Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X2YTP5DxOz2QPbeiyxA2OOI3dwA.roa
File:                     X2YTP5DxOz2QPbeiyxA2OOI3dwA.roa (raw, json)
Hash identifier:          0H2ZZRo1a91Pcb+mRlkDaTG/HcLUDH0E2PvttoO7GJo=
Subject key identifier:   5F:66:13:3F:90:F1:3B:3D:90:3D:B7:A2:CB:10:36:38:E2:37:77:00
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BEF58FAD0F79D093C2D1B2D28DBCB0FE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X2YTP5DxOz2QPbeiyxA2OOI3dwA.roa
Signing time:             Thu 15 Jun 2023 12:09:03 +0000
ROA not before:           Thu 15 Jun 2023 12:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:be:f5:8f:ad:0f:79:d0:93:c2:d1:b2:d2:8d:bc:b0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 12:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f66133f90f13b3d903db7a2cb103638e2377700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8a:7d:0f:46:b8:ea:f1:a8:5d:a3:36:d7:6a:
                    68:d1:86:4c:59:af:0b:bd:83:fc:30:df:28:32:97:
                    d1:bd:14:4d:b6:ea:64:d9:bc:6a:0a:d1:ae:a8:66:
                    a6:f6:e4:ac:7e:73:a3:61:f6:f3:22:e8:c3:45:79:
                    c1:37:bc:e1:14:58:34:31:86:7c:95:45:e3:a5:da:
                    e9:d5:b4:55:82:14:dc:f3:92:32:aa:a9:7c:57:a4:
                    22:da:c8:94:31:67:cb:b8:07:0a:ea:50:97:15:99:
                    a7:78:e7:00:2a:dc:25:3c:f0:29:3e:31:ac:ef:70:
                    52:fa:dc:e7:b5:81:5f:77:88:86:e2:a9:fb:7b:cc:
                    fa:23:67:eb:08:d7:11:70:9f:5c:5a:3f:20:71:34:
                    15:e4:da:04:4f:e6:2a:26:78:23:d2:e6:1c:2f:f1:
                    08:4b:06:7b:04:a4:39:19:9d:a9:ab:05:68:15:de:
                    c3:97:85:2b:1f:88:68:a9:b3:cb:b7:b7:19:8e:0e:
                    fe:75:3d:9b:2e:0f:d9:d7:17:04:6b:48:26:37:69:
                    22:99:64:d3:d9:2d:35:53:b1:76:9b:04:71:61:24:
                    eb:7f:d2:6f:19:8c:c3:dc:96:7a:e0:aa:e6:30:3c:
                    18:0a:38:29:ff:47:8b:ba:08:3b:d7:a6:03:2b:9f:
                    c7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:66:13:3F:90:F1:3B:3D:90:3D:B7:A2:CB:10:36:38:E2:37:77:00
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X2YTP5DxOz2QPbeiyxA2OOI3dwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:0d:15:41:ca:18:4f:5c:b7:5c:fa:52:9c:d2:8a:c0:fd:56:
         b6:15:2f:00:6f:cc:47:bd:ec:8c:a0:55:d1:b2:35:ee:67:08:
         de:d4:39:bc:cb:24:09:62:5e:04:a3:70:82:4e:32:ed:bf:a7:
         63:72:92:9f:9e:f3:a1:8f:6b:ae:2d:c4:23:2f:cd:3e:fe:2a:
         a8:ef:4c:08:b1:b4:d5:2a:be:a8:e2:d8:c6:53:ef:94:ac:b6:
         ff:b5:69:1e:a0:8d:10:db:a8:ef:50:ff:26:71:e3:52:3a:33:
         02:86:01:f4:66:46:eb:81:ec:85:34:fc:96:31:9c:44:a0:60:
         d3:23:7d:5b:26:0c:0b:b7:58:4b:c5:f7:7d:d7:37:0d:51:0e:
         80:56:ca:28:1e:5f:71:8b:4d:cb:a4:24:96:11:3c:71:04:2a:
         0d:93:da:a3:8c:cc:df:be:7f:5d:f3:f1:37:ab:ba:28:39:65:
         27:fc:a7:57:00:b7:de:81:3b:04:6f:d0:3a:f2:d1:88:32:f2:
         0c:4b:7d:c7:b6:cd:cf:7a:b3:13:51:6b:eb:b9:4b:23:d5:8e:
         f4:e1:ae:47:24:60:ef:d3:57:25:4d:1a:46:6a:20:00:14:b1:
         81:c0:9b:e6:67:74:fa:2b:cf:61:cf:9f:b9:4a:4d:e7:2f:1d:
         fb:41:17:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi+9Y+tD3nQk8LRstKNvLD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MTIwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjY2MTMzZjkwZjEzYjNkOTAzZGI3YTJjYjEwMzYzOGUyMzc3NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArop9D0a46vGoXaM212po0YZMWa8L
vYP8MN8oMpfRvRRNtupk2bxqCtGuqGam9uSsfnOjYfbzIujDRXnBN7zhFFg0MYZ8
lUXjpdrp1bRVghTc85Iyqql8V6Qi2siUMWfLuAcK6lCXFZmneOcAKtwlPPApPjGs
73BS+tzntYFfd4iG4qn7e8z6I2frCNcRcJ9cWj8gcTQV5NoET+YqJngj0uYcL/EI
SwZ7BKQ5GZ2pqwVoFd7Dl4UrH4hoqbPLt7cZjg7+dT2bLg/Z1xcEa0gmN2kimWTT
2S01U7F2mwRxYSTrf9JvGYzD3JZ64KrmMDwYCjgp/0eLugg716YDK5/HXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF9mEz+Q8Ts9kD23ossQNjjiN3cAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWDJZVFA1RHhPejJRUGJlaXl4QTJPT0kzZHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACkNFUHKGE9ct1z6UpzS
isD9VrYVLwBvzEe97IygVdGyNe5nCN7UObzLJAliXgSjcIJOMu2/p2Nykp+e86GP
a64txCMvzT7+KqjvTAixtNUqvqji2MZT75Sstv+1aR6gjRDbqO9Q/yZx41I6MwKG
AfRmRuuB7IU0/JYxnESgYNMjfVsmDAu3WEvF933XNw1RDoBWyigeX3GLTcukJJYR
PHEEKg2T2qOMzN++f13z8Teruig5ZSf8p1cAt96BOwRv0Dry0Ygy8gxLfce2zc96
sxNRa+u5SyPVjvThrkckYO/TVyVNGkZqIAAUsYHAm+ZndPorz2HPn7lKTecvHftB
F6w=
-----END CERTIFICATE-----
Generated at Mon Jun 9 08:25:42 2025 by rpki-client