Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa
File:                     QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa (raw, json)
Hash identifier:          gbsYBItj8qfhmv5cHh4rMJUDkkXtkEnaHSQi/AXAf3Y=
Subject key identifier:   41:1C:B3:37:4E:CE:8E:BF:30:07:7A:D5:08:78:50:30:F3:BB:E1:3B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01866EEDB527A0739877E79663A415C1A381
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa
Signing time:             Mon 20 Feb 2023 13:05:17 +0000
ROA not before:           Mon 20 Feb 2023 13:05:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:6eec:fa44/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:6e:ed:b5:27:a0:73:98:77:e7:96:63:a4:15:c1:a3:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 20 13:05:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=411cb3374ece8ebf30077ad508785030f3bbe13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:46:ae:45:7f:89:80:09:a2:05:3b:30:bb:c6:
                    06:e5:64:78:ee:c1:6e:d8:21:37:ed:82:52:04:3a:
                    45:6e:14:ee:d3:79:eb:bf:cd:7d:e5:45:6d:ad:50:
                    b4:fe:65:71:35:89:ea:ac:bb:29:9c:61:67:26:91:
                    5b:2f:1b:7b:50:ef:10:98:ff:68:cd:f4:26:ca:84:
                    28:b1:26:47:bd:76:5e:a9:38:2f:f8:e0:76:d4:18:
                    38:45:ad:6f:fd:2e:67:7d:35:e6:0e:71:8c:d9:a9:
                    51:ba:41:88:95:9c:bc:de:b0:e6:d2:87:d7:70:7d:
                    4d:d0:7a:0b:6e:11:7b:0d:21:ef:c5:3c:ac:71:61:
                    6a:82:30:88:bb:4f:a7:0c:63:27:72:5a:3d:5d:ba:
                    d4:22:7d:16:b3:e7:1b:ac:b2:73:96:1e:53:e9:ce:
                    94:c6:0f:a9:5a:be:42:71:34:d6:0a:be:4b:8f:f0:
                    12:aa:16:16:24:7d:a4:55:f7:5b:30:84:e2:b7:fb:
                    f6:76:a0:f5:db:21:ec:59:e1:80:56:66:b1:5c:6e:
                    1d:87:be:41:bb:45:34:80:46:57:34:48:11:64:8f:
                    13:89:0b:2b:47:4c:71:38:87:c0:e9:87:5d:63:59:
                    e9:20:45:3e:88:ea:89:d4:2c:1f:1a:8a:20:fa:83:
                    63:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1C:B3:37:4E:CE:8E:BF:30:07:7A:D5:08:78:50:30:F3:BB:E1:3B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:c4:32:59:8e:ab:a1:b3:5f:50:2c:07:ed:c1:b2:ca:80:57:
         e4:f3:34:50:1e:5c:46:30:e9:0f:d1:49:71:2f:66:a9:df:31:
         56:58:ce:29:11:b2:21:be:b3:3a:94:c9:9e:0f:6d:1e:2f:7c:
         ab:3c:f9:f8:9b:58:60:63:6d:b7:f1:30:93:d2:36:ec:57:b5:
         1b:77:43:31:de:10:44:91:e2:27:57:5c:29:fc:66:4b:4b:8a:
         3d:b8:80:10:79:7a:8e:f2:42:a2:75:66:58:6c:51:25:d5:18:
         6b:91:cd:35:b4:72:ad:9f:90:72:8e:59:58:8d:bf:bb:3c:7d:
         fb:7a:bc:cb:27:16:d1:c8:bf:3b:0d:e2:50:be:22:bc:6e:e2:
         48:52:58:fe:e8:fc:5a:9e:a3:18:b3:78:4e:da:00:cf:80:c1:
         45:ee:2f:98:96:e6:0e:3c:ff:a9:fc:d7:76:36:32:53:86:47:
         4f:6d:75:99:12:e3:3e:45:d3:d6:46:98:85:5d:7b:7a:ed:81:
         b6:ce:34:64:77:65:49:aa:8c:4d:07:a7:42:4c:bc:3f:d7:14:
         f1:ac:a2:99:fb:6f:b8:d0:05:f4:06:61:00:93:8f:2f:7d:c8:
         27:3c:11:e6:6f:83:a6:8e:54:3b:43:93:8e:1f:fb:c4:0d:12:
         8c:97:4d:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZu7bUnoHOYd+eWY6QVwaOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjIwMTMwNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFjYjMzNzRlY2U4ZWJmMzAwNzdhZDUwODc4NTAzMGYzYmJlMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEauRX+JgAmiBTswu8YG5WR47sFu
2CE37YJSBDpFbhTu03nrv8195UVtrVC0/mVxNYnqrLspnGFnJpFbLxt7UO8QmP9o
zfQmyoQosSZHvXZeqTgv+OB21Bg4Ra1v/S5nfTXmDnGM2alRukGIlZy83rDm0ofX
cH1N0HoLbhF7DSHvxTyscWFqgjCIu0+nDGMnclo9XbrUIn0Ws+cbrLJzlh5T6c6U
xg+pWr5CcTTWCr5Lj/ASqhYWJH2kVfdbMITit/v2dqD12yHsWeGAVmaxXG4dh75B
u0U0gEZXNEgRZI8TiQsrR0xxOIfA6YddY1npIEU+iOqJ1CwfGoog+oNjVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEEcszdOzo6/MAd61Qh4UDDzu+E7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUVJ5ek4wN09qcjh3QjNyVkNIaFFNUE83NFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACrEMlmOq6GzX1AsB+3B
ssqAV+TzNFAeXEYw6Q/RSXEvZqnfMVZYzikRsiG+szqUyZ4PbR4vfKs8+fibWGBj
bbfxMJPSNuxXtRt3QzHeEESR4idXXCn8ZktLij24gBB5eo7yQqJ1ZlhsUSXVGGuR
zTW0cq2fkHKOWViNv7s8fft6vMsnFtHIvzsN4lC+Irxu4khSWP7o/FqeoxizeE7a
AM+AwUXuL5iW5g48/6n813Y2MlOGR09tdZkS4z5F09ZGmIVde3rtgbbONGR3ZUmq
jE0Hp0JMvD/XFPGsopn7b7jQBfQGYQCTjy99yCc8EeZvg6aOVDtDk44f+8QNEoyX
TcA=
-----END CERTIFICATE-----
Generated at Tue Jun 10 22:31:47 2025 by rpki-client