Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q3ppwijTyBCtVHGgA8Wq8tqAo3Y.roa
File:                     Q3ppwijTyBCtVHGgA8Wq8tqAo3Y.roa (raw, json)
Hash identifier:          Nrn9SP8DP9cvSQDsbM2YRhisobEFVXuypHJCOf4APiU=
Subject key identifier:   43:7A:69:C2:28:D3:C8:10:AD:54:71:A0:03:C5:AA:F2:DA:80:A3:76
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018512AEA4F558925278D5BB808C46C4B374
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q3ppwijTyBCtVHGgA8Wq8tqAo3Y.roa
Signing time:             Wed 14 Dec 2022 22:08:33 +0000
ROA not before:           Wed 14 Dec 2022 22:08:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:12:ae:a4:f5:58:92:52:78:d5:bb:80:8c:46:c4:b3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec 14 22:08:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=437a69c228d3c810ad5471a003c5aaf2da80a376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:17:73:ee:a6:2b:56:94:f4:cd:18:0f:93:87:
                    b8:a9:f1:35:17:f3:59:f3:43:cc:9d:31:a2:a7:99:
                    b4:4f:6f:70:60:bd:68:32:bb:f3:df:5f:60:55:96:
                    b2:8f:99:7f:e8:90:0a:82:a0:ac:8a:02:ec:fa:8d:
                    21:d7:03:97:f4:21:83:40:99:51:78:0e:e5:29:67:
                    da:96:37:89:d3:b1:e1:87:5a:09:18:c9:f8:f8:66:
                    bc:7b:27:d6:a6:d6:cf:6e:81:fe:e1:81:ec:4c:9d:
                    7b:2c:14:16:35:c7:6f:e7:50:be:44:97:ec:65:5d:
                    ea:10:da:21:0b:07:80:1e:54:23:6b:39:9f:f7:7c:
                    c1:34:14:af:43:e3:a1:68:00:99:73:e9:8b:10:17:
                    a5:9c:0b:ea:f0:ee:ce:a6:a9:b9:27:8f:54:2f:64:
                    b0:51:ab:72:3d:06:d4:3f:4f:dd:70:66:07:4a:4c:
                    f3:38:31:40:95:9d:b0:21:b0:16:2c:fd:80:f6:72:
                    ba:7f:a3:49:9a:6f:9c:86:31:db:d8:55:83:e2:bc:
                    6e:94:cc:81:72:75:d8:50:24:a9:8c:b6:af:28:ba:
                    4c:9f:d3:fd:56:a4:dc:4f:f9:9a:36:64:84:41:63:
                    51:aa:94:4f:5f:6a:98:d4:ef:f0:47:50:ec:fb:b4:
                    d2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7A:69:C2:28:D3:C8:10:AD:54:71:A0:03:C5:AA:F2:DA:80:A3:76
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q3ppwijTyBCtVHGgA8Wq8tqAo3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:3e:a9:f7:70:f7:f1:a4:f4:d6:15:ef:5a:db:8b:43:04:7b:
         0d:c8:9a:f9:70:bd:af:41:1d:e6:8d:27:46:18:47:ea:04:a8:
         64:6a:71:b7:9b:27:13:27:35:b8:ca:6e:57:46:7a:01:48:26:
         0a:58:e9:1d:a2:0f:be:22:b8:00:f1:1a:bc:71:1d:e0:d3:a6:
         de:b0:70:4f:78:d5:93:3b:5b:5f:38:f2:ad:95:58:67:cc:a1:
         8b:32:d8:eb:be:f6:ce:93:cc:b2:94:ba:be:d3:75:88:3a:50:
         03:15:f5:a8:9d:ce:ee:1f:26:61:2b:f0:29:75:32:2d:6d:49:
         13:f2:67:06:78:9e:9e:20:37:95:9f:e6:db:1e:91:a1:24:fd:
         39:f3:8f:8f:96:4a:54:6d:0d:da:0d:10:1d:86:42:b5:71:5f:
         a8:8b:2c:1f:a5:42:b2:a2:83:ef:4d:45:5a:cc:1a:fa:28:46:
         99:59:ac:b2:f7:fb:00:a8:3f:f0:aa:06:ef:a7:f5:82:c9:1f:
         e4:ba:d0:3b:f7:9e:0a:f7:3b:a6:04:e2:0d:a2:94:85:41:e8:
         75:d2:e7:b8:ac:8d:30:36:87:00:6c:a0:59:d3:5b:cc:48:4f:
         f8:97:b1:d3:3f:4f:dd:6c:9e:99:db:ac:0c:92:69:bb:b8:81:
         e4:ae:e8:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYUSrqT1WJJSeNW7gIxGxLN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjE0MjIwODMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdhNjljMjI4ZDNjODEwYWQ1NDcxYTAwM2M1YWFmMmRhODBhMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBdz7qYrVpT0zRgPk4e4qfE1F/NZ
80PMnTGip5m0T29wYL1oMrvz319gVZayj5l/6JAKgqCsigLs+o0h1wOX9CGDQJlR
eA7lKWfaljeJ07Hhh1oJGMn4+Ga8eyfWptbPboH+4YHsTJ17LBQWNcdv51C+RJfs
ZV3qENohCweAHlQjazmf93zBNBSvQ+OhaACZc+mLEBelnAvq8O7Opqm5J49UL2Sw
UatyPQbUP0/dcGYHSkzzODFAlZ2wIbAWLP2A9nK6f6NJmm+chjHb2FWD4rxulMyB
cnXYUCSpjLavKLpMn9P9VqTcT/maNmSEQWNRqpRPX2qY1O/wR1Ds+7TSuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEN6acIo08gQrVRxoAPFqvLagKN2MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUTNwcHdpalR5QkN0VkhHZ0E4V3E4dHFBbzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKY+qfdw9/Gk9NYV71rb
i0MEew3Imvlwva9BHeaNJ0YYR+oEqGRqcbebJxMnNbjKbldGegFIJgpY6R2iD74i
uADxGrxxHeDTpt6wcE941ZM7W1848q2VWGfMoYsy2Ou+9s6TzLKUur7TdYg6UAMV
9aidzu4fJmEr8Cl1Mi1tSRPyZwZ4np4gN5Wf5tsekaEk/Tnzj4+WSlRtDdoNEB2G
QrVxX6iLLB+lQrKig+9NRVrMGvooRplZrLL3+wCoP/CqBu+n9YLJH+S60Dv3ngr3
O6YE4g2ilIVB6HXS57isjTA2hwBsoFnTW8xIT/iXsdM/T91snpnbrAySabu4geSu
6Ek=
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:02:35 2025 by rpki-client