Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iuF6kIFoq0wGEFBBEqcrEsu2lKA.roa
File:                     iuF6kIFoq0wGEFBBEqcrEsu2lKA.roa (raw, json)
Hash identifier:          lOT8NGspGvwvZyBthQrzluDq9qWtg5KASrlr/kFs52w=
Subject key identifier:   8A:E1:7A:90:81:68:AB:4C:06:10:50:41:12:A7:2B:12:CB:B6:94:A0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018A00D8D6B40D774480A12F90DBF13B348C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iuF6kIFoq0wGEFBBEqcrEsu2lKA.roa
Signing time:             Thu 17 Aug 2023 00:15:25 +0000
ROA not before:           Thu 17 Aug 2023 00:15:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:00:d8:d6:b4:0d:77:44:80:a1:2f:90:db:f1:3b:34:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug 17 00:15:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ae17a908168ab4c0610504112a72b12cbb694a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:55:04:2e:86:43:29:2a:7a:6b:40:8f:01:8b:
                    92:7a:6d:0f:43:c9:6b:09:8c:01:80:c8:df:6b:70:
                    b9:c9:8a:d1:e3:2d:82:ad:dd:75:28:fd:6e:c9:2f:
                    34:ac:bc:87:84:bc:c9:ae:ac:8c:05:0f:26:53:cb:
                    29:67:4d:58:c4:d0:4e:09:19:61:51:16:9d:5f:5a:
                    a4:49:ef:fa:43:7c:10:74:a8:a9:a0:d2:73:74:40:
                    7a:ba:02:24:ad:7e:cf:d6:bb:18:df:70:2c:5c:aa:
                    d5:19:7d:b4:86:43:a0:b5:77:e9:e3:cd:c6:c9:7b:
                    28:04:43:4a:0a:24:9c:30:43:41:87:94:95:6e:87:
                    2f:82:4f:fc:5a:86:f5:67:91:6c:c2:f9:bb:16:af:
                    3b:9b:a1:3d:1a:95:7e:84:7c:58:0b:53:9c:a9:8f:
                    90:92:72:08:15:c3:3a:11:b5:cd:b0:bf:25:06:25:
                    20:1c:1a:42:24:1b:8f:42:01:1d:1e:d0:c9:57:7d:
                    fe:3c:e9:5b:ab:e7:76:cf:eb:89:f7:06:f5:3e:3b:
                    2a:2d:2d:84:88:1b:83:cc:4d:55:bb:a2:63:0c:5a:
                    5e:bb:9f:ef:9a:a2:ad:ca:3d:ab:5c:e9:f1:17:1e:
                    0e:f7:62:54:81:62:27:aa:f6:c9:75:47:00:03:f1:
                    c5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E1:7A:90:81:68:AB:4C:06:10:50:41:12:A7:2B:12:CB:B6:94:A0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iuF6kIFoq0wGEFBBEqcrEsu2lKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:53:c6:0d:76:25:f1:56:db:44:cd:d9:39:7a:62:7c:5a:71:
         3a:88:1f:a8:67:a0:2d:3d:3c:9e:c9:cc:3b:27:9a:69:62:80:
         25:c6:f9:ba:d2:cc:c4:08:71:db:4b:38:1a:92:4c:a5:d2:40:
         d5:28:3d:47:b2:71:a4:29:b9:33:fe:ce:99:c1:05:a2:0f:3d:
         57:4b:7b:42:e2:7c:fd:0f:81:9f:54:2d:d8:93:99:80:b2:74:
         0f:b8:32:6a:88:26:88:be:df:d0:a3:55:bb:6d:67:83:5e:fe:
         b0:92:43:48:e6:8b:ad:e2:58:88:05:dc:7f:58:85:5f:de:bd:
         b3:6c:f6:69:d2:02:25:e5:89:6c:a6:02:59:b8:3e:25:71:18:
         95:54:af:31:98:14:2c:08:6c:5b:ee:94:8f:fe:f7:2b:a0:b1:
         30:75:8b:bf:3e:f3:a8:25:75:6e:33:56:2d:34:92:8e:6b:cd:
         63:5f:2a:bb:15:53:03:fb:56:85:59:8c:79:6a:23:0d:14:82:
         e8:07:5d:52:e3:0d:a5:a1:95:ed:76:8e:ad:1e:10:21:83:29:
         f4:a3:b8:78:59:e3:39:d3:b6:2a:4d:0e:6c:f9:e1:d6:57:62:
         1b:85:05:97:cc:f5:9a:e3:97:78:11:e7:c7:87:82:8a:bd:c2:
         c4:8c:c7:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYoA2Na0DXdEgKEvkNvxOzSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODE3MDAxNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUxN2E5MDgxNjhhYjRjMDYxMDUwNDExMmE3MmIxMmNiYjY5NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlUELoZDKSp6a0CPAYuSem0PQ8lr
CYwBgMjfa3C5yYrR4y2Crd11KP1uyS80rLyHhLzJrqyMBQ8mU8spZ01YxNBOCRlh
URadX1qkSe/6Q3wQdKipoNJzdEB6ugIkrX7P1rsY33AsXKrVGX20hkOgtXfp483G
yXsoBENKCiScMENBh5SVbocvgk/8Wob1Z5Fswvm7Fq87m6E9GpV+hHxYC1OcqY+Q
knIIFcM6EbXNsL8lBiUgHBpCJBuPQgEdHtDJV33+POlbq+d2z+uJ9wb1PjsqLS2E
iBuDzE1Vu6JjDFpeu5/vmqKtyj2rXOnxFx4O92JUgWInqvbJdUcAA/HF0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIrhepCBaKtMBhBQQRKnKxLLtpSgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaXVGNmtJRm9xMHdHRUZCQkVxY3JFc3UybEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAVTxg12JfFW20TN2Tl6
YnxacTqIH6hnoC09PJ7JzDsnmmligCXG+brSzMQIcdtLOBqSTKXSQNUoPUeycaQp
uTP+zpnBBaIPPVdLe0LifP0PgZ9ULdiTmYCydA+4MmqIJoi+39CjVbttZ4Ne/rCS
Q0jmi63iWIgF3H9YhV/evbNs9mnSAiXliWymAlm4PiVxGJVUrzGYFCwIbFvulI/+
9yugsTB1i78+86gldW4zVi00ko5rzWNfKrsVUwP7VoVZjHlqIw0UgugHXVLjDaWh
le12jq0eECGDKfSjuHhZ4znTtipNDmz54dZXYhuFBZfM9Zrjl3gR58eHgoq9wsSM
x7U=
-----END CERTIFICATE-----
Generated at Tue Jun 10 04:20:29 2025 by rpki-client