Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dkNxTcgvSGhXVYpB0IPGHc45QZ4.roa
File:                     dkNxTcgvSGhXVYpB0IPGHc45QZ4.roa (raw, json)
Hash identifier:          8WA0JGPLVRDaEfypqevR5w7SY3FfuR4IF3zy4END6UI=
Subject key identifier:   76:43:71:4D:C8:2F:48:68:57:55:8A:41:D0:83:C6:1D:CE:39:41:9E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A6F22C09D797ED54424155876E950EF6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dkNxTcgvSGhXVYpB0IPGHc45QZ4.roa
Signing time:             Sat 22 Apr 2023 03:11:41 +0000
ROA not before:           Sat 22 Apr 2023 03:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a6:f2:2c:09:d7:97:ed:54:42:41:55:87:6e:95:0e:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 03:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7643714dc82f486857558a41d083c61dce39419e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:cb:78:9b:f5:8d:6d:3b:79:17:8a:1b:e7:ed:
                    b2:00:60:50:c6:a8:77:eb:a6:5d:ae:ff:15:19:3f:
                    a8:ee:ed:a8:64:71:25:dd:4a:72:22:91:fc:2f:e5:
                    c4:f5:46:7b:6c:e8:bf:e5:37:8a:17:43:57:b2:ff:
                    3e:36:9f:ed:4a:80:b0:1d:e8:cc:74:b6:74:06:bf:
                    81:08:12:ec:1f:54:12:81:85:a5:86:35:57:ad:89:
                    9b:87:74:10:c1:a4:4e:0d:f8:1a:86:77:77:f4:ff:
                    92:74:c1:ef:96:c8:9f:35:31:69:26:97:6c:3d:3e:
                    d7:7f:b7:91:99:f0:e3:e9:5c:1c:87:94:8d:cc:10:
                    2a:32:25:04:6a:7b:16:73:45:9e:c6:74:75:5b:f2:
                    a2:9b:0c:b0:87:d8:c3:9f:21:f1:d9:9a:ae:34:5c:
                    1e:6f:14:46:bd:5e:a4:ff:02:6f:10:1a:fe:a8:ad:
                    fe:bd:1c:68:f5:39:e2:51:60:40:32:f5:2f:01:2c:
                    8b:e7:7d:30:90:44:96:67:ae:f5:db:46:ed:58:df:
                    23:32:1c:df:78:c5:06:cb:ac:75:67:9a:99:4b:01:
                    db:72:36:31:9e:b4:a1:e1:98:0a:61:f0:06:3e:b2:
                    6c:ff:b0:f2:46:e2:d6:97:12:f8:e4:56:1a:ee:71:
                    e6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:43:71:4D:C8:2F:48:68:57:55:8A:41:D0:83:C6:1D:CE:39:41:9E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dkNxTcgvSGhXVYpB0IPGHc45QZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:bb:8d:f7:04:6c:44:0a:9c:99:c1:0e:1a:73:3c:f9:ff:ea:
         2f:50:a2:e1:96:de:3f:92:e2:7b:83:5c:fc:b6:13:67:b7:b9:
         72:7e:64:f7:81:ea:8f:d4:69:1d:4a:ba:e2:22:64:f5:d6:69:
         d8:fd:eb:99:e2:a9:b5:7c:aa:eb:7d:ff:65:e6:29:ef:31:43:
         a9:f5:77:16:dd:a5:3f:2f:01:f4:8d:39:10:b4:bd:45:ac:15:
         78:df:d5:ca:22:f4:e4:71:41:55:f6:58:d2:57:5a:df:c2:3c:
         74:08:a3:da:b5:3d:86:48:59:2d:5c:b5:ce:d7:dd:84:b3:bf:
         e5:6e:0d:6d:b3:9f:55:70:b3:0e:1d:28:27:bf:ec:39:ac:f9:
         fc:ce:c5:40:c3:81:60:06:10:45:f4:80:ce:38:a3:7d:d4:cd:
         8e:09:78:63:ad:9b:24:d5:fa:4a:8c:7d:ce:38:d8:e2:09:e7:
         fd:a7:82:fa:8a:74:f0:7e:1f:29:9c:ec:47:06:7c:c9:5c:f0:
         84:60:7e:8e:7f:80:95:a4:5d:28:62:44:22:83:d2:d6:70:bc:
         06:d2:fd:16:e8:61:b8:61:ce:80:c2:64:f3:06:3b:bc:96:f7:
         94:f9:37:a6:f3:0b:97:58:14:94:d5:49:3e:1b:65:44:ca:a3:
         a0:1b:ff:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYem8iwJ15ftVEJBVYdulQ72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMDMxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjQzNzE0ZGM4MmY0ODY4NTc1NThhNDFkMDgzYzYxZGNlMzk0MTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/st4m/WNbTt5F4ob5+2yAGBQxqh3
66Zdrv8VGT+o7u2oZHEl3UpyIpH8L+XE9UZ7bOi/5TeKF0NXsv8+Np/tSoCwHejM
dLZ0Br+BCBLsH1QSgYWlhjVXrYmbh3QQwaRODfgahnd39P+SdMHvlsifNTFpJpds
PT7Xf7eRmfDj6Vwch5SNzBAqMiUEansWc0WexnR1W/Kimwywh9jDnyHx2ZquNFwe
bxRGvV6k/wJvEBr+qK3+vRxo9TniUWBAMvUvASyL530wkESWZ67120btWN8jMhzf
eMUGy6x1Z5qZSwHbcjYxnrSh4ZgKYfAGPrJs/7DyRuLWlxL45FYa7nHm5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHZDcU3IL0hoV1WKQdCDxh3OOUGeMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZGtOeFRjZ3ZTR2hYVllwQjBJUEdIYzQ1UVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABa7jfcEbEQKnJnBDhpz
PPn/6i9QouGW3j+S4nuDXPy2E2e3uXJ+ZPeB6o/UaR1KuuIiZPXWadj965niqbV8
qut9/2XmKe8xQ6n1dxbdpT8vAfSNORC0vUWsFXjf1coi9ORxQVX2WNJXWt/CPHQI
o9q1PYZIWS1ctc7X3YSzv+VuDW2zn1Vwsw4dKCe/7Dms+fzOxUDDgWAGEEX0gM44
o33UzY4JeGOtmyTV+kqMfc442OIJ5/2ngvqKdPB+Hymc7EcGfMlc8IRgfo5/gJWk
XShiRCKD0tZwvAbS/RboYbhhzoDCZPMGO7yW95T5N6bzC5dYFJTVST4bZUTKo6Ab
/2E=
-----END CERTIFICATE-----
Generated at Thu Jun 12 08:37:24 2025 by rpki-client