Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aKONkYahwDe4XNI-weA09fu3TSg.roa
File:                     aKONkYahwDe4XNI-weA09fu3TSg.roa (raw, json)
Hash identifier:          oI/swASerDWrPC7/gzwu+k8zsV+XSDQvvLmpAzniOxI=
Subject key identifier:   68:A3:8D:91:86:A1:C0:37:B8:5C:D2:3E:C1:E0:34:F5:FB:B7:4D:28
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01868BBA68CA80470BAAFCF53BC8B3EDD5F5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aKONkYahwDe4XNI-weA09fu3TSg.roa
Signing time:             Sun 26 Feb 2023 03:18:14 +0000
ROA not before:           Sun 26 Feb 2023 03:18:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:8b:ba:68:ca:80:47:0b:aa:fc:f5:3b:c8:b3:ed:d5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 26 03:18:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68a38d9186a1c037b85cd23ec1e034f5fbb74d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e2:a1:8d:9b:f6:e7:a0:a1:cb:f8:02:e1:ec:
                    08:4f:e7:ba:55:cf:3a:8f:d3:c5:27:24:04:9a:3f:
                    79:72:c5:13:e7:6b:67:d2:54:d8:cc:0a:38:9e:fd:
                    0e:4d:ea:21:17:97:c6:b2:e3:b4:1a:55:e7:f6:0c:
                    09:c2:6a:9d:73:f3:5e:7e:ef:a8:b1:a2:49:65:2e:
                    cd:85:14:90:84:2c:a5:18:71:de:d2:dd:1a:d7:2b:
                    b8:62:5e:3e:f7:0e:11:9c:61:cb:23:ae:9e:d7:46:
                    4a:a7:be:a4:30:83:7e:d8:cb:fc:fb:6e:8b:1a:8e:
                    21:a4:c5:75:27:ba:5c:e2:47:83:87:d1:fa:08:ae:
                    94:39:fc:a9:4c:f8:31:6f:cf:64:24:8d:40:87:be:
                    77:31:aa:72:7c:13:bb:76:00:97:bf:46:fc:a8:39:
                    bf:1f:38:20:eb:6f:32:37:37:91:c8:ff:64:af:a2:
                    8a:71:56:fe:b4:ae:26:4b:19:37:ff:07:9d:7f:b3:
                    83:72:cc:d3:71:1b:a5:d2:79:2a:3e:2e:c3:e3:29:
                    8c:5f:ec:3c:03:55:7c:73:06:11:3c:7e:fa:cc:9a:
                    a0:ca:bf:87:97:ed:3e:7b:b3:35:a5:a4:00:83:bd:
                    31:28:df:1e:24:b9:83:01:b1:ab:af:da:c9:a7:7c:
                    14:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A3:8D:91:86:A1:C0:37:B8:5C:D2:3E:C1:E0:34:F5:FB:B7:4D:28
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aKONkYahwDe4XNI-weA09fu3TSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:16:ec:ca:f1:ef:4f:34:ee:59:ba:ff:9a:40:08:b3:f2:d0:
         42:dc:1f:ac:8b:34:17:15:3e:c0:fa:62:d8:4f:a5:5e:f8:7e:
         93:48:35:18:e8:b5:af:54:8f:e8:9f:21:6e:57:37:6b:7f:eb:
         e4:cd:1a:60:dc:98:35:d9:03:48:59:07:12:4a:50:f3:03:b5:
         9c:b4:da:de:ab:82:d1:64:22:9e:f2:ae:d2:70:af:51:d3:07:
         4e:14:c1:a3:ad:7c:de:57:35:ac:6f:2c:b3:8a:c2:69:2d:19:
         ae:fe:62:47:46:fc:0a:03:73:01:c1:69:01:02:57:3e:35:77:
         c8:41:78:f8:5b:6b:a8:0e:34:11:61:e3:64:34:7c:5b:f8:96:
         df:81:13:85:61:4e:17:44:8e:06:62:45:55:94:c1:81:49:ab:
         75:66:98:58:34:09:e1:0c:39:ca:aa:ed:78:c0:42:07:b6:f7:
         31:3f:a7:b0:0d:80:38:01:4a:10:47:53:ad:cd:aa:ba:f7:a4:
         f8:34:f7:42:74:c8:a7:ee:2a:7f:11:f6:34:f8:8a:da:81:a3:
         52:1e:36:26:7a:17:cf:d3:cf:6a:b5:b2:98:ab:f7:e1:dd:45:
         12:31:d3:a0:8d:2a:33:be:16:17:f8:d0:45:9c:e9:77:2d:07:
         19:34:34:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaLumjKgEcLqvz1O8iz7dX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjI2MDMxODE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGEzOGQ5MTg2YTFjMDM3Yjg1Y2QyM2VjMWUwMzRmNWZiYjc0ZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOKhjZv256Chy/gC4ewIT+e6Vc86
j9PFJyQEmj95csUT52tn0lTYzAo4nv0OTeohF5fGsuO0GlXn9gwJwmqdc/Nefu+o
saJJZS7NhRSQhCylGHHe0t0a1yu4Yl4+9w4RnGHLI66e10ZKp76kMIN+2Mv8+26L
Go4hpMV1J7pc4keDh9H6CK6UOfypTPgxb89kJI1Ah753MapyfBO7dgCXv0b8qDm/
Hzgg628yNzeRyP9kr6KKcVb+tK4mSxk3/wedf7ODcszTcRul0nkqPi7D4ymMX+w8
A1V8cwYRPH76zJqgyr+Hl+0+e7M1paQAg70xKN8eJLmDAbGrr9rJp3wULQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGijjZGGocA3uFzSPsHgNPX7t00oMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYUtPTmtZYWh3RGU0WE5JLXdlQTA5ZnUzVFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJMW7Mrx70807lm6/5pA
CLPy0ELcH6yLNBcVPsD6YthPpV74fpNINRjota9Uj+ifIW5XN2t/6+TNGmDcmDXZ
A0hZBxJKUPMDtZy02t6rgtFkIp7yrtJwr1HTB04UwaOtfN5XNaxvLLOKwmktGa7+
YkdG/AoDcwHBaQECVz41d8hBePhba6gONBFh42Q0fFv4lt+BE4VhThdEjgZiRVWU
wYFJq3VmmFg0CeEMOcqq7XjAQge29zE/p7ANgDgBShBHU63Nqrr3pPg090J0yKfu
Kn8R9jT4itqBo1IeNiZ6F8/Tz2q1spir9+HdRRIx06CNKjO+Fhf40EWc6XctBxk0
NKM=
-----END CERTIFICATE-----
Generated at Tue Jun 10 20:57:16 2025 by rpki-client