Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/znb9ifGTbjPXk1eEvaPj_D2R1J0.roa
File:                     znb9ifGTbjPXk1eEvaPj_D2R1J0.roa (raw, json)
Hash identifier:          dwH0GXR+Vd+W/hcOZNPqc5OKDpIbN1gOfk/K5uKk6cs=
Subject key identifier:   CE:76:FD:89:F1:93:6E:33:D7:93:57:84:BD:A3:E3:FC:3D:91:D4:9D
Certificate issuer:       /CN=8f3878e6b0f3b10e5f30f44aeb9d4553ed80823c
Certificate serial:       018AB945D9747CBACA72F3B2FED0D233CD5D
Authority key identifier: 8F:38:78:E6:B0:F3:B1:0E:5F:30:F4:4A:EB:9D:45:53:ED:80:82:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzh45rDzsQ5fMPRK651FU-2Agjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/znb9ifGTbjPXk1eEvaPj_D2R1J0.roa
Signing time:             Thu 21 Sep 2023 19:44:37 +0000
ROA not before:           Thu 21 Sep 2023 19:44:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212238
IP address blocks:        176.97.205.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b9:45:d9:74:7c:ba:ca:72:f3:b2:fe:d0:d2:33:cd:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3878e6b0f3b10e5f30f44aeb9d4553ed80823c
        Validity
            Not Before: Sep 21 19:44:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce76fd89f1936e33d7935784bda3e3fc3d91d49d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:85:8b:d2:e3:e6:60:98:1d:e0:2b:c3:7a:10:
                    78:fd:7a:2b:b4:f7:eb:9b:0c:89:76:77:01:5c:d1:
                    b5:d3:9e:5b:ca:b9:33:91:ca:19:33:94:c2:b5:80:
                    31:69:94:fd:96:eb:5f:ac:fb:fc:4f:db:09:7d:48:
                    1a:8b:d8:e2:f4:eb:a0:2b:13:ed:0b:1f:cf:f3:00:
                    df:b5:b9:55:89:ea:99:30:d4:5f:50:6c:30:12:8e:
                    96:25:8f:24:28:13:8f:b5:5a:15:56:2d:13:cc:bf:
                    20:8d:85:d7:1c:5d:2d:84:d0:3c:57:78:14:a6:8a:
                    50:1a:59:2e:c6:32:0f:55:46:33:f9:13:42:3f:a9:
                    36:b8:92:2e:79:5c:e5:9c:35:df:95:a9:04:3e:9e:
                    db:02:6c:95:b4:d6:8b:de:61:3f:24:3f:b2:bc:77:
                    8b:30:d4:cc:20:08:bf:28:18:65:39:7b:c7:c4:16:
                    5a:9e:d5:0b:e9:63:59:47:7e:cd:be:39:89:64:4d:
                    2c:9d:bf:49:9f:38:9f:f7:af:7d:85:59:7d:57:7d:
                    1b:3e:32:70:fd:2c:eb:0b:da:50:fd:b4:39:c9:98:
                    4c:f2:13:c5:1f:13:bb:ef:2c:9f:3a:e9:52:b7:9d:
                    99:38:59:d4:00:01:85:13:40:dc:92:ce:23:13:37:
                    75:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:76:FD:89:F1:93:6E:33:D7:93:57:84:BD:A3:E3:FC:3D:91:D4:9D
            X509v3 Authority Key Identifier:
                keyid:8F:38:78:E6:B0:F3:B1:0E:5F:30:F4:4A:EB:9D:45:53:ED:80:82:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzh45rDzsQ5fMPRK651FU-2Agjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/znb9ifGTbjPXk1eEvaPj_D2R1J0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/jzh45rDzsQ5fMPRK651FU-2Agjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:a5:99:90:1d:75:5b:b4:50:3a:be:60:3e:45:11:60:75:cc:
         5e:8c:4e:a6:b4:d7:c8:c0:9c:ba:87:90:c8:ac:c0:51:2b:9c:
         36:55:5c:92:27:94:00:20:86:8a:49:c3:49:75:22:11:94:3f:
         0d:bb:c0:11:1a:e7:6f:8b:d6:12:f0:8c:de:25:68:d7:ed:d8:
         23:09:d0:98:46:53:c0:08:b7:ac:ab:d4:fc:aa:ca:d5:52:f0:
         ed:99:9e:c5:18:50:69:9e:e1:e7:0e:41:c5:5b:b0:9d:60:d8:
         82:c8:03:16:76:48:f9:11:42:5f:dd:15:74:50:55:c6:8c:88:
         d6:b6:1c:21:0f:25:ff:b6:94:24:51:b9:23:4d:7d:f0:bc:06:
         91:80:56:71:65:de:d3:4a:01:03:b9:cb:12:48:ff:cb:dd:75:
         b8:d8:5e:f3:c5:6e:02:6c:41:c8:ee:d1:e4:35:4f:7f:4e:33:
         b8:4f:64:86:db:55:1c:1a:a7:ca:e6:75:04:fb:2b:b1:78:8f:
         fc:b9:b0:75:5d:4f:8c:ed:52:e4:cb:05:d9:dc:6b:db:d7:75:
         c1:8e:7d:2d:f7:29:88:8e:38:51:6e:6d:80:30:74:17:1b:47:
         b8:dc:c8:2c:0f:3e:9f:d2:3a:4b:ca:45:1d:b9:ad:f1:81:46:
         61:32:e2:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYq5Rdl0fLrKcvOy/tDSM81dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzg3OGU2YjBmM2IxMGU1ZjMwZjQ0YWViOWQ0NTUzZWQ4
MDgyM2MwHhcNMjMwOTIxMTk0NDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc2ZmQ4OWYxOTM2ZTMzZDc5MzU3ODRiZGEzZTNmYzNkOTFkNDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IWL0uPmYJgd4CvDehB4/XortPfr
mwyJdncBXNG1055byrkzkcoZM5TCtYAxaZT9lutfrPv8T9sJfUgai9ji9OugKxPt
Cx/P8wDftblVieqZMNRfUGwwEo6WJY8kKBOPtVoVVi0TzL8gjYXXHF0thNA8V3gU
popQGlkuxjIPVUYz+RNCP6k2uJIueVzlnDXflakEPp7bAmyVtNaL3mE/JD+yvHeL
MNTMIAi/KBhlOXvHxBZantUL6WNZR37NvjmJZE0snb9Jnzif9699hVl9V30bPjJw
/SzrC9pQ/bQ5yZhM8hPFHxO77yyfOulSt52ZOFnUAAGFE0Dcks4jEzd1xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM52/Ynxk24z15NXhL2j4/w9kdSdMB8GA1UdIwQY
MBaAFI84eOaw87EOXzD0SuudRVPtgII8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpoNDVyRHpzUTVmTVBSSzY1MUZVLTJBZ2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iZTQ3YjktYmQ5Zi00MTY1LWE4NzEt
NGFmMGM0YmRiYTZjLzEvem5iOWlmR1RialBYazFlRXZhUGpfRDJSMUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iZTQ3YjktYmQ5Zi00MTY1LWE4NzEtNGFmMGM0YmRiYTZj
LzEvanpoNDVyRHpzUTVmTVBSSzY1MUZVLTJBZ2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGHNMA0G
CSqGSIb3DQEBCwUAA4IBAQAZpZmQHXVbtFA6vmA+RRFgdcxejE6mtNfIwJy6h5DI
rMBRK5w2VVySJ5QAIIaKScNJdSIRlD8Nu8ARGudvi9YS8IzeJWjX7dgjCdCYRlPA
CLesq9T8qsrVUvDtmZ7FGFBpnuHnDkHFW7CdYNiCyAMWdkj5EUJf3RV0UFXGjIjW
thwhDyX/tpQkUbkjTX3wvAaRgFZxZd7TSgEDucsSSP/L3XW42F7zxW4CbEHI7tHk
NU9/TjO4T2SG21UcGqfK5nUE+yuxeI/8ubB1XU+M7VLkywXZ3Gvb13XBjn0t9ymI
jjhRbm2AMHQXG0e43MgsDz6f0jpLykUdua3xgUZhMuKO
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:13 2024 by rpki-client on console-ams.rpki-client.org