Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y9pueJGUWG-SYlmgDu-7fo0TDZQ.roa
File:                     Y9pueJGUWG-SYlmgDu-7fo0TDZQ.roa (raw, json)
Hash identifier:          QkGogIvfgQ7Ve4Bc6QG2btkm4HJm5B9f00Av7QCy/Qw=
Subject key identifier:   63:DA:6E:78:91:94:58:6F:92:62:59:A0:0E:EF:BB:7E:8D:13:0D:94
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186EFABEC7EB9E04ED459D8DFF25E19BC2C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y9pueJGUWG-SYlmgDu-7fo0TDZQ.roa
Signing time:             Fri 17 Mar 2023 13:04:27 +0000
ROA not before:           Fri 17 Mar 2023 13:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:efab:e455/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ef:ab:ec:7e:b9:e0:4e:d4:59:d8:df:f2:5e:19:bc:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 17 13:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=63da6e789194586f926259a00eefbb7e8d130d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dc:cf:d4:d5:b0:c6:34:5f:84:92:27:40:ec:
                    8a:7d:49:e9:eb:c8:53:1b:5c:d0:dd:31:7b:92:cd:
                    89:00:1a:d8:a9:48:c1:27:10:6f:4c:96:b2:77:ad:
                    72:b5:77:3b:b5:8b:aa:95:e7:51:e4:f2:69:f4:59:
                    0b:e3:c2:fc:e0:3c:0a:28:57:0f:bd:86:a2:92:c5:
                    c7:b7:c1:9e:e7:04:c7:b3:ec:f4:3b:aa:75:cd:3f:
                    a0:58:72:36:97:fd:68:f1:6c:dd:06:30:a5:e7:1d:
                    f1:d9:48:37:89:7a:37:fd:e4:23:4d:b8:c6:b3:11:
                    44:13:83:6a:e1:59:34:7d:32:93:cc:03:60:70:52:
                    32:a8:cd:36:2d:0d:91:9c:b6:e3:d2:f3:e4:c0:d5:
                    64:fe:b6:64:22:11:ef:eb:28:69:97:1a:fe:dd:23:
                    04:39:ed:96:d0:b0:f9:a3:83:47:f3:3d:51:80:33:
                    7b:6a:48:0e:3a:d3:b6:c9:b0:f8:42:2c:82:b6:d5:
                    f3:97:cd:c9:45:b8:b7:11:c5:91:fe:f2:59:81:58:
                    f2:08:8a:8c:fe:42:51:84:2d:be:77:77:52:a1:a8:
                    61:21:30:e3:e4:9d:3b:00:81:6e:27:e2:e2:61:da:
                    51:b8:9e:d7:f4:21:94:1a:3c:a8:18:36:cb:d9:89:
                    7c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DA:6E:78:91:94:58:6F:92:62:59:A0:0E:EF:BB:7E:8D:13:0D:94
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y9pueJGUWG-SYlmgDu-7fo0TDZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:7f:fb:3d:9d:13:b0:de:93:6b:a4:bd:4a:3b:83:f3:f1:5d:
         e1:9e:d3:18:34:75:88:50:82:fb:3f:4d:00:34:f8:7d:1f:b2:
         57:3a:8f:68:53:32:da:23:d9:62:41:7a:18:9e:86:97:84:08:
         2c:f3:64:ef:4a:0b:73:61:8a:77:f5:81:12:f6:eb:e1:32:64:
         9b:25:2f:56:a6:e3:61:05:1d:ba:4c:fd:1e:30:97:ad:a5:6a:
         b8:8a:88:fd:bc:61:7f:1f:1a:87:c5:f9:d9:60:0e:cb:c3:dc:
         2e:30:d7:16:46:c2:99:3f:09:13:be:bd:d6:6f:45:ff:71:52:
         5d:0f:45:3d:2a:17:2a:3b:f0:fd:4d:49:03:79:93:7a:fc:44:
         e3:77:5b:0f:db:55:2a:de:64:8c:af:67:a7:42:69:06:cc:33:
         4d:89:74:a8:97:8e:87:32:e8:45:73:de:e9:6a:b7:f5:c1:c5:
         56:9f:16:83:b3:10:8b:22:ff:4b:7c:5f:3c:01:0e:c5:99:9f:
         74:51:ab:57:be:20:e0:72:8d:93:9d:13:33:e5:0e:50:80:09:
         ca:91:0f:e5:9b:4f:79:08:13:ab:7b:c7:ae:55:c2:52:92:90:
         bf:8c:bd:63:5f:03:d9:72:71:dc:9b:8b:00:b7:6a:25:1e:bd:
         e2:2e:99:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbvq+x+ueBO1FnY3/JeGbwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE3MTMwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RhNmU3ODkxOTQ1ODZmOTI2MjU5YTAwZWVmYmI3ZThkMTMwZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdzP1NWwxjRfhJInQOyKfUnp68hT
G1zQ3TF7ks2JABrYqUjBJxBvTJayd61ytXc7tYuqledR5PJp9FkL48L84DwKKFcP
vYaiksXHt8Ge5wTHs+z0O6p1zT+gWHI2l/1o8WzdBjCl5x3x2Ug3iXo3/eQjTbjG
sxFEE4Nq4Vk0fTKTzANgcFIyqM02LQ2RnLbj0vPkwNVk/rZkIhHv6yhplxr+3SME
Oe2W0LD5o4NH8z1RgDN7akgOOtO2ybD4QiyCttXzl83JRbi3EcWR/vJZgVjyCIqM
/kJRhC2+d3dSoahhITDj5J07AIFuJ+LiYdpRuJ7X9CGUGjyoGDbL2Yl8qQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGPabniRlFhvkmJZoA7vu36NEw2UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWTlwdWVKR1VXRy1TWWxtZ0R1LTdmbzBURFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADN/+z2dE7Dek2ukvUo7
g/PxXeGe0xg0dYhQgvs/TQA0+H0fslc6j2hTMtoj2WJBehiehpeECCzzZO9KC3Nh
inf1gRL26+EyZJslL1am42EFHbpM/R4wl62lariKiP28YX8fGofF+dlgDsvD3C4w
1xZGwpk/CRO+vdZvRf9xUl0PRT0qFyo78P1NSQN5k3r8RON3Ww/bVSreZIyvZ6dC
aQbMM02JdKiXjocy6EVz3ulqt/XBxVafFoOzEIsi/0t8XzwBDsWZn3RRq1e+IOBy
jZOdEzPlDlCACcqRD+WbT3kIE6t7x65VwlKSkL+MvWNfA9lycdybiwC3aiUeveIu
mRg=
-----END CERTIFICATE-----
Generated at Wed Jun 11 01:13:33 2025 by rpki-client