Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kLL-tnCEzRzXqZXuqZZeb62A420.roa
File:                     kLL-tnCEzRzXqZXuqZZeb62A420.roa (raw, json)
Hash identifier:          gd7axgulwtr+RCBQ4uv/LIIR37JEq+KOvBymJvbF5Dg=
Subject key identifier:   90:B2:FE:B6:70:84:CD:1C:D7:A9:95:EE:A9:96:5E:6F:AD:80:E3:6D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898FF0C1DE4CA595E9C8B7A8D9434444CC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kLL-tnCEzRzXqZXuqZZeb62A420.roa
Signing time:             Wed 26 Jul 2023 02:04:27 +0000
ROA not before:           Wed 26 Jul 2023 02:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:8ff0:a6fe/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8f:f0:c1:de:4c:a5:95:e9:c8:b7:a8:d9:43:44:44:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 26 02:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90b2feb67084cd1cd7a995eea9965e6fad80e36d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:43:f8:4b:80:2d:09:da:95:3a:6a:f7:d4:0b:
                    96:fd:64:e6:ca:7b:00:b6:fb:6a:d7:f5:c3:f8:44:
                    a3:96:73:b1:61:33:ae:77:7e:ed:6d:17:5c:ea:b1:
                    0f:0e:e1:1f:15:7b:f1:c2:47:ba:9b:35:ce:43:cc:
                    b1:d5:6d:ae:c1:b3:32:e4:3a:ca:b1:ed:0b:14:bb:
                    f3:cd:a9:a8:db:b4:88:cf:10:0f:34:5f:96:92:ba:
                    66:c6:21:e0:d9:0a:73:49:a7:7a:21:b1:6f:2f:a5:
                    96:bc:cb:b2:01:8f:89:c6:ca:26:05:9e:c8:56:2e:
                    5d:96:05:d6:97:8c:f2:a3:3c:44:f5:39:de:66:20:
                    7c:d2:ca:15:f8:f4:52:cf:93:64:5e:0f:79:6f:4d:
                    f8:3c:16:3f:eb:68:f8:d3:23:c2:c3:54:2e:b7:4a:
                    54:27:c5:46:0c:64:f9:d0:36:e2:5c:62:3f:62:54:
                    ce:73:74:53:d5:22:6e:03:45:78:91:4b:66:ca:70:
                    26:51:c2:ee:ba:b1:ce:3e:0f:49:ad:48:e6:98:aa:
                    c5:24:65:24:28:95:35:ed:61:47:82:92:73:97:da:
                    0f:51:4e:33:48:65:d3:22:a9:6e:4c:16:2a:d4:32:
                    b8:83:8e:49:03:8e:c0:38:84:77:33:97:0b:0a:96:
                    ca:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B2:FE:B6:70:84:CD:1C:D7:A9:95:EE:A9:96:5E:6F:AD:80:E3:6D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kLL-tnCEzRzXqZXuqZZeb62A420.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:d8:d4:fd:76:8a:88:0d:03:5f:a9:6e:20:f4:95:9c:75:44:
         ae:65:cc:47:6b:fd:3b:95:87:68:dd:07:cd:10:5c:e0:de:84:
         57:65:2f:a5:66:88:d5:fe:6d:60:62:90:9f:19:b9:15:e0:2e:
         b7:d6:3e:4c:0a:1a:a6:c4:0b:25:fe:d2:b9:25:6f:37:c4:15:
         c1:eb:55:e1:61:e3:ab:f1:3e:ae:a8:31:e8:58:2d:78:76:8d:
         81:5f:1d:ac:2c:00:58:08:ef:75:82:d6:81:c1:e5:c2:c9:f5:
         d9:52:bc:40:d5:2c:a8:2f:1f:63:f8:2e:83:10:e1:0b:05:81:
         d0:22:1f:ea:ec:01:1b:23:53:9a:68:18:c2:a1:bc:5c:3c:ca:
         40:52:a2:d2:54:c3:f6:d9:35:00:63:35:d7:9a:12:c1:cd:a9:
         03:3d:f4:91:49:2a:34:1b:3e:54:22:56:60:be:f1:1c:dc:98:
         03:44:cd:10:67:c8:07:8c:e4:60:24:e1:7b:da:61:4e:6d:9d:
         7b:6b:45:fe:3b:67:55:9d:03:82:ce:b2:e4:e6:ec:6c:c8:17:
         f3:a5:b1:27:1f:b3:28:fc:a9:83:6d:4b:51:e0:32:7c:cf:fe:
         3a:bd:e9:0b:62:4e:36:c3:f6:b7:b1:c2:e6:29:72:b0:a7:42:
         78:8b:97:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmP8MHeTKWV6ci3qNlDRETMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI2MDIwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGIyZmViNjcwODRjZDFjZDdhOTk1ZWVhOTk2NWU2ZmFkODBlMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUP4S4AtCdqVOmr31AuW/WTmynsA
tvtq1/XD+ESjlnOxYTOud37tbRdc6rEPDuEfFXvxwke6mzXOQ8yx1W2uwbMy5DrK
se0LFLvzzamo27SIzxAPNF+WkrpmxiHg2QpzSad6IbFvL6WWvMuyAY+JxsomBZ7I
Vi5dlgXWl4zyozxE9TneZiB80soV+PRSz5NkXg95b034PBY/62j40yPCw1Qut0pU
J8VGDGT50DbiXGI/YlTOc3RT1SJuA0V4kUtmynAmUcLuurHOPg9JrUjmmKrFJGUk
KJU17WFHgpJzl9oPUU4zSGXTIqluTBYq1DK4g45JA47AOIR3M5cLCpbKXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJCy/rZwhM0c16mV7qmWXm+tgONtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva0xMLXRuQ0V6UnpYcVpYdXFaWmViNjJBNDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA7Y1P12iogNA1+pbiD0
lZx1RK5lzEdr/TuVh2jdB80QXODehFdlL6VmiNX+bWBikJ8ZuRXgLrfWPkwKGqbE
CyX+0rklbzfEFcHrVeFh46vxPq6oMehYLXh2jYFfHawsAFgI73WC1oHB5cLJ9dlS
vEDVLKgvH2P4LoMQ4QsFgdAiH+rsARsjU5poGMKhvFw8ykBSotJUw/bZNQBjNdea
EsHNqQM99JFJKjQbPlQiVmC+8RzcmANEzRBnyAeM5GAk4XvaYU5tnXtrRf47Z1Wd
A4LOsuTm7GzIF/OlsScfsyj8qYNtS1HgMnzP/jq96QtiTjbD9rexwuYpcrCnQniL
lwI=
-----END CERTIFICATE-----
Generated at Wed Jun 11 03:32:28 2025 by rpki-client