Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QB5TBb2p9qvh_kkoehrNBXjzxXc.roa
File:                     QB5TBb2p9qvh_kkoehrNBXjzxXc.roa (raw, json)
Hash identifier:          /biosvH6s1KkdnO3nDlt0e1dPiPE0aspMoaUBbcMcGU=
Subject key identifier:   40:1E:53:05:BD:A9:F6:AB:E1:FE:49:28:7A:1A:CD:05:78:F3:C5:77
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0185677388A9607198A32F9561242D0E700C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QB5TBb2p9qvh_kkoehrNBXjzxXc.roa
Signing time:             Sat 31 Dec 2022 09:11:42 +0000
ROA not before:           Sat 31 Dec 2022 09:11:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:67:73:88:a9:60:71:98:a3:2f:95:61:24:2d:0e:70:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec 31 09:11:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=401e5305bda9f6abe1fe49287a1acd0578f3c577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:56:88:15:9d:08:f4:28:c5:51:93:c7:a2:4a:
                    e8:25:bc:af:ff:93:ba:19:28:aa:96:5a:a1:43:74:
                    bf:e3:66:dc:ae:54:c5:95:5c:07:93:db:d7:93:78:
                    dd:fe:ea:e5:93:80:ff:da:50:d8:2b:e0:28:fb:d3:
                    34:12:59:17:da:7f:0a:24:6d:c3:d5:d7:e6:b0:fb:
                    05:59:b5:76:0a:84:2d:91:94:e4:1e:78:92:f4:fe:
                    97:e4:cc:c8:7b:fa:bf:49:d5:7b:6b:2f:f5:8c:29:
                    5e:10:94:1d:b8:ca:91:eb:c8:e6:fb:fe:3a:00:2c:
                    5b:02:91:3d:c4:70:de:aa:de:4a:e7:54:2c:07:db:
                    5e:c6:28:ea:a3:e5:8e:36:ef:52:0b:97:05:f2:52:
                    12:92:7a:9d:1f:3a:7c:18:c4:aa:98:3d:19:42:4d:
                    0b:b4:95:23:82:66:a1:b6:7a:58:89:17:a3:47:4e:
                    7a:3d:41:ba:41:aa:9a:1c:71:09:a8:c4:9f:84:67:
                    38:cf:44:ff:94:f3:8b:ab:a9:e0:fc:06:60:85:2d:
                    14:ed:3b:4c:34:78:7e:f4:e2:d9:a5:b0:62:49:1b:
                    3a:7f:71:ab:da:e4:c0:33:8f:b5:f4:05:6b:43:9a:
                    9d:fc:c9:cf:d5:2a:32:93:c4:31:93:9d:54:b0:c7:
                    3b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1E:53:05:BD:A9:F6:AB:E1:FE:49:28:7A:1A:CD:05:78:F3:C5:77
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QB5TBb2p9qvh_kkoehrNBXjzxXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:9b:7a:99:0b:12:07:28:3b:dd:1b:91:22:ce:8d:00:16:a4:
         d5:4a:5c:40:c7:03:b2:03:4d:69:06:3a:04:e7:79:c9:be:b9:
         b0:15:01:db:3c:99:2e:f9:1a:cf:4c:32:be:81:d0:f3:26:e3:
         d5:70:bb:45:2a:0a:94:d6:91:4f:66:3f:56:7b:87:85:34:3d:
         93:41:aa:f6:1b:7a:5d:cb:5b:4e:47:24:0b:d4:83:e0:b0:62:
         c8:ad:2f:a9:7f:f6:e6:1d:01:95:71:9d:87:a5:5d:23:2f:da:
         9b:7a:fc:db:c9:5f:b4:b5:56:1e:78:f4:71:03:47:61:13:be:
         7c:e4:41:c0:4f:3e:6c:4c:46:cf:33:e5:57:10:ac:d2:35:58:
         c5:d5:77:04:4c:6a:b2:1f:30:a5:17:e6:0e:57:35:2c:88:76:
         60:c9:f1:a4:6b:ff:87:26:fe:32:b2:00:19:73:2a:23:5c:95:
         c0:35:d4:ce:f8:26:d7:62:02:b3:00:d5:f2:be:3b:01:48:75:
         18:c0:a1:33:53:91:b1:a4:85:9c:6d:cc:b5:05:92:97:b6:ac:
         96:a2:94:78:a8:b4:82:6f:6e:e8:00:72:84:cf:7f:d7:e7:45:
         b4:d0:68:f8:56:a4:1e:9e:e1:5d:7d:6e:c1:11:7d:87:e2:19:
         c0:42:f0:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVnc4ipYHGYoy+VYSQtDnAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjMxMDkxMTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFlNTMwNWJkYTlmNmFiZTFmZTQ5Mjg3YTFhY2QwNTc4ZjNjNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFaIFZ0I9CjFUZPHokroJbyv/5O6
GSiqllqhQ3S/42bcrlTFlVwHk9vXk3jd/urlk4D/2lDYK+Ao+9M0ElkX2n8KJG3D
1dfmsPsFWbV2CoQtkZTkHniS9P6X5MzIe/q/SdV7ay/1jCleEJQduMqR68jm+/46
ACxbApE9xHDeqt5K51QsB9texijqo+WONu9SC5cF8lISknqdHzp8GMSqmD0ZQk0L
tJUjgmahtnpYiRejR056PUG6QaqaHHEJqMSfhGc4z0T/lPOLq6ng/AZghS0U7TtM
NHh+9OLZpbBiSRs6f3Gr2uTAM4+19AVrQ5qd/MnP1Soyk8Qxk51UsMc71wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEAeUwW9qfar4f5JKHoazQV488V3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUUI1VEJiMnA5cXZoX2trb2Vock5CWGp6eFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHmbepkLEgcoO90bkSLO
jQAWpNVKXEDHA7IDTWkGOgTnecm+ubAVAds8mS75Gs9MMr6B0PMm49Vwu0UqCpTW
kU9mP1Z7h4U0PZNBqvYbel3LW05HJAvUg+CwYsitL6l/9uYdAZVxnYelXSMv2pt6
/NvJX7S1Vh549HEDR2ETvnzkQcBPPmxMRs8z5VcQrNI1WMXVdwRMarIfMKUX5g5X
NSyIdmDJ8aRr/4cm/jKyABlzKiNclcA11M74JtdiArMA1fK+OwFIdRjAoTNTkbGk
hZxtzLUFkpe2rJailHiotIJvbugAcoTPf9fnRbTQaPhWpB6e4V19bsERfYfiGcBC
8D8=
-----END CERTIFICATE-----
Generated at Mon Jun 9 19:16:57 2025 by rpki-client