Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/stlNkROMcg3_H5TzkAYg5eWU4gA.roa
File:                     stlNkROMcg3_H5TzkAYg5eWU4gA.roa (raw, json)
Hash identifier:          8tOzid+eRAwW+aJrD/uOB8Ws8QgPWksyrWriAbfz58o=
Subject key identifier:   B2:D9:4D:91:13:8C:72:0D:FF:1F:94:F3:90:06:20:E5:E5:94:E2:00
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0184D587F7D996089423F3E605BB4DEB5017
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/stlNkROMcg3_H5TzkAYg5eWU4gA.roa
Signing time:             Sat 03 Dec 2022 01:09:28 +0000
ROA not before:           Sat 03 Dec 2022 01:09:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d5:87:f7:d9:96:08:94:23:f3:e6:05:bb:4d:eb:50:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Dec  3 01:09:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b2d94d91138c720dff1f94f3900620e5e594e200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a3:21:9c:6f:aa:2a:b7:d5:e7:1a:25:6c:a6:
                    5c:e3:71:3c:8e:2a:03:e4:d7:86:40:60:3e:63:f2:
                    33:72:fb:84:b3:93:b9:6d:c0:51:d6:43:61:89:a4:
                    87:b2:29:6f:45:e3:0c:5b:57:ad:d5:97:bb:ec:51:
                    8a:40:ed:64:57:e9:08:39:39:e5:61:50:ac:7f:f2:
                    79:84:d6:c5:e7:4b:f5:76:e6:ff:20:11:16:7a:a3:
                    15:68:d0:7b:39:6f:ec:13:f4:c3:f1:83:24:19:ff:
                    bb:53:4b:54:ce:00:ae:03:6b:c1:b4:b6:78:64:c1:
                    0f:d9:1a:92:a1:df:f6:0f:a8:bd:6d:8c:bf:89:98:
                    72:4f:90:75:6d:33:1e:22:19:2a:04:de:ca:bf:be:
                    f3:09:c3:7a:d4:89:64:b8:6f:28:95:12:f0:e2:d1:
                    5b:80:de:f6:5a:12:f1:d6:65:5e:6b:5d:2b:2d:22:
                    2a:3f:c5:86:2a:c1:a5:4d:e6:76:17:7a:2d:39:05:
                    9f:82:3c:55:94:de:92:3f:95:fe:ed:37:9f:f7:bd:
                    44:86:b3:04:66:5d:7e:01:37:fb:94:99:ba:90:74:
                    c2:8e:9b:3e:8b:a3:5d:41:7c:42:be:ae:02:fa:55:
                    2f:1b:a7:96:89:6a:09:c1:57:54:e2:cd:0f:c5:4d:
                    87:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D9:4D:91:13:8C:72:0D:FF:1F:94:F3:90:06:20:E5:E5:94:E2:00
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/stlNkROMcg3_H5TzkAYg5eWU4gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:8c:fd:f2:15:06:3d:0c:33:ae:5c:5d:fe:13:ca:dc:ef:9c:
         40:b7:6d:d5:5a:8e:0d:86:17:e4:2a:98:92:c5:0a:ac:24:32:
         df:dc:e8:29:6b:d5:63:d8:8c:cb:57:59:e8:f9:96:a3:88:e0:
         b8:f0:99:1b:c8:0f:57:10:25:ac:35:e3:fe:a7:76:6e:86:db:
         da:b6:ca:78:05:ab:5e:6a:84:aa:47:ed:37:59:89:30:52:71:
         d5:ea:5a:5f:ff:20:18:43:d1:b2:6d:7d:9d:2d:b0:bd:0b:eb:
         b7:c8:0e:fc:8a:21:c7:92:9d:c1:8a:ec:3b:76:86:76:01:2b:
         ac:d2:99:32:80:88:a3:87:4b:3f:8d:8e:a9:4d:75:a8:21:8b:
         a0:30:5e:e5:60:e8:f9:d1:e2:a6:26:76:45:03:39:b1:9c:1b:
         50:3e:40:cb:7e:bd:29:de:d6:a3:22:a0:14:07:b8:47:9e:f4:
         c2:55:23:83:fe:82:97:3a:0b:ae:9b:9c:e5:0e:80:34:a0:dd:
         76:24:f6:6b:68:e9:e4:15:fe:6b:79:0e:f8:39:d4:33:2a:c3:
         ad:75:25:5d:26:98:d7:28:a2:07:91:14:34:5d:e3:32:34:6c:
         bc:27:7e:68:3f:36:3e:b3:83:d3:9c:09:f2:23:45:99:7d:7c:
         f5:4e:4b:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYTVh/fZlgiUI/PmBbtN61AXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjAzMDEwOTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmQ5NGQ5MTEzOGM3MjBkZmYxZjk0ZjM5MDA2MjBlNWU1OTRlMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKMhnG+qKrfV5xolbKZc43E8jioD
5NeGQGA+Y/IzcvuEs5O5bcBR1kNhiaSHsilvReMMW1et1Ze77FGKQO1kV+kIOTnl
YVCsf/J5hNbF50v1dub/IBEWeqMVaNB7OW/sE/TD8YMkGf+7U0tUzgCuA2vBtLZ4
ZMEP2RqSod/2D6i9bYy/iZhyT5B1bTMeIhkqBN7Kv77zCcN61IlkuG8olRLw4tFb
gN72WhLx1mVea10rLSIqP8WGKsGlTeZ2F3otOQWfgjxVlN6SP5X+7Tef971EhrME
Zl1+ATf7lJm6kHTCjps+i6NdQXxCvq4C+lUvG6eWiWoJwVdU4s0PxU2HFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLLZTZETjHIN/x+U85AGIOXllOIAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc3RsTmtST01jZzNfSDVUemtBWWc1ZVdVNGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABSM/fIVBj0MM65cXf4T
ytzvnEC3bdVajg2GF+QqmJLFCqwkMt/c6Clr1WPYjMtXWej5lqOI4LjwmRvID1cQ
Jaw14/6ndm6G29q2yngFq15qhKpH7TdZiTBScdXqWl//IBhD0bJtfZ0tsL0L67fI
DvyKIceSncGK7Dt2hnYBK6zSmTKAiKOHSz+NjqlNdaghi6AwXuVg6PnR4qYmdkUD
ObGcG1A+QMt+vSne1qMioBQHuEee9MJVI4P+gpc6C66bnOUOgDSg3XYk9mto6eQV
/mt5Dvg51DMqw611JV0mmNcoogeRFDRd4zI0bLwnfmg/Nj6zg9OcCfIjRZl9fPVO
S+o=
-----END CERTIFICATE-----
Generated at Tue Jun 10 14:39:11 2025 by rpki-client