Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UqRP2INsMVjcz7m4-5U0S4fhwdw.roa
File:                     UqRP2INsMVjcz7m4-5U0S4fhwdw.roa (raw, json)
Hash identifier:          fWZnaI8xxhrWX8GxIM4T/Jr8GdtqtA1D4mZ62/9iUSg=
Subject key identifier:   52:A4:4F:D8:83:6C:31:58:DC:CF:B9:B8:FB:95:34:4B:87:E1:C1:DC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018A2F96B1068A249A027198FD671E865E20
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UqRP2INsMVjcz7m4-5U0S4fhwdw.roa
Signing time:             Sat 26 Aug 2023 02:05:19 +0000
ROA not before:           Sat 26 Aug 2023 02:05:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18a:2f95:d578/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:2f:96:b1:06:8a:24:9a:02:71:98:fd:67:1e:86:5e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug 26 02:05:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=52a44fd8836c3158dccfb9b8fb95344b87e1c1dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:05:4d:81:ab:62:65:df:8b:5d:c2:d5:0e:b4:
                    c2:54:7a:d0:4f:8e:6a:93:31:6a:e2:ce:b2:5b:6a:
                    88:ea:eb:0f:c5:68:30:39:50:24:ee:ed:7d:19:fc:
                    e0:55:19:0f:7d:f7:28:d0:54:20:8a:d7:3a:86:bb:
                    c6:38:53:0f:7c:9c:b2:4e:ab:29:69:e2:25:ed:a9:
                    cb:51:d9:bf:e3:f5:c0:cb:94:1d:12:dc:a6:3d:7e:
                    0f:41:5e:97:11:f4:49:53:26:b2:93:a4:6a:75:eb:
                    eb:3f:98:b5:37:34:8e:64:e0:85:6b:a2:0d:59:55:
                    f8:4c:46:98:12:db:66:72:4a:66:68:4c:85:91:a6:
                    74:5e:a9:0c:ff:d8:7c:b0:ca:b1:ae:27:6e:41:40:
                    60:17:82:f6:33:8e:b8:63:d2:ac:4b:f3:90:04:f6:
                    75:64:b3:b8:0a:7a:7d:8c:12:e2:a1:c5:b8:0f:d5:
                    de:55:10:19:f7:73:c7:23:40:2f:9f:b7:d2:b7:77:
                    eb:35:ea:d7:59:73:02:b2:fe:c0:b4:ac:a7:b1:eb:
                    60:95:f8:b5:92:b9:f3:87:14:37:d8:59:58:1f:c7:
                    43:d1:79:ff:b6:bc:ba:14:c7:1d:86:91:c4:3e:52:
                    0c:bd:71:f3:86:b3:9b:7f:74:72:53:37:38:ce:ba:
                    af:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A4:4F:D8:83:6C:31:58:DC:CF:B9:B8:FB:95:34:4B:87:E1:C1:DC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UqRP2INsMVjcz7m4-5U0S4fhwdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:83:d1:90:0b:96:65:18:4e:c1:5c:f8:dd:57:7a:e2:46:44:
         0b:62:06:59:db:fb:2e:b3:81:8c:36:b4:ad:7f:33:af:fe:4f:
         cf:93:4d:e8:87:02:8c:ee:e1:ac:a0:3d:d1:f9:61:bc:e1:7c:
         dd:24:ca:96:5a:e8:64:0a:21:63:1b:a6:39:4d:89:3e:cf:48:
         cd:1f:54:49:2b:d0:1d:7d:1d:6b:d1:53:da:eb:2b:76:55:bf:
         0e:77:ec:01:20:d5:6d:c6:d1:6b:12:e8:37:e5:5d:55:ea:30:
         cd:52:52:4c:29:00:7b:a5:a6:7d:64:95:8e:e5:a8:bc:49:fc:
         9b:c8:78:8b:00:31:4e:ea:6a:2a:5a:5e:a7:8b:b3:cb:40:e8:
         8c:f5:12:7e:6e:c9:b1:d7:a5:49:2b:89:eb:c7:8b:24:36:32:
         6b:ca:e6:97:04:14:29:2a:5f:44:e4:5a:16:44:55:99:e4:34:
         d4:3a:af:65:dc:d1:8d:64:40:ca:f0:ca:ce:f0:e6:83:48:06:
         08:25:83:56:75:96:07:ad:56:23:0a:6a:ec:ee:45:fd:a8:6b:
         30:b3:ff:2b:35:7e:0b:92:bd:6d:49:72:69:15:79:4e:11:4e:
         a6:dc:98:5e:d7:85:98:f6:90:03:5e:24:ec:1d:01:21:30:f2:
         91:d4:4b:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYovlrEGiiSaAnGY/Wcehl4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODI2MDIwNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmE0NGZkODgzNmMzMTU4ZGNjZmI5YjhmYjk1MzQ0Yjg3ZTFjMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gVNgatiZd+LXcLVDrTCVHrQT45q
kzFq4s6yW2qI6usPxWgwOVAk7u19GfzgVRkPffco0FQgitc6hrvGOFMPfJyyTqsp
aeIl7anLUdm/4/XAy5QdEtymPX4PQV6XEfRJUyayk6RqdevrP5i1NzSOZOCFa6IN
WVX4TEaYEttmckpmaEyFkaZ0XqkM/9h8sMqxriduQUBgF4L2M464Y9KsS/OQBPZ1
ZLO4Cnp9jBLiocW4D9XeVRAZ93PHI0Avn7fSt3frNerXWXMCsv7AtKynsetglfi1
krnzhxQ32FlYH8dD0Xn/try6FMcdhpHEPlIMvXHzhrObf3RyUzc4zrqvhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFKkT9iDbDFY3M+5uPuVNEuH4cHcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVXFSUDJJTnNNVmpjejdtNC01VTBTNGZod2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHuD0ZALlmUYTsFc+N1X
euJGRAtiBlnb+y6zgYw2tK1/M6/+T8+TTeiHAozu4aygPdH5YbzhfN0kypZa6GQK
IWMbpjlNiT7PSM0fVEkr0B19HWvRU9rrK3ZVvw537AEg1W3G0WsS6DflXVXqMM1S
UkwpAHulpn1klY7lqLxJ/JvIeIsAMU7qaipaXqeLs8tA6Iz1En5uybHXpUkrievH
iyQ2MmvK5pcEFCkqX0TkWhZEVZnkNNQ6r2Xc0Y1kQMrwys7w5oNIBgglg1Z1lget
ViMKauzuRf2oazCz/ys1fguSvW1JcmkVeU4RTqbcmF7XhZj2kANeJOwdASEw8pHU
S3I=
-----END CERTIFICATE-----
Generated at Thu Jun 12 08:36:13 2025 by rpki-client