Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZrpuYHxxUhEWJhvDZwmXMK7yvCw.roa
File:                     ZrpuYHxxUhEWJhvDZwmXMK7yvCw.roa (raw, json)
Hash identifier:          mypYQU+urebNm/H1AGekjrzQnMzxFasgJyF3WSWbCb0=
Subject key identifier:   66:BA:6E:60:7C:71:52:11:16:26:1B:C3:67:09:97:30:AE:F2:BC:2C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0185247FD469E34060F1A0FDE9FFA724C3BE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZrpuYHxxUhEWJhvDZwmXMK7yvCw.roa
Signing time:             Sun 18 Dec 2022 09:10:35 +0000
ROA not before:           Sun 18 Dec 2022 09:10:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:24:7f:d4:69:e3:40:60:f1:a0:fd:e9:ff:a7:24:c3:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec 18 09:10:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=66ba6e607c71521116261bc367099730aef2bc2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c6:0a:07:4c:c3:b0:36:89:b5:24:6f:4a:0b:
                    53:fb:d6:21:0e:99:4b:05:d5:4c:12:92:a8:49:a6:
                    a9:73:8a:97:18:c9:76:5c:fb:28:6e:64:e6:1d:4d:
                    fa:73:3d:ef:36:a3:fb:58:fc:8c:c5:26:f9:d2:e8:
                    fa:6b:f8:69:18:e4:0a:6c:f4:fa:24:a7:38:93:62:
                    68:64:b0:bb:0f:c9:db:d8:6d:01:74:49:a3:dc:57:
                    9f:60:45:48:08:3d:1c:e7:3e:aa:6d:bd:65:e6:2c:
                    09:e1:e7:38:70:fa:f5:13:b5:36:2b:c6:26:5f:98:
                    0d:82:0c:4f:e9:58:65:de:f9:dc:fa:5e:f5:4b:a9:
                    cb:bc:02:6b:87:f7:4a:41:08:57:1a:46:71:fa:bb:
                    b7:49:bc:88:f4:3e:1c:a3:26:95:55:f0:cf:fc:09:
                    84:94:56:e5:98:44:a2:6e:4e:2f:ce:b1:41:48:6a:
                    57:94:4f:4c:14:5a:1b:68:88:73:39:c6:29:49:b0:
                    f0:fa:62:4f:d2:42:20:48:f5:55:10:ae:8c:c5:ff:
                    c0:92:78:30:5e:04:9f:27:51:ee:95:0a:1c:10:b0:
                    ca:21:25:ab:97:ad:e9:30:99:57:5c:c3:4c:5a:17:
                    86:a8:0e:1d:d5:0b:03:d6:bc:7f:2d:2c:74:78:51:
                    e9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BA:6E:60:7C:71:52:11:16:26:1B:C3:67:09:97:30:AE:F2:BC:2C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZrpuYHxxUhEWJhvDZwmXMK7yvCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:c6:f7:5a:0e:c7:7b:3b:56:e8:74:b5:6a:88:d0:77:ee:23:
         b8:88:6a:95:33:c8:6c:f4:2f:69:49:71:74:e3:9b:b6:af:2b:
         29:ad:71:75:18:e5:17:22:25:24:f0:14:6e:5f:9f:c0:18:bd:
         cc:30:4e:af:50:0e:17:13:6d:5c:12:20:7c:56:27:f4:ed:4c:
         c5:cd:9b:46:b4:d1:22:32:ad:1c:8e:bb:bb:3f:8d:4f:35:f4:
         e7:da:8c:0d:75:49:65:ca:35:d9:50:9d:3e:4e:27:e6:7a:54:
         4d:ea:1c:38:0f:20:0e:47:01:90:47:70:2a:52:31:51:be:31:
         c3:1e:4b:48:90:f3:23:e0:08:5d:20:2f:af:81:e7:fc:7f:c5:
         a9:85:92:f9:99:e5:bb:96:ac:e3:de:52:96:27:3a:cd:2b:33:
         a8:0c:a3:77:36:ca:5c:ee:fa:a2:f4:77:c9:a8:86:fd:b9:bb:
         e3:d8:a9:f9:50:56:5b:9c:c1:60:9f:3b:83:30:49:cb:5c:a4:
         88:71:7c:41:b8:15:07:0d:79:15:c8:5a:af:3e:d2:8e:39:19:
         71:0f:5b:26:62:a4:21:36:7e:da:6d:bd:32:1c:7c:22:92:1c:
         79:58:29:42:26:f0:1f:36:62:6f:64:b6:bf:8a:af:3e:3a:01:
         c5:77:c0:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYUkf9Rp40Bg8aD96f+nJMO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjE4MDkxMDM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJhNmU2MDdjNzE1MjExMTYyNjFiYzM2NzA5OTczMGFlZjJiYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcYKB0zDsDaJtSRvSgtT+9YhDplL
BdVMEpKoSaapc4qXGMl2XPsobmTmHU36cz3vNqP7WPyMxSb50uj6a/hpGOQKbPT6
JKc4k2JoZLC7D8nb2G0BdEmj3FefYEVICD0c5z6qbb1l5iwJ4ec4cPr1E7U2K8Ym
X5gNggxP6Vhl3vnc+l71S6nLvAJrh/dKQQhXGkZx+ru3SbyI9D4coyaVVfDP/AmE
lFblmESibk4vzrFBSGpXlE9MFFobaIhzOcYpSbDw+mJP0kIgSPVVEK6Mxf/Akngw
XgSfJ1HulQocELDKISWrl63pMJlXXMNMWheGqA4d1QsD1rx/LSx0eFHpTQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGa6bmB8cVIRFiYbw2cJlzCu8rwsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWnJwdVlIeHhVaEVXSmh2RFp3bVhNSzd5dkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADvG91oOx3s7Vuh0tWqI
0HfuI7iIapUzyGz0L2lJcXTjm7avKymtcXUY5RciJSTwFG5fn8AYvcwwTq9QDhcT
bVwSIHxWJ/TtTMXNm0a00SIyrRyOu7s/jU819OfajA11SWXKNdlQnT5OJ+Z6VE3q
HDgPIA5HAZBHcCpSMVG+McMeS0iQ8yPgCF0gL6+B5/x/xamFkvmZ5buWrOPeUpYn
Os0rM6gMo3c2ylzu+qL0d8mohv25u+PYqflQVlucwWCfO4MwSctcpIhxfEG4FQcN
eRXIWq8+0o45GXEPWyZipCE2ftptvTIcfCKSHHlYKUIm8B82Ym9ktr+Krz46AcV3
wPY=
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:47:50 2025 by rpki-client