Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/1hRAZxW5c_WrGvWGC4PcVNiTxhk.roa
File:                     1hRAZxW5c_WrGvWGC4PcVNiTxhk.roa (raw, json)
Hash identifier:          DlT1Pk2mBQQSiGdrbBv0lof+kW7BDx/ZIbvjxgchWKQ=
Subject key identifier:   D6:14:40:67:15:B9:73:F5:AB:1A:F5:86:0B:83:DC:54:D8:93:C6:19
Certificate issuer:       /CN=8f3878e6b0f3b10e5f30f44aeb9d4553ed80823c
Certificate serial:       018AACC2768E4D3D82A5E5FCA4E7F8F93B32
Authority key identifier: 8F:38:78:E6:B0:F3:B1:0E:5F:30:F4:4A:EB:9D:45:53:ED:80:82:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzh45rDzsQ5fMPRK651FU-2Agjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/1hRAZxW5c_WrGvWGC4PcVNiTxhk.roa
Signing time:             Tue 19 Sep 2023 09:25:39 +0000
ROA not before:           Tue 19 Sep 2023 09:25:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        176.97.205.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ac:c2:76:8e:4d:3d:82:a5:e5:fc:a4:e7:f8:f9:3b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3878e6b0f3b10e5f30f44aeb9d4553ed80823c
        Validity
            Not Before: Sep 19 09:25:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d614406715b973f5ab1af5860b83dc54d893c619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a6:90:cd:c9:98:73:e6:48:cf:d9:42:51:e9:
                    c8:d7:9f:51:be:87:52:5f:c4:10:08:1b:f8:b3:21:
                    22:34:65:21:84:6b:f1:8b:a3:0c:fe:97:2c:00:85:
                    65:e0:4b:a2:f1:7a:e2:45:a1:2f:b4:3d:1e:80:1c:
                    6f:68:02:ab:84:15:b2:00:c3:4a:35:94:3c:c9:18:
                    1e:5f:75:d5:11:89:51:0a:36:1f:d8:33:20:ad:19:
                    77:a4:b3:a2:16:bb:5d:0f:fb:ce:11:d6:57:62:58:
                    de:3b:9c:82:85:62:84:71:15:6c:9f:f8:ea:f0:11:
                    8c:8f:1a:55:f4:fd:3f:4c:20:3e:14:95:d2:9d:51:
                    6c:cf:5e:bb:54:a4:9a:1f:e4:f8:c8:fc:b7:b4:8a:
                    ec:5d:49:28:ae:a1:4f:59:de:39:f1:53:56:c3:06:
                    0e:88:98:93:57:84:90:66:52:07:da:42:9d:7d:99:
                    36:3c:62:bc:12:40:41:53:3e:a4:c5:0e:71:57:a9:
                    f1:5b:42:c2:da:4b:51:74:23:c9:14:47:a5:76:27:
                    42:bb:b1:f6:68:14:c7:77:ce:29:d5:4c:ab:64:d4:
                    86:3c:c1:56:43:2d:50:c4:8e:69:e1:f7:ba:3d:94:
                    3f:82:f9:c0:dc:cb:ba:29:10:18:a4:83:b2:0c:4c:
                    ef:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:14:40:67:15:B9:73:F5:AB:1A:F5:86:0B:83:DC:54:D8:93:C6:19
            X509v3 Authority Key Identifier:
                keyid:8F:38:78:E6:B0:F3:B1:0E:5F:30:F4:4A:EB:9D:45:53:ED:80:82:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzh45rDzsQ5fMPRK651FU-2Agjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/1hRAZxW5c_WrGvWGC4PcVNiTxhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/jzh45rDzsQ5fMPRK651FU-2Agjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:57:c8:d0:b6:24:09:7b:f5:ef:81:3d:44:56:b5:43:83:87:
         cf:b2:c5:7a:5f:ec:2f:89:ef:57:0f:63:e9:d9:f6:f8:97:3f:
         9c:41:71:14:17:bd:e0:c3:69:31:01:5c:9e:72:bf:28:48:fc:
         b7:2c:00:41:59:c1:fd:1c:79:ab:59:dc:14:fd:9b:de:e0:f6:
         dc:c6:bf:b3:6a:98:6d:89:10:c0:10:95:d1:08:02:c9:23:40:
         b5:55:15:eb:a8:93:b5:84:d8:a5:cb:dd:f8:ff:d8:79:a9:c1:
         15:df:a8:23:b9:35:6f:7c:3e:15:1c:f2:86:81:34:5b:df:00:
         a0:1a:74:5c:5f:13:96:de:07:29:50:57:10:e1:00:56:24:f6:
         d7:64:0a:c5:b3:40:a2:03:5e:0b:1f:24:f0:bd:9f:b4:81:21:
         40:9a:63:23:e3:4d:3c:5d:7a:54:16:da:3f:7b:39:35:7a:83:
         ca:5b:60:38:80:e6:c3:e8:65:eb:df:68:d9:bc:ed:8c:b3:5a:
         87:b0:f5:05:01:9c:a1:e3:55:51:d8:0d:44:75:aa:9c:76:f4:
         3d:d0:77:da:ee:0c:a3:8d:2b:8a:ff:63:7e:cc:b0:f9:a9:52:
         3d:89:af:d5:b6:bc:11:cb:0f:a0:db:d7:c3:dd:20:0a:8c:18:
         ea:f6:ff:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYqswnaOTT2CpeX8pOf4+TsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzg3OGU2YjBmM2IxMGU1ZjMwZjQ0YWViOWQ0NTUzZWQ4
MDgyM2MwHhcNMjMwOTE5MDkyNTM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjE0NDA2NzE1Yjk3M2Y1YWIxYWY1ODYwYjgzZGM1NGQ4OTNjNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaaQzcmYc+ZIz9lCUenI159RvodS
X8QQCBv4syEiNGUhhGvxi6MM/pcsAIVl4Eui8XriRaEvtD0egBxvaAKrhBWyAMNK
NZQ8yRgeX3XVEYlRCjYf2DMgrRl3pLOiFrtdD/vOEdZXYljeO5yChWKEcRVsn/jq
8BGMjxpV9P0/TCA+FJXSnVFsz167VKSaH+T4yPy3tIrsXUkorqFPWd458VNWwwYO
iJiTV4SQZlIH2kKdfZk2PGK8EkBBUz6kxQ5xV6nxW0LC2ktRdCPJFEeldidCu7H2
aBTHd84p1UyrZNSGPMFWQy1QxI5p4fe6PZQ/gvnA3Mu6KRAYpIOyDEzvoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYUQGcVuXP1qxr1hguD3FTYk8YZMB8GA1UdIwQY
MBaAFI84eOaw87EOXzD0SuudRVPtgII8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpoNDVyRHpzUTVmTVBSSzY1MUZVLTJBZ2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iZTQ3YjktYmQ5Zi00MTY1LWE4NzEt
NGFmMGM0YmRiYTZjLzEvMWhSQVp4VzVjX1dyR3ZXR0M0UGNWTmlUeGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iZTQ3YjktYmQ5Zi00MTY1LWE4NzEtNGFmMGM0YmRiYTZj
LzEvanpoNDVyRHpzUTVmTVBSSzY1MUZVLTJBZ2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGHNMA0G
CSqGSIb3DQEBCwUAA4IBAQCHV8jQtiQJe/XvgT1EVrVDg4fPssV6X+wvie9XD2Pp
2fb4lz+cQXEUF73gw2kxAVyecr8oSPy3LABBWcH9HHmrWdwU/Zve4Pbcxr+zapht
iRDAEJXRCALJI0C1VRXrqJO1hNily934/9h5qcEV36gjuTVvfD4VHPKGgTRb3wCg
GnRcXxOW3gcpUFcQ4QBWJPbXZArFs0CiA14LHyTwvZ+0gSFAmmMj4008XXpUFto/
ezk1eoPKW2A4gObD6GXr32jZvO2Ms1qHsPUFAZyh41VR2A1EdaqcdvQ90Hfa7gyj
jSuK/2N+zLD5qVI9ia/VtrwRyw+g29fD3SAKjBjq9v9x
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:47 2024 by rpki-client on console-fra.rpki-client.org