Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kAgMN4cM2b_vtmgcqvpDdqUtoEQ.roa
File:                     kAgMN4cM2b_vtmgcqvpDdqUtoEQ.roa (raw, json)
Hash identifier:          XTNNdoePkVVXxpCULLfDVX4Z7/Xg0hYt2CNAR+t28bE=
Subject key identifier:   90:08:0C:37:87:0C:D9:BF:EF:B6:68:1C:AA:FA:43:76:A5:2D:A0:44
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0184E22C5D0C6F0466D676DA5128023164F8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kAgMN4cM2b_vtmgcqvpDdqUtoEQ.roa
Signing time:             Mon 05 Dec 2022 12:04:28 +0000
ROA not before:           Mon 05 Dec 2022 12:04:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:184:e22c:4795/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e2:2c:5d:0c:6f:04:66:d6:76:da:51:28:02:31:64:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec  5 12:04:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90080c37870cd9bfefb6681caafa4376a52da044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2e:5b:ad:d1:37:96:b6:05:54:5f:50:0c:4e:
                    f9:56:5a:00:d3:b7:da:c5:d1:85:dc:4d:82:91:cd:
                    5f:53:74:9a:03:81:e7:19:70:55:36:8e:26:51:71:
                    35:c3:da:37:e8:9e:ad:aa:5a:c6:59:bd:a4:87:52:
                    e9:39:4f:e2:09:ed:f3:ba:18:c3:5c:c0:2f:95:8f:
                    8b:c2:b9:e8:39:96:2d:53:17:34:0d:f5:2d:a8:34:
                    d2:65:de:db:a1:27:ec:d1:ad:fa:d8:32:70:99:2b:
                    97:22:3f:64:5c:71:5b:37:dd:d3:44:d6:24:59:98:
                    3f:b2:6b:7f:84:b8:4d:6d:b8:7f:1d:53:9f:01:e8:
                    88:7f:82:08:b1:12:80:8b:f2:85:4b:90:95:b7:97:
                    f9:d3:b3:a9:2d:a4:c0:d8:33:ff:ab:16:e8:e0:29:
                    4b:2b:cd:cb:f3:27:bb:24:77:e6:cf:dd:f7:a4:2d:
                    53:ba:d3:a0:a4:97:22:11:b4:bc:72:14:1b:c2:5c:
                    dc:1a:3e:de:07:c1:b2:54:54:2a:18:1a:c5:e5:7a:
                    ce:e9:82:cf:aa:ef:32:d7:70:9f:b2:21:f1:ef:a7:
                    17:b2:a4:94:9b:76:07:89:f8:e2:a3:74:74:47:51:
                    46:c8:75:73:57:ed:99:30:96:53:03:28:90:2b:71:
                    b1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:08:0C:37:87:0C:D9:BF:EF:B6:68:1C:AA:FA:43:76:A5:2D:A0:44
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kAgMN4cM2b_vtmgcqvpDdqUtoEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:79:6a:9b:19:eb:85:87:43:12:94:75:2f:97:57:63:b8:79:
         c2:ff:19:52:17:fa:39:6f:88:22:f9:7f:51:85:09:1b:a0:63:
         9e:18:62:e1:18:2b:fc:f1:fa:af:26:af:e9:62:d5:c9:86:a9:
         b9:e0:53:4f:03:c0:bf:fd:6f:4b:79:4a:22:5c:80:ab:0e:a8:
         8e:40:17:e3:4d:46:9a:b5:69:f6:a1:6d:ea:a0:3d:83:30:39:
         26:48:f6:68:ad:db:90:50:ae:08:bc:1d:28:73:8d:dd:1a:c3:
         8b:30:55:c9:3a:20:f7:6b:2d:54:68:bf:13:db:c9:ad:7f:64:
         63:b3:1d:25:af:5b:6e:34:15:a9:22:bd:28:b3:3e:f7:ed:99:
         a8:2c:ad:25:1f:19:45:15:f2:00:b8:3b:dd:ec:4f:a5:a8:a5:
         35:3f:31:2d:ad:3e:cd:46:0b:8f:d3:dd:13:69:30:16:a0:60:
         9b:54:ca:6d:23:3c:c8:d6:da:fd:dd:8f:49:8b:d4:62:0c:07:
         43:ff:92:09:65:82:e7:fe:ea:64:f1:92:1b:ef:0b:5c:a4:d7:
         01:25:a9:f2:a6:1e:e5:03:d4:4c:41:48:af:b9:de:90:a6:4d:
         30:c5:a3:8f:b6:c7:d8:23:f8:07:37:56:d5:74:6a:1b:78:30:
         d7:c7:db:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYTiLF0MbwRm1nbaUSgCMWT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjA1MTIwNDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDA4MGMzNzg3MGNkOWJmZWZiNjY4MWNhYWZhNDM3NmE1MmRhMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly5brdE3lrYFVF9QDE75VloA07fa
xdGF3E2Ckc1fU3SaA4HnGXBVNo4mUXE1w9o36J6tqlrGWb2kh1LpOU/iCe3zuhjD
XMAvlY+LwrnoOZYtUxc0DfUtqDTSZd7boSfs0a362DJwmSuXIj9kXHFbN93TRNYk
WZg/smt/hLhNbbh/HVOfAeiIf4IIsRKAi/KFS5CVt5f507OpLaTA2DP/qxbo4ClL
K83L8ye7JHfmz933pC1TutOgpJciEbS8chQbwlzcGj7eB8GyVFQqGBrF5XrO6YLP
qu8y13CfsiHx76cXsqSUm3YHifjio3R0R1FGyHVzV+2ZMJZTAyiQK3GxLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJAIDDeHDNm/77ZoHKr6Q3alLaBEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva0FnTU40Y00yYl92dG1nY3F2cERkcVV0b0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFB5apsZ64WHQxKUdS+X
V2O4ecL/GVIX+jlviCL5f1GFCRugY54YYuEYK/zx+q8mr+li1cmGqbngU08DwL/9
b0t5SiJcgKsOqI5AF+NNRpq1afahbeqgPYMwOSZI9mit25BQrgi8HShzjd0aw4sw
Vck6IPdrLVRovxPbya1/ZGOzHSWvW240FakivSizPvftmagsrSUfGUUV8gC4O93s
T6WopTU/MS2tPs1GC4/T3RNpMBagYJtUym0jPMjW2v3dj0mL1GIMB0P/kgllguf+
6mTxkhvvC1yk1wElqfKmHuUD1ExBSK+53pCmTTDFo4+2x9gj+Ac3VtV0aht4MNfH
2+g=
-----END CERTIFICATE-----
Generated at Wed Jun 11 13:53:14 2025 by rpki-client