Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X2LJCOZEI2pyWpMDLNAychCy3rQ.roa
File:                     X2LJCOZEI2pyWpMDLNAychCy3rQ.roa (raw, json)
Hash identifier:          /s7xhmTUvxvjkR71J8BUlZ9Txftikn1hRLrXOXCcpIY=
Subject key identifier:   5F:62:C9:08:E6:44:23:6A:72:5A:93:03:2C:D0:32:72:10:B2:DE:B4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018A1D2D43F240F35E7BC3FB51B062BFF0FC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X2LJCOZEI2pyWpMDLNAychCy3rQ.roa
Signing time:             Tue 22 Aug 2023 12:17:00 +0000
ROA not before:           Tue 22 Aug 2023 12:17:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18a:178d:7ed9/128 maxlen: 128
                          2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:1d:2d:43:f2:40:f3:5e:7b:c3:fb:51:b0:62:bf:f0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug 22 12:17:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f62c908e644236a725a93032cd0327210b2deb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1a:ee:b4:6d:39:25:be:af:f6:51:ce:0e:7e:
                    e3:e8:a8:7d:c8:bb:c1:2e:1b:e5:74:89:03:f0:83:
                    74:99:33:54:3a:e0:de:69:4d:d2:73:3c:a9:ae:96:
                    aa:d5:a4:48:bc:9f:57:37:4c:43:dc:76:3a:21:b6:
                    fa:08:01:6d:39:01:1f:c7:3f:8e:b7:21:53:db:51:
                    07:d9:3f:af:c3:08:a0:de:49:9f:59:3c:70:43:c8:
                    d8:76:be:43:2b:26:49:a9:7a:d2:21:12:64:c0:87:
                    8a:89:3f:3e:d4:b9:c9:83:ba:81:6a:bd:16:a0:82:
                    b0:4c:e4:f1:10:65:ce:40:b4:b8:35:65:bb:7f:c3:
                    08:bf:8b:a3:12:c0:b1:3f:6b:76:37:37:9f:66:af:
                    f5:26:bb:ad:76:6b:35:6e:7f:55:38:21:3e:8b:b4:
                    99:0a:7b:6d:80:49:8b:58:8d:6e:d7:d9:e0:57:a9:
                    8d:dc:43:80:7f:a6:de:bf:85:6b:a5:43:7a:85:d6:
                    40:32:91:98:10:c9:9e:b3:a3:bf:0f:5f:8f:b3:9c:
                    35:86:75:8a:21:59:79:78:83:11:65:82:62:fe:91:
                    64:44:ce:3e:d6:b5:8e:5c:7b:08:aa:a7:b4:e5:3d:
                    f2:c9:e6:a8:31:6a:ee:2e:e8:c6:ee:ac:1f:86:fe:
                    dc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:62:C9:08:E6:44:23:6A:72:5A:93:03:2C:D0:32:72:10:B2:DE:B4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X2LJCOZEI2pyWpMDLNAychCy3rQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:9a:55:c5:36:91:ac:8f:45:2c:3c:c7:5e:ab:dc:6a:ef:91:
         6d:69:bc:a3:5c:42:9e:41:e8:c4:e4:a1:9f:0f:e0:89:62:e9:
         bb:d8:73:39:f4:7f:d3:d3:2d:3a:08:53:50:80:4b:42:af:4e:
         ba:81:18:44:5a:ec:ec:4a:a0:7b:d4:1c:96:81:74:fc:b3:6e:
         07:09:e5:98:62:d6:8b:db:56:a3:44:87:e0:08:8f:f0:47:f0:
         d4:0d:23:e0:5b:99:de:68:40:d3:3a:10:ac:f0:b5:0e:be:1f:
         af:3c:31:fd:da:3e:c1:90:55:01:80:fe:a3:be:eb:f6:a1:4a:
         50:d1:37:b7:3c:6e:5b:f5:5a:ba:f0:6f:6e:b6:3a:32:96:20:
         a5:08:89:7e:89:df:65:2a:60:05:b2:29:cc:56:0d:6d:22:43:
         56:f5:77:52:60:40:ef:a6:ae:a3:95:33:81:e1:fe:fb:4b:ff:
         1a:6d:f5:d0:e4:91:c6:e1:23:a9:30:34:0d:06:69:f9:59:a6:
         b1:47:ad:ae:8c:98:e9:49:1e:a8:78:10:4e:fc:41:6c:ed:68:
         34:e7:9a:0d:f1:be:b0:16:32:e0:89:d9:3b:e9:95:7f:56:89:
         58:42:8f:39:8b:5d:dd:36:87:e3:e1:1d:3a:08:97:ba:67:77:
         b3:64:89:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYodLUPyQPNee8P7UbBiv/D8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODIyMTIxNzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjYyYzkwOGU2NDQyMzZhNzI1YTkzMDMyY2QwMzI3MjEwYjJkZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRrutG05Jb6v9lHODn7j6Kh9yLvB
LhvldIkD8IN0mTNUOuDeaU3Sczyprpaq1aRIvJ9XN0xD3HY6Ibb6CAFtOQEfxz+O
tyFT21EH2T+vwwig3kmfWTxwQ8jYdr5DKyZJqXrSIRJkwIeKiT8+1LnJg7qBar0W
oIKwTOTxEGXOQLS4NWW7f8MIv4ujEsCxP2t2NzefZq/1Jrutdms1bn9VOCE+i7SZ
CnttgEmLWI1u19ngV6mN3EOAf6bev4VrpUN6hdZAMpGYEMmes6O/D1+Ps5w1hnWK
IVl5eIMRZYJi/pFkRM4+1rWOXHsIqqe05T3yyeaoMWruLujG7qwfhv7cxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF9iyQjmRCNqclqTAyzQMnIQst60MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWDJMSkNPWkVJMnB5V3BNRExOQXljaEN5M3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJWaVcU2kayPRSw8x16r
3GrvkW1pvKNcQp5B6MTkoZ8P4Ili6bvYczn0f9PTLToIU1CAS0KvTrqBGERa7OxK
oHvUHJaBdPyzbgcJ5Zhi1ovbVqNEh+AIj/BH8NQNI+Bbmd5oQNM6EKzwtQ6+H688
Mf3aPsGQVQGA/qO+6/ahSlDRN7c8blv1Wrrwb262OjKWIKUIiX6J32UqYAWyKcxW
DW0iQ1b1d1JgQO+mrqOVM4Hh/vtL/xpt9dDkkcbhI6kwNA0GaflZprFHra6MmOlJ
Hqh4EE78QWztaDTnmg3xvrAWMuCJ2TvplX9WiVhCjzmLXd02h+PhHToIl7pnd7Nk
iaM=
-----END CERTIFICATE-----
Generated at Tue Jun 10 12:26:19 2025 by rpki-client