Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rflEqP1GPyqWe3zz6XF0SKaPIGE.roa
File:                     rflEqP1GPyqWe3zz6XF0SKaPIGE.roa (raw, json)
Hash identifier:          CYSJAoTTSNk721S2ckn+E0IkmCkAVTQPoo8OwzAJSgo=
Subject key identifier:   AD:F9:44:A8:FD:46:3F:2A:96:7B:7C:F3:E9:71:74:48:A6:8F:20:61
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0185349A137A740858C392590893F984F9F3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rflEqP1GPyqWe3zz6XF0SKaPIGE.roa
Signing time:             Wed 21 Dec 2022 12:13:10 +0000
ROA not before:           Wed 21 Dec 2022 12:13:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:34:9a:13:7a:74:08:58:c3:92:59:08:93:f9:84:f9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec 21 12:13:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=adf944a8fd463f2a967b7cf3e9717448a68f2061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f5:55:19:7c:0b:5c:cc:46:87:5c:36:a8:dc:
                    23:9e:aa:d3:03:0b:ec:61:a9:c8:6b:47:ce:73:0d:
                    5a:50:21:9d:5d:39:a5:df:c5:f6:9f:bf:1e:72:05:
                    c0:be:79:27:77:1d:6a:02:54:ab:6d:60:6e:9e:04:
                    63:7c:38:bb:a3:14:f9:4e:20:bd:3d:fe:64:27:8f:
                    94:a0:5a:25:2e:b5:b7:7a:09:09:cc:fe:a9:d0:53:
                    0a:e2:d5:fb:09:6b:e9:f1:ef:4b:23:d8:ba:a2:a5:
                    e5:10:71:9a:77:31:07:b3:a4:f9:1f:be:7f:a5:78:
                    c9:86:59:97:f8:56:f9:a2:92:14:33:4f:9f:32:53:
                    59:46:92:99:c7:78:a0:37:24:ab:d9:05:a8:ac:9c:
                    69:8d:4c:d5:60:a3:18:16:99:b9:a1:af:ce:ca:cc:
                    18:df:63:b0:cf:8e:67:61:b1:1b:80:59:fb:db:49:
                    cb:1c:d0:73:cd:f3:86:5c:3d:28:11:7c:7c:2d:7d:
                    92:41:a0:69:d5:3d:a8:50:07:f8:df:0d:3c:47:21:
                    61:14:cc:7a:69:b0:c7:a2:8f:71:e8:c6:f9:1e:b4:
                    24:7c:c2:e7:86:74:00:01:dd:8b:36:bd:00:b6:25:
                    3b:08:9a:96:0e:d8:c1:37:a7:09:b2:40:b3:12:2f:
                    fc:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F9:44:A8:FD:46:3F:2A:96:7B:7C:F3:E9:71:74:48:A6:8F:20:61
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rflEqP1GPyqWe3zz6XF0SKaPIGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:f3:a5:b7:90:27:02:c9:53:bd:b0:6a:ac:7e:46:38:e3:59:
         6d:f0:b1:dd:c5:ce:b2:d5:f3:41:4b:64:a4:91:d0:cc:3e:fb:
         ee:dc:34:8b:62:1e:2e:72:06:b5:66:26:47:7c:67:ea:19:e4:
         82:d3:41:6e:d0:5e:34:60:59:f1:61:bb:a3:2f:9d:37:fd:28:
         76:38:6a:41:6e:ca:2b:a1:89:d7:f4:5a:70:3d:5a:cf:83:38:
         27:77:c9:67:c4:66:8b:8f:1c:81:e2:dc:52:56:b2:d1:eb:4a:
         24:a9:ce:ba:f8:eb:42:0b:20:aa:fd:7e:b1:c2:49:59:b8:8f:
         24:0a:1c:b5:12:98:1b:0b:2c:19:1a:3e:fd:09:5f:ef:cd:ab:
         fc:1e:fd:db:a5:33:2c:b2:dd:7b:e4:9b:0e:84:26:0f:49:c9:
         9b:44:70:0d:26:fd:d2:cc:06:50:9c:8e:54:dc:80:ab:ec:ec:
         6e:ef:c2:a9:bb:c6:c6:0c:4b:6f:7d:ae:64:9a:68:c7:35:05:
         fa:5c:00:0e:da:f0:51:43:0c:61:fb:f4:3b:c3:cb:f4:16:15:
         40:23:7f:50:1c:ac:cc:ab:69:d5:80:10:6d:58:82:25:b8:8d:
         b0:f2:45:35:43:db:ab:95:6e:9d:a6:b2:0d:84:21:96:26:24:
         2a:0f:0e:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYU0mhN6dAhYw5JZCJP5hPnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjIxMTIxMzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGY5NDRhOGZkNDYzZjJhOTY3YjdjZjNlOTcxNzQ0OGE2OGYyMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvVVGXwLXMxGh1w2qNwjnqrTAwvs
YanIa0fOcw1aUCGdXTml38X2n78ecgXAvnkndx1qAlSrbWBungRjfDi7oxT5TiC9
Pf5kJ4+UoFolLrW3egkJzP6p0FMK4tX7CWvp8e9LI9i6oqXlEHGadzEHs6T5H75/
pXjJhlmX+Fb5opIUM0+fMlNZRpKZx3igNySr2QWorJxpjUzVYKMYFpm5oa/OyswY
32Owz45nYbEbgFn720nLHNBzzfOGXD0oEXx8LX2SQaBp1T2oUAf43w08RyFhFMx6
abDHoo9x6Mb5HrQkfMLnhnQAAd2LNr0AtiU7CJqWDtjBN6cJskCzEi/8FQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK35RKj9Rj8qlnt88+lxdEimjyBhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcmZsRXFQMUdQeXFXZTN6ejZYRjBTS2FQSUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEPzpbeQJwLJU72waqx+
RjjjWW3wsd3FzrLV80FLZKSR0Mw+++7cNItiHi5yBrVmJkd8Z+oZ5ILTQW7QXjRg
WfFhu6MvnTf9KHY4akFuyiuhidf0WnA9Ws+DOCd3yWfEZouPHIHi3FJWstHrSiSp
zrr460ILIKr9frHCSVm4jyQKHLUSmBsLLBkaPv0JX+/Nq/we/dulMyyy3Xvkmw6E
Jg9JyZtEcA0m/dLMBlCcjlTcgKvs7G7vwqm7xsYMS299rmSaaMc1BfpcAA7a8FFD
DGH79DvDy/QWFUAjf1AcrMyradWAEG1YgiW4jbDyRTVD26uVbp2msg2EIZYmJCoP
Djo=
-----END CERTIFICATE-----
Generated at Wed Jun 11 23:19:31 2025 by rpki-client