:f7:0b:4f:0b:62:
         92:69:b1:dc:0a:b8:8f:54:81:0d:d4:2a:0e:80:a9:1a:63:2f:
         4d:9e:c9:99:0d:2b:08:64:13:7b:71:a1:c0:61:9b:28:d1:30:
         84:ad:0f:4f:4e:fb:c6:52:2f:24:1e:d8:e9:f6:07:37:81:a1:
         12:74:94:87:27:3c:82:87:f8:23:bb:86:50:97:7b:10:0f:23:
         c9:af:d8:2f:29:ab:62:23:03:87:35:52:10:5b:9d:b7:28:48:
         c0:93:e4:49:cc:4a:73:47:6e:ee:40:23:1e:47:6b:f2:af:af:
         26:47:fb:28:c4:c0:2b:7e:99:9c:a5:f9:53:6b:a4:30:cc:82:
         81:d8:ed:72
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIFAIQp19YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMo
NzIwNDdiZTE1YjI3NTkwMmRjZjYxN2RjM2QwZTE2ZGMxZjMwODAyMjAeFw0yMjA1
MTUwNTA4NDBaFw0yMzA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKDM1OGZmZWJmMzFm
OGM1ZGU4NTBmZmVlMGRmZDA1MTlkNjNhNjBiNjcwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgcm+hmAQ+BfI8d6uylOT4sV98F2Sjxz1BzU8+gAlpN6SG
kSstZUndt4qNg2armRDyPVbDY24AwMM1gs1fE6hq2IFqCZ2X1zUT8V9upVfzsvpU
N7e533Za6Qll5k3KxtpRtuQfvTmKT3y7rv/MNJsMXbKmKHwGx75LzGMbnL97j8Il
4Q5zXyemsHHig7TgYX06czq5BzsJeQW7qpYtMgwyz+Km3kHxfT/Lcb2DniyEpUXZ
9iiHDdvB1DdKBzqKnjSeQTRnILV6cdsI0nN5xflGpnWSANEBUvTgsMskg5k41KDv
7d25Rn8L1WysQihr/09q0PkP+bDAZ1omkjgo2by7AgMBAAGjggIaMIICFjAdBgNV
HQ4EFgQUNY/+vzH4xd6FD/7g39BRnWOmC2cwHwYDVR0jBBgwFoAUcgR74VsnWQLc
9hfcPQ4W3B8wgCIwDgYDVR0PAQH/BAQDAgeAMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVM
VC9jZ1I3NFZzbldRTGM5aGZjUFE0VzNCOHdnQ0kuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzVlLzc5ODQ0Ny0yMWY0LTQ1YWItOTlkYy0xYWJlM2FjMTBhYTYv
MS9OWV8tdnpINHhkNkZEXzdnMzlCUm5XT21DMmMucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVl
Lzc5ODQ0Ny0yMWY0LTQ1YWItOTlkYy0xYWJlM2FjMTBhYTYvMS9jZ1I3NFZzbldR
TGM5aGZjUFE0VzNCOHdnQ0kuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
MAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAPBABgwDwQCAAIwCQMHACABBnwA
ZDANBgkqhkiG9w0BAQsFAAOCAQEAhbCXTT670Xp8YTQVgySQIDqMYvijUGTJQe4u
EjuBsSKnSrCEeXe6qXKip/TGtbOTHbQYuEZuK5KPhMCplJJYkbxAFN4Q/M4KKthK
S/bn+6yrlUDFHTOUM5HZ6zJxeFwKMsrY/uo2+H62IZtZqnnXXlEahACNq2mN/PcL
Twtikmmx3Aq4j1SBDdQqDoCpGmMvTZ7JmQ0rCGQTe3GhwGGbKNEwhK0PT077xlIv
JB7Y6fYHN4GhEnSUhyc8gof4I7uGUJd7EA8jya/YLymrYiMDhzVSEFudtyhIwJPk
ScxKc0du7kAjHkdr8q+vJkf7KMTAK36ZnKX5U2ukMMyCgdjtcg==
-----END CERTIFICATE-----
Generated at Mon Jun 9 18:49:17 2025 by rpki-client