Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cui08h5DG1VfHQwsGdus_yqID6Y.roa
File:                     cui08h5DG1VfHQwsGdus_yqID6Y.roa (raw, json)
Hash identifier:          moXvn1HjMFa+7Kn2F2WyD2awARVscgIHoBizdlk/uNY=
Subject key identifier:   72:E8:B4:F2:1E:43:1B:55:5F:1D:0C:2C:19:DB:AC:FF:2A:88:0F:A6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0184E0B1550D7484E565CB128E5DFF0D906F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cui08h5DG1VfHQwsGdus_yqID6Y.roa
Signing time:             Mon 05 Dec 2022 05:10:28 +0000
ROA not before:           Mon 05 Dec 2022 05:10:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e0:b1:55:0d:74:84:e5:65:cb:12:8e:5d:ff:0d:90:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec  5 05:10:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=72e8b4f21e431b555f1d0c2c19dbacff2a880fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f3:ab:40:39:43:9a:7b:7b:f9:70:45:6e:2c:
                    9b:08:2b:8a:d3:eb:4a:ac:ac:3c:e8:a8:6a:9d:5d:
                    65:54:a5:89:04:8d:54:46:c4:ef:43:cb:61:4d:15:
                    9b:6b:1d:cf:b9:10:01:7a:3b:ce:fc:ac:76:e8:a2:
                    3a:09:6c:98:13:b5:35:d8:a2:47:63:66:e8:60:9f:
                    c4:a0:7e:a7:91:43:4e:6a:cf:5c:49:e9:79:12:26:
                    ea:34:93:87:5b:18:d4:2c:16:28:b5:1b:58:a4:94:
                    f9:f6:45:79:ed:8b:08:12:a3:47:de:88:e0:cd:a5:
                    7d:53:a2:1a:68:c2:1b:6a:d9:02:2f:8f:e6:a4:34:
                    6f:24:7e:7b:51:1a:d7:07:20:0f:f6:fd:a8:2b:b1:
                    ce:71:8a:b6:56:11:36:94:5a:35:d1:a4:99:3d:22:
                    51:d3:8e:92:b2:97:4d:4b:e9:28:dd:53:32:e9:74:
                    d5:79:38:cd:4d:77:4f:73:14:ec:ec:7b:73:2f:8c:
                    5c:bb:ba:e6:f2:60:6a:a7:c3:90:a3:ce:b9:17:4a:
                    41:25:bc:22:8e:51:eb:1c:39:3c:35:4a:7d:d7:26:
                    35:8d:00:04:d0:33:69:8c:1c:61:33:2c:4c:89:12:
                    76:84:c6:b7:99:a9:31:f8:d0:00:0c:e9:aa:91:b2:
                    ec:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E8:B4:F2:1E:43:1B:55:5F:1D:0C:2C:19:DB:AC:FF:2A:88:0F:A6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cui08h5DG1VfHQwsGdus_yqID6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:e7:59:9f:dc:25:a2:fb:57:22:d5:a5:85:d8:84:08:d4:cb:
         46:15:b3:d4:35:b7:7c:e8:56:46:0d:9c:15:e1:c6:45:68:58:
         44:92:19:44:c8:55:98:1e:a9:6f:42:e3:03:d6:6b:ef:7b:99:
         f7:16:c4:45:d3:54:b6:95:56:8c:a3:77:f7:a7:7b:df:6d:e5:
         60:f0:3a:94:3d:9e:dd:24:5b:43:be:44:62:df:39:d9:5c:40:
         c2:32:3b:7b:03:7b:ac:0f:91:1d:00:cd:5f:0e:b3:b0:13:73:
         4e:a4:af:fa:68:1d:a7:03:31:01:c9:6c:f3:fe:3f:3f:fb:09:
         66:ba:8e:2c:2d:30:4c:37:56:93:01:11:42:7f:32:a0:6d:76:
         76:36:8d:14:c7:7a:ff:04:ca:77:30:3f:44:38:88:5a:9c:58:
         45:19:42:3c:4a:5f:ef:9b:29:fa:48:9e:9e:43:68:a9:e9:18:
         22:98:4b:a7:9e:a1:42:2e:59:de:23:ba:c1:ae:e5:45:c3:a3:
         99:13:59:37:ef:1f:08:78:a4:73:17:6a:31:76:f1:a5:4f:b2:
         bf:f9:af:5e:70:a6:a9:c0:81:ff:f0:68:8d:9b:c4:d0:5f:73:
         df:f6:48:5f:b7:19:8e:89:bc:e4:74:33:2f:bc:db:90:7c:e8:
         72:30:d8:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYTgsVUNdITlZcsSjl3/DZBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjA1MDUxMDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU4YjRmMjFlNDMxYjU1NWYxZDBjMmMxOWRiYWNmZjJhODgwZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfOrQDlDmnt7+XBFbiybCCuK0+tK
rKw86KhqnV1lVKWJBI1URsTvQ8thTRWbax3PuRABejvO/Kx26KI6CWyYE7U12KJH
Y2boYJ/EoH6nkUNOas9cSel5EibqNJOHWxjULBYotRtYpJT59kV57YsIEqNH3ojg
zaV9U6IaaMIbatkCL4/mpDRvJH57URrXByAP9v2oK7HOcYq2VhE2lFo10aSZPSJR
046SspdNS+ko3VMy6XTVeTjNTXdPcxTs7HtzL4xcu7rm8mBqp8OQo865F0pBJbwi
jlHrHDk8NUp91yY1jQAE0DNpjBxhMyxMiRJ2hMa3makx+NAADOmqkbLs+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHLotPIeQxtVXx0MLBnbrP8qiA+mMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY3VpMDhoNURHMVZmSFF3c0dkdXNfeXFJRDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKvnWZ/cJaL7VyLVpYXY
hAjUy0YVs9Q1t3zoVkYNnBXhxkVoWESSGUTIVZgeqW9C4wPWa+97mfcWxEXTVLaV
Voyjd/ene99t5WDwOpQ9nt0kW0O+RGLfOdlcQMIyO3sDe6wPkR0AzV8Os7ATc06k
r/poHacDMQHJbPP+Pz/7CWa6jiwtMEw3VpMBEUJ/MqBtdnY2jRTHev8EyncwP0Q4
iFqcWEUZQjxKX++bKfpInp5DaKnpGCKYS6eeoUIuWd4jusGu5UXDo5kTWTfvHwh4
pHMXajF28aVPsr/5r15wpqnAgf/waI2bxNBfc9/2SF+3GY6JvOR0My+825B86HIw
2Pg=
-----END CERTIFICATE-----
Generated at Tue Jun 10 18:05:34 2025 by rpki-client