Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bKYkpr6T0gmP-lYfWkboFKFk2MY.roa
File:                     bKYkpr6T0gmP-lYfWkboFKFk2MY.roa (raw, json)
Hash identifier:          LX32IJ9mnUrf7m8rJPpD5dW0Q0eFznVe6DNSueZ4EiA=
Subject key identifier:   6C:A6:24:A6:BE:93:D2:09:8F:FA:56:1F:5A:46:E8:14:A1:64:D8:C6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0183FCD04988115166EAC5ACDEF9C7489C12
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bKYkpr6T0gmP-lYfWkboFKFk2MY.roa
Signing time:             Fri 21 Oct 2022 23:10:52 +0000
ROA not before:           Fri 21 Oct 2022 23:10:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:fc:d0:49:88:11:51:66:ea:c5:ac:de:f9:c7:48:9c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Oct 21 23:10:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6ca624a6be93d2098ffa561f5a46e814a164d8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0c:de:9a:36:00:29:07:95:a4:48:fa:10:a2:
                    d6:85:bb:20:0a:e9:a2:75:8f:44:fc:ee:1f:11:51:
                    87:5b:d6:ac:3b:04:81:ad:08:cf:66:22:0e:cd:e3:
                    b4:0d:5e:dc:09:72:5a:8a:f1:8b:c9:e2:ac:b6:4a:
                    51:1e:00:c4:c7:be:d8:7c:db:9e:c3:da:8c:d6:9e:
                    df:5b:ee:4f:27:b7:07:ae:0d:11:bc:3f:86:13:b2:
                    ec:1d:ed:b9:c2:fa:07:a6:e5:f3:58:c0:d9:ae:20:
                    e2:be:06:f8:48:bf:74:79:97:10:d9:82:a8:8a:81:
                    ec:23:6a:e4:a3:fc:ee:ee:8a:2d:f6:76:3d:12:c8:
                    e3:26:5e:72:d7:3b:9d:cd:49:05:85:c2:01:92:d5:
                    d5:a4:b2:ee:5e:db:8f:60:54:e4:ba:a1:10:42:97:
                    e5:11:d0:2d:83:41:9c:7c:cb:9e:8c:36:6a:3d:5e:
                    dd:a8:b4:41:12:7b:3e:9c:4b:52:e6:b8:93:e4:d5:
                    cc:ca:f4:cf:84:28:ae:e6:5d:60:11:63:2e:f3:37:
                    96:54:20:2c:92:75:03:8f:f2:68:de:41:2c:56:5a:
                    f2:b5:84:e2:4f:37:dd:79:01:0f:4d:0b:4a:39:6a:
                    22:b9:13:70:4b:1f:fb:34:17:68:62:f9:8a:45:f4:
                    c2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A6:24:A6:BE:93:D2:09:8F:FA:56:1F:5A:46:E8:14:A1:64:D8:C6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bKYkpr6T0gmP-lYfWkboFKFk2MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:5d:72:4b:ea:83:72:23:ac:35:3b:e7:b8:a0:c8:86:f2:59:
         2b:f6:44:a6:64:dd:51:a3:14:63:63:84:b4:18:90:99:2f:c8:
         14:f8:b9:45:42:49:fe:79:86:6b:16:4b:2a:8d:96:d1:20:c1:
         43:ce:2a:46:70:46:87:a7:e2:2a:15:bb:1a:65:36:93:cc:5f:
         d1:7a:d4:aa:bc:66:9b:6b:6d:33:f0:f6:6d:18:4d:66:e3:43:
         65:28:e7:a7:9d:b7:24:bd:54:df:6d:8c:60:6e:07:42:c6:d5:
         56:69:40:52:90:d7:eb:34:14:76:36:2f:e8:c8:9d:d7:97:98:
         57:8e:1f:33:fb:01:db:0f:98:2e:39:ed:b2:fe:61:a1:b3:a9:
         13:31:02:b5:29:bc:da:8a:06:dd:99:3a:f1:02:ce:58:ba:87:
         dd:1a:f3:2a:b0:46:27:9f:86:b6:c0:48:83:de:0c:4c:59:f8:
         00:17:18:99:5d:ad:83:ff:89:11:70:3a:2d:2f:a7:75:14:f5:
         89:e5:94:b3:ba:22:9a:28:b4:30:2f:81:8f:25:2a:f2:53:54:
         41:52:f2:7e:9c:ab:7a:73:80:f0:2a:ae:42:e8:95:ba:a3:87:
         c7:16:6b:d1:30:a3:74:47:51:b2:dd:00:4c:bb:d8:dd:c1:19:
         73:be:5b:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYP80EmIEVFm6sWs3vnHSJwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMDIxMjMxMDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2E2MjRhNmJlOTNkMjA5OGZmYTU2MWY1YTQ2ZTgxNGExNjRkOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQzemjYAKQeVpEj6EKLWhbsgCumi
dY9E/O4fEVGHW9asOwSBrQjPZiIOzeO0DV7cCXJaivGLyeKstkpRHgDEx77YfNue
w9qM1p7fW+5PJ7cHrg0RvD+GE7LsHe25wvoHpuXzWMDZriDivgb4SL90eZcQ2YKo
ioHsI2rko/zu7oot9nY9EsjjJl5y1zudzUkFhcIBktXVpLLuXtuPYFTkuqEQQpfl
EdAtg0GcfMuejDZqPV7dqLRBEns+nEtS5riT5NXMyvTPhCiu5l1gEWMu8zeWVCAs
knUDj/Jo3kEsVlrytYTiTzfdeQEPTQtKOWoiuRNwSx/7NBdoYvmKRfTCmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGymJKa+k9IJj/pWH1pG6BShZNjGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYktZa3ByNlQwZ21QLWxZZldrYm9GS0ZrMk1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGldckvqg3IjrDU757ig
yIbyWSv2RKZk3VGjFGNjhLQYkJkvyBT4uUVCSf55hmsWSyqNltEgwUPOKkZwRoen
4ioVuxplNpPMX9F61Kq8ZptrbTPw9m0YTWbjQ2Uo56edtyS9VN9tjGBuB0LG1VZp
QFKQ1+s0FHY2L+jIndeXmFeOHzP7AdsPmC457bL+YaGzqRMxArUpvNqKBt2ZOvEC
zli6h90a8yqwRiefhrbASIPeDExZ+AAXGJldrYP/iRFwOi0vp3UU9YnllLO6Ipoo
tDAvgY8lKvJTVEFS8n6cq3pzgPAqrkLolbqjh8cWa9Ewo3RHUbLdAEy72N3BGXO+
Wyg=
-----END CERTIFICATE-----
Generated at Tue Jun 10 13:05:11 2025 by rpki-client