Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/twFLa3pSkBZM4oXAkRas_xOSleE.roa
File:                     twFLa3pSkBZM4oXAkRas_xOSleE.roa (raw, json)
Hash identifier:          WGzfEzJQMi8hrJ272PUluI/rJOjrItU3R+1xD3dd9Kw=
Subject key identifier:   B7:01:4B:6B:7A:52:90:16:4C:E2:85:C0:91:16:AC:FF:13:92:95:E1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B033A942315E43FCE26454A0C98438EE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/twFLa3pSkBZM4oXAkRas_xOSleE.roa
Signing time:             Sun 05 Mar 2023 05:17:01 +0000
ROA not before:           Sun 05 Mar 2023 05:17:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b0:33:a9:42:31:5e:43:fc:e2:64:54:a0:c9:84:38:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 05:17:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7014b6b7a5290164ce285c09116acff139295e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:8f:98:03:4c:e0:19:e5:c2:95:54:bb:b7:6c:
                    53:59:d3:ee:6f:91:22:10:f4:81:c3:0b:d6:b7:0b:
                    6d:c7:52:b3:2f:7a:10:ab:44:0a:bf:77:dd:74:b2:
                    10:f8:3f:f2:7c:c6:c6:cf:35:e1:6c:83:f6:1f:ce:
                    60:28:4e:08:83:49:24:14:73:7e:28:5e:c5:f6:1e:
                    bb:8d:fa:a8:eb:6a:30:0a:bd:f1:ea:10:1e:ae:69:
                    cd:c4:98:db:8c:2e:e3:2b:2a:16:f3:1b:09:15:63:
                    fb:4f:53:f8:23:d3:c2:86:b2:92:6a:3d:65:d8:93:
                    9a:9e:aa:d2:51:0c:56:77:cc:d7:3e:82:e5:30:12:
                    55:bb:94:05:c3:78:53:a4:1e:bf:91:c4:9b:20:d2:
                    99:5f:1c:bc:bc:1c:9f:6f:dd:4c:f9:f5:2d:80:1d:
                    11:6b:91:a4:0a:71:7a:58:96:76:89:36:ba:96:be:
                    79:53:3a:fe:9e:65:f4:66:81:69:f4:c0:fa:ca:28:
                    be:f5:30:6e:7b:a8:7a:92:14:7a:7f:37:ac:87:50:
                    15:da:5c:52:04:1d:40:7f:82:66:e4:a6:e2:12:97:
                    c1:8a:54:25:c4:9b:04:de:57:d1:c2:ce:fc:37:f0:
                    43:8a:73:f0:d1:d8:03:b3:53:f4:ab:38:5c:c5:5d:
                    0f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:01:4B:6B:7A:52:90:16:4C:E2:85:C0:91:16:AC:FF:13:92:95:E1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/twFLa3pSkBZM4oXAkRas_xOSleE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:fc:cf:43:be:9e:2e:8a:7e:a5:08:20:61:47:23:e4:46:d4:
         b8:3d:f0:80:99:1e:1a:a0:c0:a2:aa:ce:46:56:f7:77:24:ed:
         c3:a0:cb:93:b3:67:61:0e:3f:f6:da:91:28:c1:9a:6d:6a:f5:
         4a:c0:db:fd:00:b2:10:f9:d5:6a:d2:68:a7:7d:05:3a:f6:48:
         2a:dd:bd:3d:57:89:2f:41:e9:d1:bf:37:e0:79:f0:ef:77:57:
         72:98:a1:09:27:2d:9d:55:eb:57:38:65:24:50:62:b0:30:08:
         65:be:52:f6:22:7d:3c:c3:59:12:19:f8:68:da:5f:5d:09:fa:
         59:46:2c:c6:b7:60:d1:78:77:aa:5b:71:f8:74:d8:35:0b:77:
         e0:52:5a:ec:7b:ab:35:36:bc:26:8a:c1:7a:fb:67:54:f6:3c:
         58:8e:9f:fb:6f:ad:2d:f5:07:20:01:a9:16:fa:79:bc:c4:c3:
         ae:68:9a:97:4c:52:f4:ee:4e:ff:4e:1f:a6:7f:10:3c:06:de:
         5d:07:e6:81:09:cd:fc:3c:57:62:0c:0e:99:a6:04:44:08:6d:
         a7:12:95:b1:dc:bc:cc:c0:76:f0:68:c9:28:df:cf:01:e5:75:
         6a:b2:08:27:61:e2:6f:7e:a4:02:c9:47:f0:6b:37:d3:76:2e:
         fb:6d:0d:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYawM6lCMV5D/OJkVKDJhDjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MDUxNzAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzAxNGI2YjdhNTI5MDE2NGNlMjg1YzA5MTE2YWNmZjEzOTI5NWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Y+YA0zgGeXClVS7t2xTWdPub5Ei
EPSBwwvWtwttx1KzL3oQq0QKv3fddLIQ+D/yfMbGzzXhbIP2H85gKE4Ig0kkFHN+
KF7F9h67jfqo62owCr3x6hAermnNxJjbjC7jKyoW8xsJFWP7T1P4I9PChrKSaj1l
2JOanqrSUQxWd8zXPoLlMBJVu5QFw3hTpB6/kcSbINKZXxy8vByfb91M+fUtgB0R
a5GkCnF6WJZ2iTa6lr55Uzr+nmX0ZoFp9MD6yii+9TBue6h6khR6fzesh1AV2lxS
BB1Af4Jm5KbiEpfBilQlxJsE3lfRws78N/BDinPw0dgDs1P0qzhcxV0PVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLcBS2t6UpAWTOKFwJEWrP8TkpXhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdHdGTGEzcFNrQlpNNG9YQWtSYXNfeE9TbGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC38z0O+ni6KfqUIIGFH
I+RG1Lg98ICZHhqgwKKqzkZW93ck7cOgy5OzZ2EOP/bakSjBmm1q9UrA2/0AshD5
1WrSaKd9BTr2SCrdvT1XiS9B6dG/N+B58O93V3KYoQknLZ1V61c4ZSRQYrAwCGW+
UvYifTzDWRIZ+GjaX10J+llGLMa3YNF4d6pbcfh02DULd+BSWux7qzU2vCaKwXr7
Z1T2PFiOn/tvrS31ByABqRb6ebzEw65ompdMUvTuTv9OH6Z/EDwG3l0H5oEJzfw8
V2IMDpmmBEQIbacSlbHcvMzAdvBoySjfzwHldWqyCCdh4m9+pALJR/BrN9N2Lvtt
DY4=
-----END CERTIFICATE-----
Generated at Tue Jun 10 20:59:27 2025 by rpki-client