Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dLzt56mR4CHTeStnckeBXlZVUGs.roa
File:                     dLzt56mR4CHTeStnckeBXlZVUGs.roa (raw, json)
Hash identifier:          Ryc3sM8g+wze6XiAnZ6CU8qZuaysNsC7rRf6IVeQy9Q=
Subject key identifier:   74:BC:ED:E7:A9:91:E0:21:D3:79:2B:67:72:47:81:5E:56:55:50:6B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0185DBBE91E8BC63AC827B0DB266EAB4C6E9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dLzt56mR4CHTeStnckeBXlZVUGs.roa
Signing time:             Sun 22 Jan 2023 23:09:37 +0000
ROA not before:           Sun 22 Jan 2023 23:09:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:db:be:91:e8:bc:63:ac:82:7b:0d:b2:66:ea:b4:c6:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jan 22 23:09:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=74bcede7a991e021d3792b677247815e5655506b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:06:ae:4c:fe:b0:82:97:98:94:9c:49:9c:25:
                    e9:2c:5c:21:d7:cc:e5:de:e9:d6:d1:22:28:67:5b:
                    03:fb:ed:a4:9b:dd:b0:55:fd:78:ce:6a:e8:4e:cb:
                    e2:97:d5:ec:ac:28:27:53:19:b4:e4:95:84:a5:30:
                    17:96:79:e1:04:88:1c:d7:03:55:0c:66:54:b5:a0:
                    fa:a3:37:02:46:5a:63:ba:59:20:3b:2e:04:58:85:
                    be:27:82:62:f1:93:7d:df:60:9d:62:b3:2c:81:91:
                    8d:72:04:a1:bc:5b:88:63:cf:d8:f1:1b:8e:d3:82:
                    7a:46:54:fa:43:37:24:48:d0:7b:81:02:40:57:79:
                    fc:dd:95:d2:bd:60:74:a3:28:62:20:cc:1a:d3:71:
                    bc:8c:c3:52:e0:81:4e:0f:25:07:b5:0b:ce:f9:37:
                    09:93:ed:ac:52:7a:b8:c6:a2:e6:6d:26:82:05:95:
                    0e:c9:d4:5b:1e:44:da:17:fa:db:5f:76:16:10:b1:
                    af:86:09:d2:cf:8e:e3:f2:ab:f2:9d:74:d6:7b:c7:
                    58:a0:79:07:9d:44:bb:dc:99:5a:c5:b0:4d:63:ff:
                    41:e3:c6:d7:ef:15:33:c7:9a:d0:e9:c1:16:16:39:
                    1f:df:b3:ff:36:2f:36:20:30:be:fd:4a:1b:f0:4f:
                    19:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:BC:ED:E7:A9:91:E0:21:D3:79:2B:67:72:47:81:5E:56:55:50:6B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dLzt56mR4CHTeStnckeBXlZVUGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:13:ac:29:a5:9d:3a:e8:4d:2a:77:cf:d1:06:3c:e2:5b:d5:
         0e:25:78:4e:fe:8e:be:88:4e:08:1e:a9:e0:6c:f0:8d:7c:c2:
         07:49:7e:95:b4:47:1a:87:06:c5:d9:86:b8:c8:3f:09:12:34:
         13:a2:6b:dc:22:af:d9:df:66:9a:bb:3f:c4:a6:f1:c6:59:55:
         64:1a:fb:c8:01:ec:f7:3d:a9:ca:3c:6f:d6:3e:c6:cc:52:44:
         e3:b4:ee:9e:15:ed:00:7b:aa:57:b1:6f:2a:86:73:7f:8f:1e:
         94:73:fe:89:dd:4d:5c:38:c7:82:ff:69:30:77:53:08:05:90:
         79:f9:7e:0b:ad:0a:d5:1f:ba:a0:f2:85:8d:2f:62:2d:10:c1:
         91:80:66:a7:2e:0e:63:48:1e:e4:a7:8c:8a:89:a1:84:fb:10:
         85:f7:34:93:c9:dd:89:85:f2:80:cd:56:97:ba:16:61:11:28:
         39:5f:bd:78:9d:58:3a:e0:2d:8d:b7:da:c5:a0:76:24:1a:d8:
         bb:90:a9:45:71:6a:98:2c:c0:30:ba:a1:9e:b8:b2:6f:51:16:
         a9:58:de:9a:39:53:89:eb:15:de:c2:53:55:a3:7b:b9:20:25:
         20:b7:de:7b:3e:58:87:bb:cb:3b:b3:16:8d:89:19:43:3f:33:
         82:66:40:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYXbvpHovGOsgnsNsmbqtMbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTIyMjMwOTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGJjZWRlN2E5OTFlMDIxZDM3OTJiNjc3MjQ3ODE1ZTU2NTU1MDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswauTP6wgpeYlJxJnCXpLFwh18zl
3unW0SIoZ1sD++2km92wVf14zmroTsvil9XsrCgnUxm05JWEpTAXlnnhBIgc1wNV
DGZUtaD6ozcCRlpjulkgOy4EWIW+J4Ji8ZN932CdYrMsgZGNcgShvFuIY8/Y8RuO
04J6RlT6QzckSNB7gQJAV3n83ZXSvWB0oyhiIMwa03G8jMNS4IFODyUHtQvO+TcJ
k+2sUnq4xqLmbSaCBZUOydRbHkTaF/rbX3YWELGvhgnSz47j8qvynXTWe8dYoHkH
nUS73JlaxbBNY/9B48bX7xUzx5rQ6cEWFjkf37P/Ni82IDC+/Uob8E8ZTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHS87eepkeAh03krZ3JHgV5WVVBrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZEx6dDU2bVI0Q0hUZVN0bmNrZUJYbFpWVUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFATrCmlnTroTSp3z9EG
POJb1Q4leE7+jr6ITggeqeBs8I18wgdJfpW0RxqHBsXZhrjIPwkSNBOia9wir9nf
Zpq7P8Sm8cZZVWQa+8gB7Pc9qco8b9Y+xsxSROO07p4V7QB7qlexbyqGc3+PHpRz
/ondTVw4x4L/aTB3UwgFkHn5fgutCtUfuqDyhY0vYi0QwZGAZqcuDmNIHuSnjIqJ
oYT7EIX3NJPJ3YmF8oDNVpe6FmERKDlfvXidWDrgLY232sWgdiQa2LuQqUVxapgs
wDC6oZ64sm9RFqlY3po5U4nrFd7CU1Wje7kgJSC33ns+WIe7yzuzFo2JGUM/M4Jm
QJM=
-----END CERTIFICATE-----
Generated at Tue Jun 10 05:54:03 2025 by rpki-client