Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iKLDWYMj13xdgWBb-Qw3uzjop1E.roa
File:                     iKLDWYMj13xdgWBb-Qw3uzjop1E.roa (raw, json)
Hash identifier:          BtyOw5UaoPaEdzui2urps6NvhZ4JD8dR91k5RLgmh1E=
Subject key identifier:   88:A2:C3:59:83:23:D7:7C:5D:81:60:5B:F9:0C:37:BB:38:E8:A7:51
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01867B33CCBA19094D1161386BF0D1E44E27
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iKLDWYMj13xdgWBb-Qw3uzjop1E.roa
Signing time:             Wed 22 Feb 2023 22:17:17 +0000
ROA not before:           Wed 22 Feb 2023 22:17:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7b:33:cc:ba:19:09:4d:11:61:38:6b:f0:d1:e4:4e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Feb 22 22:17:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=88a2c3598323d77c5d81605bf90c37bb38e8a751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:28:8c:ac:a4:83:94:1c:9d:a9:17:08:c0:be:
                    16:dd:7b:9a:ea:b7:be:87:22:43:c9:29:b2:e7:99:
                    f7:63:8b:55:0c:e7:18:dc:52:6d:0b:b2:4a:30:59:
                    19:ac:39:72:f5:36:ba:ce:2a:2f:07:9f:48:a5:4e:
                    d8:41:48:b8:8a:b1:71:ca:c6:7c:12:09:ec:6f:69:
                    cb:68:48:e5:b3:27:65:bf:ff:8f:a9:e9:2f:0a:71:
                    d4:18:5a:89:86:06:2a:8e:f2:b0:fc:45:53:75:97:
                    b5:7d:6d:d7:a3:87:11:ff:be:43:a9:23:ad:e9:7e:
                    70:ef:e4:e6:e6:e3:bc:f9:1c:c1:14:fa:62:9f:fe:
                    70:33:67:8d:c8:f5:bf:54:dd:1f:e4:b4:12:8b:fd:
                    b5:a5:de:50:2a:a9:ea:4e:99:73:ed:31:5b:55:a1:
                    2b:c8:04:b7:45:54:bc:1a:56:ba:7b:82:6d:9b:c4:
                    90:31:32:92:c7:10:6f:4e:74:f6:a2:ee:2b:91:90:
                    b8:d7:28:61:79:82:d7:f9:de:58:1e:1f:71:4f:19:
                    40:40:99:6c:83:01:e7:e7:6d:a5:db:6a:32:36:0e:
                    dd:e1:da:96:25:ce:03:64:ea:ae:02:0b:a7:83:a0:
                    da:5c:0c:3f:bc:f3:e7:51:f2:fb:c9:41:c7:10:04:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A2:C3:59:83:23:D7:7C:5D:81:60:5B:F9:0C:37:BB:38:E8:A7:51
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iKLDWYMj13xdgWBb-Qw3uzjop1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:3c:7e:0f:dd:0f:7b:52:e1:e7:14:2c:cb:ff:26:fb:6d:86:
         ae:83:0c:1e:b1:97:f8:c8:1b:0d:6f:31:70:34:e7:cb:a7:58:
         97:02:ed:49:c4:64:80:d7:24:ec:91:86:1d:f9:b4:10:6d:3e:
         67:24:fd:f3:ee:0a:8b:c9:54:e9:87:c9:aa:84:04:c0:48:1a:
         c9:f3:2f:95:27:f4:55:11:ae:9a:f0:77:b0:ec:86:d1:37:80:
         86:7d:3a:9b:25:57:d9:93:7d:ec:fe:fc:16:c3:a7:d7:ce:f0:
         ee:07:c1:9e:7c:9a:4a:ec:d7:7b:7c:76:4d:e3:2c:05:d8:f2:
         e8:86:fc:39:f2:8f:bd:a5:18:45:36:b4:4a:ff:6c:85:b2:6e:
         9e:e3:aa:73:3e:4e:0f:96:21:4a:2d:53:44:81:81:44:40:f4:
         7a:0b:ab:cc:3b:b0:f2:1b:99:31:c4:58:55:ae:80:04:96:01:
         6d:5c:3d:64:19:6a:2e:86:80:fb:8c:0f:a6:6e:80:6e:12:04:
         48:65:cf:20:13:50:db:e3:79:6f:fa:15:61:7d:5c:41:d2:0a:
         9f:75:b5:b1:26:8a:e6:86:47:62:d7:a9:cb:0d:4d:af:74:24:
         31:3a:02:f7:59:e1:34:9e:c3:98:9e:3a:55:f5:26:36:96:0d:
         d9:f5:35:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZ7M8y6GQlNEWE4a/DR5E4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjIyMjIxNzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEyYzM1OTgzMjNkNzdjNWQ4MTYwNWJmOTBjMzdiYjM4ZThhNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyiMrKSDlBydqRcIwL4W3Xua6re+
hyJDySmy55n3Y4tVDOcY3FJtC7JKMFkZrDly9Ta6ziovB59IpU7YQUi4irFxysZ8
Egnsb2nLaEjlsydlv/+PqekvCnHUGFqJhgYqjvKw/EVTdZe1fW3Xo4cR/75DqSOt
6X5w7+Tm5uO8+RzBFPpin/5wM2eNyPW/VN0f5LQSi/21pd5QKqnqTplz7TFbVaEr
yAS3RVS8Gla6e4Jtm8SQMTKSxxBvTnT2ou4rkZC41yhheYLX+d5YHh9xTxlAQJls
gwHn522l22oyNg7d4dqWJc4DZOquAgung6DaXAw/vPPnUfL7yUHHEASOvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIiiw1mDI9d8XYFgW/kMN7s46KdRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaUtMRFdZTWoxM3hkZ1dCYi1RdzN1empvcDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFE8fg/dD3tS4ecULMv/
Jvtthq6DDB6xl/jIGw1vMXA058unWJcC7UnEZIDXJOyRhh35tBBtPmck/fPuCovJ
VOmHyaqEBMBIGsnzL5Un9FURrprwd7DshtE3gIZ9OpslV9mTfez+/BbDp9fO8O4H
wZ58mkrs13t8dk3jLAXY8uiG/Dnyj72lGEU2tEr/bIWybp7jqnM+Tg+WIUotU0SB
gURA9HoLq8w7sPIbmTHEWFWugASWAW1cPWQZai6GgPuMD6ZugG4SBEhlzyATUNvj
eW/6FWF9XEHSCp91tbEmiuaGR2LXqcsNTa90JDE6AvdZ4TSew5ieOlX1JjaWDdn1
Nb0=
-----END CERTIFICATE-----
Generated at Tue Jun 10 01:07:47 2025 by rpki-client