Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aa5mIXtSvgpR8Z5DQS1d3ZDrrRw.roa
File:                     aa5mIXtSvgpR8Z5DQS1d3ZDrrRw.roa (raw, json)
Hash identifier:          vQgArYO+1oQgQt/hSfy2MayuaqPoVScKdRrX0p+mJq8=
Subject key identifier:   69:AE:66:21:7B:52:BE:0A:51:F1:9E:43:41:2D:5D:DD:90:EB:AD:1C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018A23681B0772A8CB75F0BC31E11326021D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aa5mIXtSvgpR8Z5DQS1d3ZDrrRw.roa
Signing time:             Wed 23 Aug 2023 17:18:59 +0000
ROA not before:           Wed 23 Aug 2023 17:18:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18a:178d:7ed9/128 maxlen: 128
                          2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:23:68:1b:07:72:a8:cb:75:f0:bc:31:e1:13:26:02:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug 23 17:18:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69ae66217b52be0a51f19e43412d5ddd90ebad1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e7:ba:f0:db:45:7d:01:d6:e5:e5:c6:e7:f8:
                    b9:12:72:80:c3:0d:01:a0:45:16:5d:d5:ca:59:60:
                    c4:35:d9:a1:cc:49:95:4e:c4:06:6c:50:bb:13:c1:
                    ef:36:d2:7b:e4:23:dd:0c:da:65:80:81:1e:8e:39:
                    78:a7:b7:d2:80:11:d1:68:d1:0f:88:20:38:e4:0b:
                    02:f5:12:0f:e2:aa:7f:23:c1:f3:c6:d5:b7:2d:d0:
                    30:23:d9:98:99:b1:02:dd:42:53:05:83:20:dd:e4:
                    f8:da:55:15:00:eb:87:e4:b6:a5:2d:d4:35:1c:8f:
                    fb:55:1d:b1:8e:2a:16:b3:93:d4:6c:23:5b:ae:b4:
                    e0:66:50:dd:95:52:51:0c:53:51:d4:6c:57:ce:ce:
                    2f:0b:ec:01:24:c9:f9:98:0b:86:e0:62:20:8c:bb:
                    86:5a:23:e2:dd:5d:b0:97:4a:bb:06:ef:53:c5:74:
                    24:cd:d1:ff:41:04:bf:f7:7b:32:1c:42:e1:2f:09:
                    d6:0b:a5:b5:ad:f8:15:ec:e3:29:4f:ea:da:ac:b4:
                    da:98:87:46:c0:8d:80:6a:5f:55:70:f2:b6:32:7a:
                    a7:55:2e:2a:d5:ec:81:94:aa:92:1a:05:42:f4:24:
                    fa:52:1a:2e:5f:7b:f7:bc:9a:9e:9f:1c:73:91:1f:
                    8e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AE:66:21:7B:52:BE:0A:51:F1:9E:43:41:2D:5D:DD:90:EB:AD:1C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aa5mIXtSvgpR8Z5DQS1d3ZDrrRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:95:09:82:e5:f9:a9:af:b8:c1:15:49:1b:b4:12:49:ca:02:
         02:71:d9:fa:69:21:89:5d:c3:05:63:67:99:68:e9:9f:f3:4d:
         5b:76:7d:63:10:e3:fd:ad:dd:b4:88:5e:a6:0a:18:f4:79:35:
         d7:99:ca:59:40:e6:ce:eb:54:57:60:fb:37:f2:ac:11:60:82:
         87:c3:b2:7c:23:44:af:8a:22:01:2e:0d:d7:12:7b:e4:38:f7:
         bf:dc:04:22:9c:05:d3:97:d8:c7:47:db:ff:e1:0a:98:22:29:
         37:3a:53:5d:64:f9:eb:9d:8d:4d:e7:0c:64:ca:50:eb:ad:c7:
         09:80:14:bf:45:8a:b6:6a:47:c1:ec:17:45:d2:9c:31:40:3b:
         ec:28:6c:63:b0:a6:5a:1f:6a:2b:c1:da:a9:8a:6e:b9:6a:65:
         0b:d9:9b:c0:ec:1d:ce:b0:30:16:10:c7:0a:c2:94:2b:01:dc:
         80:22:4d:5d:6d:73:02:ad:f7:b9:ab:f0:af:9d:8c:68:8b:4e:
         17:7d:fc:a9:54:ca:bd:73:79:10:8f:38:fb:a0:5c:80:87:cf:
         45:6e:8c:c3:b8:51:06:bf:d8:23:7c:62:99:66:aa:6f:64:1b:
         35:b2:7f:f9:90:31:a6:ed:e5:4f:b1:21:3d:e4:e8:04:f0:11:
         1f:25:9a:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYojaBsHcqjLdfC8MeETJgIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODIzMTcxODU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWFlNjYyMTdiNTJiZTBhNTFmMTllNDM0MTJkNWRkZDkwZWJhZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOe68NtFfQHW5eXG5/i5EnKAww0B
oEUWXdXKWWDENdmhzEmVTsQGbFC7E8HvNtJ75CPdDNplgIEejjl4p7fSgBHRaNEP
iCA45AsC9RIP4qp/I8HzxtW3LdAwI9mYmbEC3UJTBYMg3eT42lUVAOuH5LalLdQ1
HI/7VR2xjioWs5PUbCNbrrTgZlDdlVJRDFNR1GxXzs4vC+wBJMn5mAuG4GIgjLuG
WiPi3V2wl0q7Bu9TxXQkzdH/QQS/93syHELhLwnWC6W1rfgV7OMpT+rarLTamIdG
wI2Aal9VcPK2MnqnVS4q1eyBlKqSGgVC9CT6UhouX3v3vJqenxxzkR+O2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGmuZiF7Ur4KUfGeQ0EtXd2Q660cMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYWE1bUlYdFN2Z3BSOFo1RFFTMWQzWkRyclJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFyVCYLl+amvuMEVSRu0
EknKAgJx2fppIYldwwVjZ5lo6Z/zTVt2fWMQ4/2t3bSIXqYKGPR5NdeZyllA5s7r
VFdg+zfyrBFggofDsnwjRK+KIgEuDdcSe+Q497/cBCKcBdOX2MdH2//hCpgiKTc6
U11k+eudjU3nDGTKUOutxwmAFL9FirZqR8HsF0XSnDFAO+wobGOwplofaivB2qmK
brlqZQvZm8DsHc6wMBYQxwrClCsB3IAiTV1tcwKt97mr8K+djGiLThd9/KlUyr1z
eRCPOPugXICHz0VujMO4UQa/2CN8Yplmqm9kGzWyf/mQMabt5U+xIT3k6ATwER8l
mtI=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:33:27 2025 by rpki-client