Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TuuSpmQaqHVuKAcyRG-ITVLVImQ.roa
File:                     TuuSpmQaqHVuKAcyRG-ITVLVImQ.roa (raw, json)
Hash identifier:          aYU2uVVx1VctkGGQZn7AtUYmvCrFWkInBVIeuadASMU=
Subject key identifier:   4E:EB:92:A6:64:1A:A8:75:6E:28:07:32:44:6F:88:4D:52:D5:22:64
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189C59C8BADFEC7A485B768DF678611C5D5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TuuSpmQaqHVuKAcyRG-ITVLVImQ.roa
Signing time:             Sat 05 Aug 2023 12:11:58 +0000
ROA not before:           Sat 05 Aug 2023 12:11:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c5:9c:8b:ad:fe:c7:a4:85:b7:68:df:67:86:11:c5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug  5 12:11:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4eeb92a6641aa8756e280732446f884d52d52264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fb:56:b2:4a:5e:40:bf:14:47:5d:5f:73:38:
                    f3:f8:11:34:7d:a7:78:04:ec:c6:e0:43:3d:c0:45:
                    e0:42:20:a5:d1:76:72:67:32:81:db:d8:ad:f4:76:
                    34:11:44:97:bb:fb:73:59:7a:69:0a:a7:a0:87:a6:
                    2f:4f:8c:a4:cc:71:12:d9:96:d1:80:60:81:04:ed:
                    07:33:f5:18:ea:f2:73:d5:af:1f:59:1c:1a:98:4b:
                    8f:30:d8:f8:75:d3:90:da:9d:d0:53:82:45:c8:8f:
                    95:28:9b:34:e8:43:c9:9d:67:44:9c:a9:7f:ad:36:
                    05:9b:71:8d:1f:cc:95:bd:d0:9a:90:35:ed:88:a6:
                    f9:75:73:e6:62:77:12:a9:21:5f:0f:b9:58:34:d1:
                    0e:e7:53:70:df:88:c9:88:57:83:74:f7:dd:45:e7:
                    20:8a:4f:15:ba:71:dd:89:38:5f:a3:d3:7d:cc:b6:
                    bd:18:52:89:6b:4b:ce:66:9c:f3:67:ae:43:73:c2:
                    5f:b1:ac:79:06:1a:41:15:e0:ff:88:0d:12:fd:59:
                    16:01:7c:e5:5f:5b:d9:a7:86:62:1e:7b:c7:fe:83:
                    3e:56:e0:6d:01:64:38:ea:d7:e6:f4:76:21:79:bc:
                    fd:8b:1a:72:87:ae:17:64:3d:5e:de:a9:39:a0:93:
                    e3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:EB:92:A6:64:1A:A8:75:6E:28:07:32:44:6F:88:4D:52:D5:22:64
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TuuSpmQaqHVuKAcyRG-ITVLVImQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:de:87:7c:a1:9a:41:f9:e0:5b:81:06:d0:ef:ae:2b:48:60:
         3b:52:a1:85:12:47:6d:8e:b0:71:af:5b:c2:bd:ac:7b:5e:ab:
         45:ee:0d:0c:d7:0d:b4:4a:76:ff:d3:da:1a:e3:67:55:e4:9c:
         09:b3:20:8b:ba:fc:16:c2:1e:de:79:98:24:14:34:db:b9:71:
         e0:fa:97:a1:8e:0b:8b:9b:5c:45:a4:fa:6b:7f:8c:16:45:d4:
         e9:6e:87:c0:b0:ad:40:ae:60:fc:be:b5:3d:01:ed:37:27:84:
         bd:10:bb:44:a5:88:77:ad:c6:a5:93:4e:e8:90:37:4a:00:c8:
         b2:47:9d:32:07:a5:0e:c4:03:57:70:e0:d8:cb:fb:63:5f:60:
         0e:32:2a:7e:0c:84:6e:45:91:de:43:26:8d:25:c7:c2:91:19:
         e5:0a:75:e1:bf:84:1f:1c:fc:e2:9a:7b:bb:70:31:8d:26:b0:
         b9:c5:39:52:cd:f2:ff:ec:33:e8:04:82:d9:bb:28:01:32:cc:
         cb:3b:92:20:fc:c7:2b:c5:0b:c2:4d:2a:a6:35:8d:34:28:eb:
         1a:06:79:17:1e:b8:54:a0:69:bd:da:b2:ab:03:d7:bd:04:b6:
         62:ae:f0:29:e9:68:ec:a0:55:13:ad:60:c6:c6:1e:62:65:bb:
         fd:99:ea:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYnFnIut/sekhbdo32eGEcXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODA1MTIxMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWViOTJhNjY0MWFhODc1NmUyODA3MzI0NDZmODg0ZDUyZDUyMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPtWskpeQL8UR11fczjz+BE0fad4
BOzG4EM9wEXgQiCl0XZyZzKB29it9HY0EUSXu/tzWXppCqegh6YvT4ykzHES2ZbR
gGCBBO0HM/UY6vJz1a8fWRwamEuPMNj4ddOQ2p3QU4JFyI+VKJs06EPJnWdEnKl/
rTYFm3GNH8yVvdCakDXtiKb5dXPmYncSqSFfD7lYNNEO51Nw34jJiFeDdPfdRecg
ik8VunHdiThfo9N9zLa9GFKJa0vOZpzzZ65Dc8Jfsax5BhpBFeD/iA0S/VkWAXzl
X1vZp4ZiHnvH/oM+VuBtAWQ46tfm9HYhebz9ixpyh64XZD1e3qk5oJPjnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE7rkqZkGqh1bigHMkRviE1S1SJkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVHV1U3BtUWFxSFZ1S0FjeVJHLUlUVkxWSW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIneh3yhmkH54FuBBtDv
ritIYDtSoYUSR22OsHGvW8K9rHteq0XuDQzXDbRKdv/T2hrjZ1XknAmzIIu6/BbC
Ht55mCQUNNu5ceD6l6GOC4ubXEWk+mt/jBZF1Oluh8CwrUCuYPy+tT0B7TcnhL0Q
u0SliHetxqWTTuiQN0oAyLJHnTIHpQ7EA1dw4NjL+2NfYA4yKn4MhG5Fkd5DJo0l
x8KRGeUKdeG/hB8c/OKae7twMY0msLnFOVLN8v/sM+gEgtm7KAEyzMs7kiD8xyvF
C8JNKqY1jTQo6xoGeRceuFSgab3asqsD170EtmKu8CnpaOygVROtYMbGHmJlu/2Z
6gI=
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:21:20 2025 by rpki-client