Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/ovsCA/7PmtHk5AXZQaSoO311REIUpbzgA.roa
File:                     7PmtHk5AXZQaSoO311REIUpbzgA.roa (raw, json)
Hash identifier:          2ggMDdUy0cYTlv3Z7TYAUi/1xnOK5hUoGtvzOrAoTMs=
Subject key identifier:   EC:F9:AD:1E:4E:40:5D:94:1A:4A:83:B7:D7:54:44:21:4A:5B:CE:00
Certificate issuer:       /CN=58C7F79267AF74BA7D2FCC2562652C35B5E13EB1
Certificate serial:       473B
Authority key identifier: 58:C7:F7:92:67:AF:74:BA:7D:2F:CC:25:62:65:2C:35:B5:E1:3E:B1
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/WMf3kmevdLp9L8wlYmUsNbXhPrE.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/ovsCA/7PmtHk5AXZQaSoO311REIUpbzgA.roa
Signing time:             Sat 30 Apr 2022 00:30:10 +0000
ROA not before:           Sat 30 Apr 2022 00:30:10 +0000
ROA not after:            Sat 01 Apr 2023 22:21:14 +0000
asID:                     51224
IP address blocks:        147.28.3.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 18235 (0x473b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58C7F79267AF74BA7D2FCC2562652C35B5E13EB1
        Validity
            Not Before: Apr 30 00:30:10 2022 GMT
            Not After : Apr  1 22:21:14 2023 GMT
        Subject: CN=ECF9AD1E4E405D941A4A83B7D75444214A5BCE00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:8f:59:9e:81:5a:9d:d7:a7:e6:f9:98:ad:
                    57:1e:5f:57:90:7a:6f:2f:18:e9:66:a1:7c:62:18:
                    f1:71:84:a2:61:e4:8a:56:e9:4b:85:21:e7:a2:8f:
                    b3:4e:b2:63:5c:1d:c6:26:e4:e2:92:39:b2:74:dc:
                    51:07:1d:60:d4:59:84:7b:50:66:c1:73:9e:27:16:
                    86:3b:80:60:a6:db:da:3f:96:bf:d5:07:76:2a:0d:
                    d3:cf:d7:3a:f8:e3:17:c4:58:e6:cd:04:a2:d9:d2:
                    85:99:88:4d:73:ab:9f:7f:17:8f:12:2a:2a:05:48:
                    55:be:67:dd:49:41:e9:1a:af:ab:b0:fa:15:e4:eb:
                    6e:91:4b:0c:91:81:30:98:07:3c:aa:94:f9:a5:30:
                    83:50:4d:5a:1e:0a:6f:43:0d:b6:3a:51:05:3b:10:
                    6d:fb:01:c9:6e:ff:dc:cf:39:91:53:fb:d5:e4:9d:
                    f0:1c:60:91:f5:e3:43:55:3c:14:ba:ab:ce:03:21:
                    31:ae:cd:a7:5b:e6:72:e8:5b:af:b9:6f:ab:2b:ae:
                    97:bb:17:ee:94:e7:cd:7f:1d:8e:0a:6e:ab:ed:1e:
                    ee:73:97:5b:49:54:3d:83:77:27:e0:a5:99:66:0e:
                    72:e8:01:01:6d:60:70:9e:8f:c4:68:b5:64:60:dd:
                    1f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F9:AD:1E:4E:40:5D:94:1A:4A:83:B7:D7:54:44:21:4A:5B:CE:00
            X509v3 Authority Key Identifier:
                keyid:58:C7:F7:92:67:AF:74:BA:7D:2F:CC:25:62:65:2C:35:B5:E1:3E:B1

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/ovsCA/WMf3kmevdLp9L8wlYmUsNbXhPrE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/WMf3kmevdLp9L8wlYmUsNbXhPrE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/ovsCA/7PmtHk5AXZQaSoO311REIUpbzgA.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:16:8f:ee:a9:1d:d0:63:fc:46:0c:f2:10:bc:3d:c9:59:d5:
         6e:7d:4e:a4:dd:be:14:bc:8c:67:68:4d:4a:cb:8a:49:0f:98:
         b5:6f:17:dc:42:0c:50:95:c3:0f:40:75:35:23:20:d7:3f:31:
         34:b7:b4:94:6e:6d:15:e3:67:be:36:0e:8b:86:90:31:07:88:
         3e:28:e7:fe:19:81:d7:c5:d2:36:c5:15:1c:78:dd:d0:6a:8f:
         8c:2a:f4:52:7f:85:b2:3f:00:05:4b:42:af:cb:dc:4a:9c:ef:
         0a:63:c0:22:30:1c:9f:e7:a2:29:cc:6d:bf:70:b4:19:ea:91:
         58:c5:14:be:62:67:47:86:35:09:c3:cb:11:a3:1d:16:42:e9:
         cb:ee:ed:5d:57:23:6f:48:d8:2f:1b:6b:c2:96:f0:89:c1:8e:
         ad:37:37:26:5a:70:72:a0:bf:a1:07:1b:a1:5f:f9:31:8c:0e:
         3b:da:23:0d:f7:88:bb:25:19:10:d2:a2:36:99:67:e8:34:73:
         93:0f:ea:37:59:5f:30:26:5b:76:eb:97:9e:70:fd:0d:fd:8a:
         33:dc:f3:44:4e:83:52:69:a1:bc:a9:bc:a7:9b:ff:ec:58:2f:
         82:3e:5a:d3:7e:11:18:21:65:fa:38:14:51:e2:c9:80:59:65:
         e0:f9:79:7d
-----BEGIN CERTIFICATE-----
MIIEvTCCA6WgAwIBAgICRzswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNThD
N0Y3OTI2N0FGNzRCQTdEMkZDQzI1NjI2NTJDMzVCNUUxM0VCMTAeFw0yMjA0MzAw
MDMwMTBaFw0yMzA0MDEyMjIxMTRaMDMxMTAvBgNVBAMTKEVDRjlBRDFFNEU0MDVE
OTQxQTRBODNCN0Q3NTQ0NDIxNEE1QkNFMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+fo9ZnoFanden5vmYrVceX1eQem8vGOlmoXxiGPFxhKJh5IpW
6UuFIeeij7NOsmNcHcYm5OKSObJ03FEHHWDUWYR7UGbBc54nFoY7gGCm29o/lr/V
B3YqDdPP1zr44xfEWObNBKLZ0oWZiE1zq59/F48SKioFSFW+Z91JQekar6uw+hXk
626RSwyRgTCYBzyqlPmlMINQTVoeCm9DDbY6UQU7EG37Aclu/9zPOZFT+9XknfAc
YJH140NVPBS6q84DITGuzadb5nLoW6+5b6srrpe7F+6U581/HY4KbqvtHu5zl1tJ
VD2DdyfgpZlmDnLoAQFtYHCej8RotWRg3R+5AgMBAAGjggHZMIIB1TAdBgNVHQ4E
FgQU7PmtHk5AXZQaSoO311REIUpbzgAwHwYDVR0jBBgwFoAUWMf3kmevdLp9L8wl
YmUsNbXhPrEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBWBgNVHR8ETzBNMEug
SaBHhkVyc3luYzovL2NhLnJnLm5ldC9ycGtpL1JHbmV0LU9VL292c0NBL1dNZjNr
bWV2ZExwOUw4d2xZbVVzTmJYaFByRS5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsG
AQUFBzAChj9yc3luYzovL2NhLnJnLm5ldC9ycGtpL1JHbmV0LU9VL1dNZjNrbWV2
ZExwOUw4d2xZbVVzTmJYaFByRS5jZXIwDgYDVR0PAQH/BAQDAgeAMIGSBggrBgEF
BQcBCwSBhTCBgjBRBggrBgEFBQcwC4ZFcnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9S
R25ldC1PVS9vdnNDQS83UG10SGs1QVhaUWFTb08zMTFSRUlVcGJ6Z0Eucm9hMC0G
CCsGAQUFBzANhiFodHRwczovL2NhLnJnLm5ldC9ycmRwL25vdGlmeS54bWwwHwYI
KwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTHAMwDQYJKoZIhvcNAQELBQADggEB
ACIWj+6pHdBj/EYM8hC8PclZ1W59TqTdvhS8jGdoTUrLikkPmLVvF9xCDFCVww9A
dTUjINc/MTS3tJRubRXjZ742DouGkDEHiD4o5/4ZgdfF0jbFFRx43dBqj4wq9FJ/
hbI/AAVLQq/L3Eqc7wpjwCIwHJ/noinMbb9wtBnqkVjFFL5iZ0eGNQnDyxGjHRZC
6cvu7V1XI29I2C8ba8KW8InBjq03NyZacHKgv6EHG6Ff+TGMDjvaIw33iLslGRDS
ojaZZ+g0c5MP6jdZXzAmW3brl55w/Q39ijPc80ROg1JpobypvKeb/+xYL4I+WtN+
ERghZfo4FFHiyYBZZeD5eX0=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:50 2023 by rpki-client on console-ams.rpki-client.org