Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SDnP8ZEu6y_5_nfTM_UJKy10790.roa
File:                     SDnP8ZEu6y_5_nfTM_UJKy10790.roa (raw, json)
Hash identifier:          fPMOS9PCYCk6NMfh16YKKUdPrdQy0Zt0RmUl4vmwqUA=
Subject key identifier:   48:39:CF:F1:91:2E:EB:2F:F9:FE:77:D3:33:F5:09:2B:2D:74:EF:DD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189977D70FE40BCD029E8B2340FF39C0297
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SDnP8ZEu6y_5_nfTM_UJKy10790.roa
Signing time:             Thu 27 Jul 2023 13:15:27 +0000
ROA not before:           Thu 27 Jul 2023 13:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:97:7d:70:fe:40:bc:d0:29:e8:b2:34:0f:f3:9c:02:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 27 13:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4839cff1912eeb2ff9fe77d333f5092b2d74efdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:70:42:57:f9:b2:5e:f0:fc:95:7a:7a:4a:f2:
                    ce:c4:66:d0:b9:5b:a7:e6:8e:8f:68:b9:2f:da:a2:
                    c0:cf:0b:d0:71:48:89:a2:ae:ca:e5:8d:a2:46:b4:
                    2b:e8:b2:da:cc:b5:32:34:20:e5:14:8e:04:58:46:
                    7f:b3:17:40:6b:33:ee:59:1c:ab:80:49:62:33:8f:
                    2f:b9:01:a3:f4:16:8a:2c:40:98:8b:24:66:d5:fb:
                    5e:8f:b4:9c:90:2b:01:86:fa:85:b4:81:ce:82:83:
                    24:4c:bd:eb:e5:94:d9:ec:0a:cc:f0:da:99:73:d3:
                    4a:51:a0:04:49:bf:d2:8d:14:f0:70:06:e0:f5:20:
                    24:6f:b1:7b:3a:3b:38:eb:3f:cd:08:40:79:f0:0a:
                    3f:f2:d4:4e:d5:62:ca:2d:f0:3b:23:28:d7:e0:cd:
                    4e:42:72:d2:a7:c9:75:07:c7:c3:db:71:ff:40:c7:
                    3b:36:03:ea:01:ce:58:20:ba:83:3c:fa:ef:fd:ff:
                    cb:df:ff:3f:58:ab:89:bb:66:be:f1:fa:43:0c:3d:
                    11:0d:88:47:e9:cc:6f:41:c1:9e:70:20:70:35:42:
                    7b:c8:e7:22:8d:46:59:3e:49:55:eb:8b:97:0d:c8:
                    01:46:a7:d7:e1:43:25:ef:4d:0c:3d:f5:d0:06:8a:
                    a5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:39:CF:F1:91:2E:EB:2F:F9:FE:77:D3:33:F5:09:2B:2D:74:EF:DD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SDnP8ZEu6y_5_nfTM_UJKy10790.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:ef:c9:56:c2:9f:3c:40:81:2d:81:21:0d:9d:21:62:25:c8:
         7f:16:8f:e9:62:a0:0e:81:5e:4d:00:98:2e:b0:45:ed:62:ce:
         95:25:40:8d:c2:a5:3e:99:50:8a:17:5c:e8:3d:eb:f2:03:df:
         41:1b:18:04:15:65:e9:fa:5b:f0:87:c0:c1:5d:e5:ce:f7:e4:
         20:8a:4c:11:86:55:3b:d2:90:9c:c8:9b:70:c1:ca:2f:eb:1c:
         d9:04:8b:9a:8e:70:80:d7:9a:9c:c9:1a:f1:be:ed:7a:0a:96:
         6a:0b:6c:66:3e:03:52:29:ea:82:25:05:3f:a2:59:f5:79:71:
         9b:c9:9c:88:9a:d9:0c:4e:1b:09:1b:7d:e6:67:98:a5:4e:ac:
         8e:e8:c6:62:99:3e:f0:4a:a9:d0:2c:86:73:eb:89:6d:66:a1:
         6e:08:6a:c4:a8:c2:1a:11:36:f3:db:a8:49:a2:cd:0a:c5:0e:
         b0:82:08:75:86:81:19:b2:22:ac:7b:2b:7c:11:c9:45:03:46:
         fe:31:7b:e3:61:ac:e2:fa:a2:83:74:df:e2:71:b4:33:fc:98:
         c2:fa:03:11:75:07:29:cf:87:63:9f:ff:49:79:01:dd:c2:01:
         11:46:68:15:06:b7:19:1e:34:e7:4f:61:1d:b7:d4:7b:d9:74:
         e9:1b:7f:47
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmXfXD+QLzQKeiyNA/znAKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI3MTMxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODM5Y2ZmMTkxMmVlYjJmZjlmZTc3ZDMzM2Y1MDkyYjJkNzRlZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnBCV/myXvD8lXp6SvLOxGbQuVun
5o6PaLkv2qLAzwvQcUiJoq7K5Y2iRrQr6LLazLUyNCDlFI4EWEZ/sxdAazPuWRyr
gEliM48vuQGj9BaKLECYiyRm1ftej7SckCsBhvqFtIHOgoMkTL3r5ZTZ7ArM8NqZ
c9NKUaAESb/SjRTwcAbg9SAkb7F7Ojs46z/NCEB58Ao/8tRO1WLKLfA7IyjX4M1O
QnLSp8l1B8fD23H/QMc7NgPqAc5YILqDPPrv/f/L3/8/WKuJu2a+8fpDDD0RDYhH
6cxvQcGecCBwNUJ7yOcijUZZPklV64uXDcgBRqfX4UMl700MPfXQBoqlDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEg5z/GRLusv+f530zP1CSstdO/dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU0RuUDhaRXU2eV81X25mVE1fVUpLeTEwNzkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABXvyVbCnzxAgS2BIQ2d
IWIlyH8Wj+lioA6BXk0AmC6wRe1izpUlQI3CpT6ZUIoXXOg96/ID30EbGAQVZen6
W/CHwMFd5c735CCKTBGGVTvSkJzIm3DByi/rHNkEi5qOcIDXmpzJGvG+7XoKlmoL
bGY+A1Ip6oIlBT+iWfV5cZvJnIia2QxOGwkbfeZnmKVOrI7oxmKZPvBKqdAshnPr
iW1moW4IasSowhoRNvPbqEmizQrFDrCCCHWGgRmyIqx7K3wRyUUDRv4xe+NhrOL6
ooN03+JxtDP8mML6AxF1BynPh2Of/0l5Ad3CARFGaBUGtxkeNOdPYR231HvZdOkb
f0c=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:40:55 2025 by rpki-client