Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oY0qsNb9_YqVNL2I-JTww6S0UL8.roa
File:                     oY0qsNb9_YqVNL2I-JTww6S0UL8.roa (raw, json)
Hash identifier:          wTrdZiA6yWEQsA8/Z+Tw0oT2wEt8B7gEvhHBJrsHCas=
Subject key identifier:   A1:8D:2A:B0:D6:FD:FD:8A:95:34:BD:88:F8:94:F0:C3:A4:B4:50:BF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878E0C4526A2B546B9B4AFF053CB214FE7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oY0qsNb9_YqVNL2I-JTww6S0UL8.roa
Signing time:             Mon 17 Apr 2023 07:09:41 +0000
ROA not before:           Mon 17 Apr 2023 07:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8e:0c:45:26:a2:b5:46:b9:b4:af:f0:53:cb:21:4f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 17 07:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a18d2ab0d6fdfd8a9534bd88f894f0c3a4b450bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5f:40:29:44:9a:a3:38:62:ae:b0:05:3e:7d:
                    61:8c:00:6d:5c:16:a6:b8:d1:00:d6:29:94:96:48:
                    f1:2f:84:0e:c4:3a:24:c0:65:9c:15:10:83:ac:27:
                    41:5e:51:31:dc:8a:09:8c:35:34:4c:30:56:95:fc:
                    63:22:19:30:b0:0a:4c:15:49:f3:a5:2b:07:2b:d8:
                    1d:16:00:3a:b9:61:f3:c3:32:24:be:6e:32:65:46:
                    97:c3:9e:bf:03:42:bb:dc:4f:ba:d6:6e:ac:e3:6d:
                    35:32:22:70:39:ab:5d:d6:e8:62:60:af:0e:56:33:
                    eb:28:b4:6e:dd:72:4b:a0:30:43:92:b6:40:55:dc:
                    cd:13:30:65:52:9d:4d:1f:37:ae:69:32:c2:ea:26:
                    9e:66:7f:63:1a:d1:f6:e7:f2:87:71:b1:c1:69:da:
                    d9:fa:b8:0b:43:64:01:fe:0e:c1:da:7e:91:41:72:
                    34:dd:e7:1d:8a:a8:75:f0:6c:27:39:1f:11:e0:04:
                    8d:cb:a7:0e:16:de:ad:c3:92:cd:35:87:6b:14:03:
                    e7:63:74:84:0c:0b:8f:6b:f4:15:2e:44:00:f4:7e:
                    6a:02:a6:ef:1a:73:e3:d8:4a:6b:c7:4f:e0:63:c7:
                    14:e6:83:e0:03:d5:bf:fe:76:8e:9e:8d:31:92:e5:
                    eb:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:8D:2A:B0:D6:FD:FD:8A:95:34:BD:88:F8:94:F0:C3:A4:B4:50:BF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oY0qsNb9_YqVNL2I-JTww6S0UL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:e6:e1:81:a3:de:65:7e:62:5b:e9:89:32:27:7b:0a:17:95:
         80:5b:21:43:40:eb:fb:06:31:c1:58:b8:2e:ca:48:b8:a5:cf:
         d1:ec:85:7c:97:e4:25:c1:a7:ec:9c:9c:f7:d1:ac:bf:0a:8a:
         10:06:09:6c:36:12:ec:9f:9d:78:d8:de:26:c7:3a:6e:01:d8:
         d8:13:6b:40:1a:66:92:66:98:55:3d:e5:7a:fc:7e:11:88:7e:
         88:28:db:63:5e:34:10:61:04:1a:ce:0d:60:d0:57:7f:4a:62:
         49:19:29:74:15:df:3c:e1:ae:33:09:2f:17:1c:16:f0:58:f9:
         59:d9:02:44:f1:6d:b4:e5:24:c2:9b:bd:c4:0b:56:89:a6:61:
         b8:72:f3:90:27:b1:aa:40:fb:df:72:66:0b:da:97:c3:24:1e:
         54:f5:d1:c2:de:b8:33:2f:d3:e2:54:52:7f:0f:ce:5a:9a:76:
         6b:52:96:4c:46:53:b1:7e:db:f5:b1:2a:a1:f3:c8:2f:5c:3f:
         37:2b:19:bf:14:a4:27:71:c5:0d:dd:db:84:7a:80:cc:af:2e:
         81:88:02:7f:d6:57:b4:38:07:76:0f:88:f1:4e:c4:26:6b:92:
         4a:cf:06:40:b3:7a:a5:05:f2:9b:35:6a:d0:29:11:62:ef:55:
         af:f5:a5:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeODEUmorVGubSv8FPLIU/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE3MDcwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMThkMmFiMGQ2ZmRmZDhhOTUzNGJkODhmODk0ZjBjM2E0YjQ1MGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF9AKUSaozhirrAFPn1hjABtXBam
uNEA1imUlkjxL4QOxDokwGWcFRCDrCdBXlEx3IoJjDU0TDBWlfxjIhkwsApMFUnz
pSsHK9gdFgA6uWHzwzIkvm4yZUaXw56/A0K73E+61m6s4201MiJwOatd1uhiYK8O
VjPrKLRu3XJLoDBDkrZAVdzNEzBlUp1NHzeuaTLC6iaeZn9jGtH25/KHcbHBadrZ
+rgLQ2QB/g7B2n6RQXI03ecdiqh18GwnOR8R4ASNy6cOFt6tw5LNNYdrFAPnY3SE
DAuPa/QVLkQA9H5qAqbvGnPj2Eprx0/gY8cU5oPgA9W//naOno0xkuXrXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKGNKrDW/f2KlTS9iPiU8MOktFC/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb1kwcXNOYjlfWXFWTkwySS1KVHd3NlMwVUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAALm4YGj3mV+YlvpiTIn
ewoXlYBbIUNA6/sGMcFYuC7KSLilz9HshXyX5CXBp+ycnPfRrL8KihAGCWw2Euyf
nXjY3ibHOm4B2NgTa0AaZpJmmFU95Xr8fhGIfogo22NeNBBhBBrODWDQV39KYkkZ
KXQV3zzhrjMJLxccFvBY+VnZAkTxbbTlJMKbvcQLVommYbhy85AnsapA+99yZgva
l8MkHlT10cLeuDMv0+JUUn8PzlqadmtSlkxGU7F+2/WxKqHzyC9cPzcrGb8UpCdx
xQ3d24R6gMyvLoGIAn/WV7Q4B3YPiPFOxCZrkkrPBkCzeqUF8ps1atApEWLvVa/1
pZY=
-----END CERTIFICATE-----
Generated at Mon Jun 9 17:31:27 2025 by rpki-client