Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/orI8tfF03vy6Ri4rHu4n8tfBrWw.roa
File:                     orI8tfF03vy6Ri4rHu4n8tfBrWw.roa (raw, json)
Hash identifier:          b0VNxG6pJIvNIIbrZCzxFEFdmhIRK/ivUDuJtOSwyek=
Subject key identifier:   A2:B2:3C:B5:F1:74:DE:FC:BA:46:2E:2B:1E:EE:27:F2:D7:C1:AD:6C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018A442FE70623D15A044BFC79C3736FC50A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/orI8tfF03vy6Ri4rHu4n8tfBrWw.roa
Signing time:             Wed 30 Aug 2023 02:05:04 +0000
ROA not before:           Wed 30 Aug 2023 02:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18a:442f:6423/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:44:2f:e7:06:23:d1:5a:04:4b:fc:79:c3:73:6f:c5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Aug 30 02:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2b23cb5f174defcba462e2b1eee27f2d7c1ad6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:00:ee:c4:a9:3e:18:ee:ef:9d:23:f1:4b:a0:
                    17:c1:f2:65:3c:e1:5d:d4:18:10:16:6b:a7:d2:96:
                    55:8d:95:64:ff:ca:bf:fc:9d:59:c5:33:56:e5:85:
                    79:c5:4a:03:2f:bf:0a:ee:1c:21:64:b7:b4:13:54:
                    0c:73:fe:47:c0:00:08:d9:f0:33:d2:84:7a:93:fe:
                    da:f1:fe:37:ce:d9:45:d5:5a:02:38:d6:83:0b:30:
                    ae:af:a5:84:65:e1:2d:7a:33:30:52:93:10:9a:46:
                    32:1a:d9:6f:1a:00:95:58:77:7c:f9:b4:e8:c8:64:
                    3a:9b:36:78:a2:b7:a2:d1:12:0b:fb:01:89:5a:43:
                    2f:21:2c:52:f5:41:1a:f7:09:2c:e6:f1:dc:3f:1b:
                    36:b1:50:4a:d1:80:c2:87:49:93:d0:ad:22:74:17:
                    fd:03:b3:43:d1:6d:11:ce:33:73:87:8f:2a:c7:c0:
                    68:72:6e:c5:92:e8:97:fe:24:0c:12:5f:ba:03:37:
                    f5:90:39:d3:01:80:6a:f3:77:51:38:f9:c1:a2:72:
                    d2:5b:cc:f6:4d:d5:91:1b:ff:d2:6a:c9:01:bb:c9:
                    e5:37:85:ea:c8:5f:84:3a:2e:81:a5:ab:06:77:74:
                    3b:fc:dc:b5:6e:6d:84:ba:95:37:4c:b2:e7:3c:a7:
                    bd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B2:3C:B5:F1:74:DE:FC:BA:46:2E:2B:1E:EE:27:F2:D7:C1:AD:6C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/orI8tfF03vy6Ri4rHu4n8tfBrWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:33:63:49:4b:5d:8e:79:33:22:bc:d4:a3:b0:ed:2c:90:32:
         ac:d9:ff:09:b7:9e:b3:0e:00:84:55:89:dc:3c:72:be:2a:5d:
         4c:8f:86:34:a6:b8:09:45:9a:1e:6b:98:27:4e:8a:79:e9:9d:
         71:59:8b:6c:a4:58:e3:43:fc:e6:1c:f9:e7:f2:2e:aa:10:c4:
         4e:f9:b2:31:42:34:97:d0:ff:57:17:7f:8f:dc:16:ee:c1:49:
         4b:16:91:d0:ce:3b:1d:c3:0d:da:5b:5d:df:c8:c4:17:5d:fb:
         94:62:ed:59:22:ca:88:37:f9:cf:35:64:4b:f1:ff:ea:f0:dd:
         d1:d9:eb:b2:b4:2b:bb:12:cb:dd:16:18:7d:38:8a:0e:2a:12:
         21:24:f8:91:10:ea:79:76:7e:70:bd:9f:55:bf:b8:c1:8e:31:
         c9:cc:e4:41:c8:c6:b4:71:9f:1a:50:c5:37:42:0b:82:03:bd:
         05:7e:3f:ea:7a:81:ac:22:52:80:30:5c:65:12:ad:ff:f3:7f:
         20:39:38:34:a9:e8:6e:16:92:3a:93:71:a3:c6:3b:ca:c1:5d:
         2b:31:34:28:4f:8c:a0:b5:93:f8:f1:bc:ca:fe:75:f5:15:2c:
         20:9c:47:42:d8:cc:87:2c:d8:61:f4:33:7a:4e:de:39:5d:81:
         57:51:c9:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYpEL+cGI9FaBEv8ecNzb8UKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODMwMDIwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmIyM2NiNWYxNzRkZWZjYmE0NjJlMmIxZWVlMjdmMmQ3YzFhZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwDuxKk+GO7vnSPxS6AXwfJlPOFd
1BgQFmun0pZVjZVk/8q//J1ZxTNW5YV5xUoDL78K7hwhZLe0E1QMc/5HwAAI2fAz
0oR6k/7a8f43ztlF1VoCONaDCzCur6WEZeEtejMwUpMQmkYyGtlvGgCVWHd8+bTo
yGQ6mzZ4orei0RIL+wGJWkMvISxS9UEa9wks5vHcPxs2sVBK0YDCh0mT0K0idBf9
A7ND0W0RzjNzh48qx8Bocm7FkuiX/iQMEl+6Azf1kDnTAYBq83dROPnBonLSW8z2
TdWRG//SaskBu8nlN4XqyF+EOi6BpasGd3Q7/Ny1bm2EupU3TLLnPKe9/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKKyPLXxdN78ukYuKx7uJ/LXwa1sMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb3JJOHRmRjAzdnk2Umk0ckh1NG44dGZCcld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFszY0lLXY55MyK81KOw
7SyQMqzZ/wm3nrMOAIRVidw8cr4qXUyPhjSmuAlFmh5rmCdOinnpnXFZi2ykWOND
/OYc+efyLqoQxE75sjFCNJfQ/1cXf4/cFu7BSUsWkdDOOx3DDdpbXd/IxBdd+5Ri
7Vkiyog3+c81ZEvx/+rw3dHZ67K0K7sSy90WGH04ig4qEiEk+JEQ6nl2fnC9n1W/
uMGOMcnM5EHIxrRxnxpQxTdCC4IDvQV+P+p6gawiUoAwXGUSrf/zfyA5ODSp6G4W
kjqTcaPGO8rBXSsxNChPjKC1k/jxvMr+dfUVLCCcR0LYzIcs2GH0M3pO3jldgVdR
yTo=
-----END CERTIFICATE-----
Generated at Wed Jun 11 05:01:56 2025 by rpki-client