Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PXFw-vSQMcnBRspv49ZJD97uqfM.roa
File:                     PXFw-vSQMcnBRspv49ZJD97uqfM.roa (raw, json)
Hash identifier:          Sv11H4y9c5KXuoYLe99ovGBGw2ITYnbdaZ/2WtvGmiQ=
Subject key identifier:   3D:71:70:FA:F4:90:31:C9:C1:46:CA:6F:E3:D6:49:0F:DE:EE:A9:F3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01852668B897E69B8832801BEC555B0AACFC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PXFw-vSQMcnBRspv49ZJD97uqfM.roa
Signing time:             Sun 18 Dec 2022 18:04:35 +0000
ROA not before:           Sun 18 Dec 2022 18:04:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:2668:5687/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:26:68:b8:97:e6:9b:88:32:80:1b:ec:55:5b:0a:ac:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec 18 18:04:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3d7170faf49031c9c146ca6fe3d6490fdeeea9f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ef:76:e2:87:3d:cd:c2:df:0e:0d:40:42:44:
                    22:e2:94:d8:bf:9a:82:67:a3:78:6a:d9:33:05:cd:
                    35:62:ae:39:9e:99:cc:9a:0b:38:b8:3a:39:48:b1:
                    3f:77:78:ad:bf:14:8f:38:ab:63:0e:48:38:cd:36:
                    a4:b5:33:6b:8a:0c:85:4e:7e:86:42:86:51:60:49:
                    f7:b2:c3:97:5f:98:4d:aa:de:14:60:a7:bf:06:18:
                    f9:7c:d1:c8:fd:41:43:1a:69:e6:d6:89:b1:7d:88:
                    36:4e:25:1f:8e:cc:47:5c:8a:12:2a:c9:df:4b:f9:
                    f0:27:f7:8b:34:ea:46:29:9b:54:13:ac:67:3f:55:
                    c7:c4:f7:4f:c8:dd:4a:c8:78:42:2c:39:7b:24:ca:
                    5f:a4:21:ce:51:ae:67:7f:5c:17:05:a2:77:78:12:
                    2c:91:44:96:31:71:c4:29:87:ea:e0:96:7d:56:d0:
                    d1:4b:c8:c9:55:a2:19:9f:d9:5f:6f:5e:b0:0b:9a:
                    1d:bc:ad:c4:86:9e:a1:86:f8:7e:8b:e4:d0:76:da:
                    9e:fc:26:2b:c3:0f:c3:6b:5b:45:ac:5d:b0:97:c9:
                    64:da:59:c9:2a:12:55:b4:7a:14:a0:5f:31:ed:6e:
                    b9:33:99:1b:91:2a:a9:2f:a4:a3:ac:3f:53:db:69:
                    07:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:71:70:FA:F4:90:31:C9:C1:46:CA:6F:E3:D6:49:0F:DE:EE:A9:F3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PXFw-vSQMcnBRspv49ZJD97uqfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:90:92:0a:3c:6a:6e:df:fb:9d:3d:1c:51:9b:bd:ba:9f:f7:
         96:3a:03:95:4e:7c:4a:cc:30:c8:33:82:2f:5c:f1:c7:9f:05:
         05:83:c1:ad:3a:ac:0f:99:76:8c:55:0c:6d:de:70:cb:e4:6c:
         38:b8:28:61:92:d7:68:7e:64:d2:bf:54:13:4d:6d:9e:83:44:
         15:b1:4b:15:80:c0:c4:76:8a:76:db:c6:e0:dd:ac:fe:17:f2:
         95:43:5f:88:dc:ad:3b:b8:8a:36:4a:0d:87:4e:a5:a1:0a:8c:
         ee:e2:d3:b2:8d:73:66:95:4f:04:b4:16:bd:fe:84:35:99:49:
         ae:7f:06:72:25:85:79:30:4f:56:68:b5:ea:be:af:38:a1:e0:
         38:d3:85:69:c9:1a:ed:96:58:ed:d4:ec:b8:ac:85:47:10:f0:
         de:24:e8:de:38:66:a1:9d:b5:e0:66:44:19:d1:41:59:f2:1c:
         82:cf:2a:e6:b4:18:ef:ca:17:1c:d8:78:6d:37:f2:f6:56:85:
         28:32:16:33:99:1c:18:1e:a4:4a:68:fe:b1:91:50:36:2d:a7:
         80:76:52:00:42:09:14:f0:fd:c7:bd:3d:2a:53:7f:51:ae:a3:
         81:a9:1b:19:04:b6:6b:e8:4a:04:34:46:dc:d5:b7:41:fc:28:
         0f:df:1b:74
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYUmaLiX5puIMoAb7FVbCqz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjE4MTgwNDM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDcxNzBmYWY0OTAzMWM5YzE0NmNhNmZlM2Q2NDkwZmRlZWVhOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme924oc9zcLfDg1AQkQi4pTYv5qC
Z6N4atkzBc01Yq45npnMmgs4uDo5SLE/d3itvxSPOKtjDkg4zTaktTNrigyFTn6G
QoZRYEn3ssOXX5hNqt4UYKe/Bhj5fNHI/UFDGmnm1omxfYg2TiUfjsxHXIoSKsnf
S/nwJ/eLNOpGKZtUE6xnP1XHxPdPyN1KyHhCLDl7JMpfpCHOUa5nf1wXBaJ3eBIs
kUSWMXHEKYfq4JZ9VtDRS8jJVaIZn9lfb16wC5odvK3Ehp6hhvh+i+TQdtqe/CYr
ww/Da1tFrF2wl8lk2lnJKhJVtHoUoF8x7W65M5kbkSqpL6SjrD9T22kHDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD1xcPr0kDHJwUbKb+PWSQ/e7qnzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUFhGdy12U1FNY25CUnNwdjQ5WkpEOTd1cWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGmQkgo8am7f+509HFGb
vbqf95Y6A5VOfErMMMgzgi9c8cefBQWDwa06rA+ZdoxVDG3ecMvkbDi4KGGS12h+
ZNK/VBNNbZ6DRBWxSxWAwMR2inbbxuDdrP4X8pVDX4jcrTu4ijZKDYdOpaEKjO7i
07KNc2aVTwS0Fr3+hDWZSa5/BnIlhXkwT1Zoteq+rzih4DjThWnJGu2WWO3U7Lis
hUcQ8N4k6N44ZqGdteBmRBnRQVnyHILPKua0GO/KFxzYeG038vZWhSgyFjOZHBge
pEpo/rGRUDYtp4B2UgBCCRTw/ce9PSpTf1Guo4GpGxkEtmvoSgQ0RtzVt0H8KA/f
G3Q=
-----END CERTIFICATE-----
Generated at Tue Jun 10 08:31:59 2025 by rpki-client