Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Z5_Q39bjv8w9aRCgb5vqfRtbBI8.roa
File:                     Z5_Q39bjv8w9aRCgb5vqfRtbBI8.roa (raw, json)
Hash identifier:          upkaOpr6Z6vRa/i0K+STDxki7fnAbloGrl0NZll0s7I=
Subject key identifier:   67:9F:D0:DF:D6:E3:BF:CC:3D:69:10:A0:6F:9B:EA:7D:1B:5B:04:8F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018679715A7A5AEF7A1C0A204AAD5872A9BB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Z5_Q39bjv8w9aRCgb5vqfRtbBI8.roa
Signing time:             Wed 22 Feb 2023 14:05:17 +0000
ROA not before:           Wed 22 Feb 2023 14:05:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:7970:bfd6/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:79:71:5a:7a:5a:ef:7a:1c:0a:20:4a:ad:58:72:a9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 22 14:05:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=679fd0dfd6e3bfcc3d6910a06f9bea7d1b5b048f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2d:b3:cc:ef:72:7c:a0:ff:ee:f6:04:99:73:
                    2b:b9:4a:de:61:39:0e:1d:1f:64:ad:0c:6b:5d:ba:
                    76:a6:60:6d:fe:63:f7:7c:0c:6a:3e:f3:24:ee:0b:
                    0f:13:6f:db:b5:a9:35:40:35:4a:11:a0:45:a5:c6:
                    95:d3:85:92:39:d4:c0:96:f9:78:77:b5:5a:10:3f:
                    82:7d:ae:84:80:db:98:2e:a2:34:0b:51:98:29:4e:
                    04:15:e7:52:dc:8e:9b:76:3f:38:be:fb:97:cd:d7:
                    de:f1:3c:cb:5d:31:54:20:0f:8e:db:d4:19:e8:91:
                    26:c4:bb:03:56:51:39:32:2b:fc:f6:64:ad:9c:eb:
                    ab:dd:2c:6e:ed:9a:f8:ed:05:82:2c:bb:53:d8:c7:
                    3a:68:cb:38:b9:5c:cd:8e:30:bc:4d:0f:69:ad:86:
                    7d:88:5d:b7:55:53:c3:fb:ff:2f:9e:aa:05:cc:35:
                    48:84:fa:dc:ae:26:ee:39:bf:79:f0:72:95:07:6b:
                    ac:fe:df:fe:c7:ed:d5:08:85:7d:58:90:68:d6:12:
                    6f:79:74:5e:9d:6d:1e:e0:8a:21:a2:cd:fd:10:a8:
                    43:60:e5:64:37:58:a0:fa:21:69:c5:0b:c3:cd:54:
                    d6:32:dd:c4:64:f1:3a:03:12:0c:27:9b:08:d9:d5:
                    52:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:9F:D0:DF:D6:E3:BF:CC:3D:69:10:A0:6F:9B:EA:7D:1B:5B:04:8F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Z5_Q39bjv8w9aRCgb5vqfRtbBI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:48:ee:36:03:ab:f2:f7:58:5c:bf:10:03:9b:21:38:a3:e1:
         85:6b:8c:2c:2f:f5:a5:77:5d:ae:ab:e8:f0:0d:e1:a8:39:f4:
         aa:04:ca:4a:27:14:a8:53:39:a0:04:fd:89:19:74:ce:35:20:
         2b:21:d0:ec:9f:d5:07:ad:1d:27:b7:4e:22:8c:0a:18:11:42:
         89:1d:30:de:49:f6:6e:4c:23:18:ad:3e:3a:98:0b:36:7a:0e:
         d5:ce:7a:a4:ae:cb:65:01:8d:3f:88:9d:ab:43:f7:4e:b7:1e:
         2d:6e:3a:45:e1:9f:8d:21:23:eb:52:be:d5:61:ba:79:8c:12:
         cd:5a:50:16:9e:ac:e1:0e:59:20:1f:b4:85:01:08:8f:22:e5:
         7b:41:37:ea:33:3c:b0:84:02:0d:31:72:5e:6c:52:56:af:94:
         8e:9e:90:d2:02:2e:9d:ab:b8:1b:bb:27:38:67:68:49:8d:a9:
         fa:cd:49:ed:b4:f6:18:24:d2:86:da:09:15:5b:2d:8f:d2:5b:
         79:6f:84:2b:4f:28:42:11:01:a7:bb:f8:8d:ad:d6:ba:a0:d8:
         9b:d5:ca:fe:6a:72:b9:a3:ae:ec:ac:ad:08:64:ea:c5:2d:89:
         9a:77:f6:db:1a:6f:c6:0a:b0:15:56:7d:e1:28:e9:58:e2:c3:
         fe:1c:06:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZ5cVp6Wu96HAogSq1Ycqm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjIyMTQwNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzlmZDBkZmQ2ZTNiZmNjM2Q2OTEwYTA2ZjliZWE3ZDFiNWIwNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy2zzO9yfKD/7vYEmXMruUreYTkO
HR9krQxrXbp2pmBt/mP3fAxqPvMk7gsPE2/btak1QDVKEaBFpcaV04WSOdTAlvl4
d7VaED+Cfa6EgNuYLqI0C1GYKU4EFedS3I6bdj84vvuXzdfe8TzLXTFUIA+O29QZ
6JEmxLsDVlE5Miv89mStnOur3Sxu7Zr47QWCLLtT2Mc6aMs4uVzNjjC8TQ9prYZ9
iF23VVPD+/8vnqoFzDVIhPrcribuOb958HKVB2us/t/+x+3VCIV9WJBo1hJveXRe
nW0e4Iohos39EKhDYOVkN1ig+iFpxQvDzVTWMt3EZPE6AxIMJ5sI2dVS5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGef0N/W47/MPWkQoG+b6n0bWwSPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWjVfUTM5Ymp2OHc5YVJDZ2I1dnFmUnRiQkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJtI7jYDq/L3WFy/EAOb
ITij4YVrjCwv9aV3Xa6r6PAN4ag59KoEykonFKhTOaAE/YkZdM41ICsh0Oyf1Qet
HSe3TiKMChgRQokdMN5J9m5MIxitPjqYCzZ6DtXOeqSuy2UBjT+InatD9063Hi1u
OkXhn40hI+tSvtVhunmMEs1aUBaerOEOWSAftIUBCI8i5XtBN+ozPLCEAg0xcl5s
UlavlI6ekNICLp2ruBu7JzhnaEmNqfrNSe209hgk0obaCRVbLY/SW3lvhCtPKEIR
Aae7+I2t1rqg2JvVyv5qcrmjruysrQhk6sUtiZp39tsab8YKsBVWfeEo6Vjiw/4c
Brc=
-----END CERTIFICATE-----
Generated at Tue Jun 10 13:14:07 2025 by rpki-client