Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y6y0HfFkdw-R2hLwQZyN-Uq6vk8.roa
File:                     Y6y0HfFkdw-R2hLwQZyN-Uq6vk8.roa (raw, json)
Hash identifier:          EdW2cRyw8wDDLgdvSHQDO2XyWVk5AUBhaiMgUGva0QY=
Subject key identifier:   63:AC:B4:1D:F1:64:77:0F:91:DA:12:F0:41:9C:8D:F9:4A:BA:BE:4F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BC994D6E524370FEE2285F8804A138E9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y6y0HfFkdw-R2hLwQZyN-Uq6vk8.roa
Signing time:             Thu 15 Jun 2023 01:09:03 +0000
ROA not before:           Thu 15 Jun 2023 01:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bc:99:4d:6e:52:43:70:fe:e2:28:5f:88:04:a1:38:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 01:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=63acb41df164770f91da12f0419c8df94ababe4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ed:d9:74:de:70:34:45:d8:c7:0c:58:e5:f9:
                    de:56:fe:fd:b3:f3:b5:02:65:80:9a:1c:07:68:a2:
                    73:d1:cd:d5:7b:10:f1:dd:8f:e0:49:13:5b:31:f0:
                    b4:40:0d:58:15:3b:b4:4b:19:40:41:c3:6f:ac:39:
                    94:a6:af:76:cb:db:60:a8:b6:93:56:7d:f4:24:00:
                    0c:35:54:71:77:48:6a:2a:b3:c4:96:10:3c:84:1e:
                    f3:c6:27:f1:58:dc:0d:74:67:d0:7d:1d:16:6a:38:
                    3e:0f:e0:14:76:a4:08:af:f5:d4:2f:19:bd:51:79:
                    5b:85:06:2d:cc:e7:f4:73:27:de:c0:fd:f3:74:00:
                    32:be:61:f6:2d:8f:65:48:31:4c:9a:51:a9:77:dc:
                    80:09:d2:a4:72:59:69:57:7e:0d:ee:a6:16:46:f0:
                    98:d9:58:e8:f9:66:c6:12:4c:6c:b1:12:37:22:db:
                    2b:2c:54:d6:64:79:ce:dd:df:0c:5c:4d:c9:26:3e:
                    23:14:a5:83:8f:68:e7:28:5e:c3:85:9e:ae:64:49:
                    d7:04:01:6b:ae:6e:80:36:71:49:75:82:70:26:be:
                    ca:c6:70:32:94:ff:52:a4:5f:5c:96:5a:00:91:89:
                    41:65:07:94:ff:5f:20:bc:2b:01:c6:9b:cd:b3:6c:
                    94:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:AC:B4:1D:F1:64:77:0F:91:DA:12:F0:41:9C:8D:F9:4A:BA:BE:4F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y6y0HfFkdw-R2hLwQZyN-Uq6vk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:51:f4:63:37:b3:55:57:c0:8b:1b:e8:22:ef:65:1d:74:60:
         3e:a5:e9:10:8e:4d:49:db:1a:16:69:37:91:c5:74:44:1e:d1:
         4f:35:37:2e:72:aa:ed:67:5a:20:57:46:9e:5b:77:5b:b0:bd:
         65:67:26:9e:21:b7:2c:12:19:be:34:ec:a3:4a:37:c2:96:14:
         04:32:8b:d1:32:5d:2c:7c:a9:b1:cb:f6:2e:27:b4:36:c1:ba:
         18:7f:d8:17:55:aa:86:26:cf:b7:ba:f1:ff:fe:af:8d:de:35:
         ed:bd:a0:3d:42:bb:c8:92:44:8d:4c:8f:fa:cd:91:b6:c4:ab:
         5d:73:6e:c9:45:08:4d:13:68:10:08:54:0a:f6:af:5b:e5:7b:
         90:75:15:9d:f9:31:a8:69:5c:d4:02:d1:01:a5:e2:5b:93:10:
         15:2f:09:06:34:8c:e1:e1:2d:06:24:cb:03:79:c6:4b:de:4b:
         33:9c:4e:9b:db:65:64:1b:07:84:eb:ff:fc:2b:67:ac:20:aa:
         37:dc:cf:7d:f2:6a:fd:5c:c7:bf:b0:39:a7:3b:7c:c6:db:81:
         ca:fc:df:41:d8:ea:45:65:d5:61:eb:e0:36:26:8b:c2:b7:82:
         3b:3b:0e:31:ac:30:55:b3:ba:5b:ae:bb:af:be:96:29:e7:88:
         66:bf:48:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi8mU1uUkNw/uIoX4gEoTjpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MDEwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2FjYjQxZGYxNjQ3NzBmOTFkYTEyZjA0MTljOGRmOTRhYmFiZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO3ZdN5wNEXYxwxY5fneVv79s/O1
AmWAmhwHaKJz0c3VexDx3Y/gSRNbMfC0QA1YFTu0SxlAQcNvrDmUpq92y9tgqLaT
Vn30JAAMNVRxd0hqKrPElhA8hB7zxifxWNwNdGfQfR0Wajg+D+AUdqQIr/XULxm9
UXlbhQYtzOf0cyfewP3zdAAyvmH2LY9lSDFMmlGpd9yACdKkcllpV34N7qYWRvCY
2Vjo+WbGEkxssRI3ItsrLFTWZHnO3d8MXE3JJj4jFKWDj2jnKF7DhZ6uZEnXBAFr
rm6ANnFJdYJwJr7KxnAylP9SpF9clloAkYlBZQeU/18gvCsBxpvNs2yUzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGOstB3xZHcPkdoS8EGcjflKur5PMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWTZ5MEhmRmtkdy1SMmhMd1FaeU4tVXE2dms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH1R9GM3s1VXwIsb6CLv
ZR10YD6l6RCOTUnbGhZpN5HFdEQe0U81Ny5yqu1nWiBXRp5bd1uwvWVnJp4htywS
Gb407KNKN8KWFAQyi9EyXSx8qbHL9i4ntDbBuhh/2BdVqoYmz7e68f/+r43eNe29
oD1Cu8iSRI1Mj/rNkbbEq11zbslFCE0TaBAIVAr2r1vle5B1FZ35MahpXNQC0QGl
4luTEBUvCQY0jOHhLQYkywN5xkveSzOcTpvbZWQbB4Tr//wrZ6wgqjfcz33yav1c
x7+wOac7fMbbgcr830HY6kVl1WHr4DYmi8K3gjs7DjGsMFWzuluuu6++linniGa/
SEk=
-----END CERTIFICATE-----
Generated at Tue Jun 10 18:26:38 2025 by rpki-client