Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/1d1b8d-c67e-4e9d-b2d4-4fdff4d74c90/1/8NE7u4ytQMKXrbTj_4HDuzKXiSk.roa
File:                     8NE7u4ytQMKXrbTj_4HDuzKXiSk.roa (raw, json)
Hash identifier:          HrKhXFgDPei8q6rnVDnwWSKKrQrWkkG+4EB43L85P1w=
Subject key identifier:   F0:D1:3B:BB:8C:AD:40:C2:97:AD:B4:E3:FF:81:C3:BB:32:97:89:29
Certificate issuer:       /CN=650c592db1fdfc8b4e6a0e7ba7564686373a6b5f
Certificate serial:       0511E2DF
Authority key identifier: 65:0C:59:2D:B1:FD:FC:8B:4E:6A:0E:7B:A7:56:46:86:37:3A:6B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZQxZLbH9_ItOag57p1ZGhjc6a18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/1d1b8d-c67e-4e9d-b2d4-4fdff4d74c90/1/8NE7u4ytQMKXrbTj_4HDuzKXiSk.roa
Signing time:             Sat 01 Jan 2022 15:56:01 +0000
ROA not before:           Sat 01 Jan 2022 15:56:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211445
IP address blocks:        2a0a:d880:101::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 85058271 (0x511e2df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=650c592db1fdfc8b4e6a0e7ba7564686373a6b5f
        Validity
            Not Before: Jan  1 15:56:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f0d13bbb8cad40c297adb4e3ff81c3bb32978929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:90:23:50:f0:29:53:bf:4a:08:c4:43:5d:68:
                    e5:ff:f3:9f:15:f1:75:6e:25:37:5a:9e:ed:04:ec:
                    03:29:0f:2d:15:07:07:e8:76:e5:af:a9:3e:1d:1d:
                    63:fe:c2:b3:28:b4:7f:86:25:1c:26:92:6f:fb:93:
                    6a:24:c9:86:48:8b:3f:ed:ad:a9:bb:a6:9d:0e:7e:
                    1f:df:1d:95:3b:0a:df:96:64:df:4f:b1:16:ca:af:
                    a2:cc:d6:52:4f:1e:2b:06:25:00:d5:92:4f:f7:a9:
                    5f:cf:f2:58:e2:38:07:f9:43:24:33:ee:1f:5f:0c:
                    5a:6e:ce:a2:0e:56:c6:2c:85:11:74:0d:bd:8d:32:
                    7a:99:dc:75:4b:31:62:29:49:34:9e:61:72:13:94:
                    8e:70:66:f3:39:4e:c2:2c:46:61:23:71:aa:86:a9:
                    d1:2d:c8:a8:22:68:f6:0c:93:34:4b:e0:22:58:77:
                    8e:5c:01:a1:3c:50:ba:67:ed:4a:a0:a6:e4:0f:36:
                    3b:3f:cd:38:9b:dd:2e:d1:3a:b7:b7:2c:3d:fb:18:
                    5e:37:8d:6d:22:83:7d:bc:bf:aa:da:b3:c4:c3:c8:
                    de:06:18:14:cc:83:78:4f:7b:d6:17:dc:94:52:23:
                    3d:1d:fd:59:b1:1f:53:ce:a6:c8:6c:2d:91:60:5e:
                    45:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:D1:3B:BB:8C:AD:40:C2:97:AD:B4:E3:FF:81:C3:BB:32:97:89:29
            X509v3 Authority Key Identifier:
                keyid:65:0C:59:2D:B1:FD:FC:8B:4E:6A:0E:7B:A7:56:46:86:37:3A:6B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZQxZLbH9_ItOag57p1ZGhjc6a18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/1d1b8d-c67e-4e9d-b2d4-4fdff4d74c90/1/8NE7u4ytQMKXrbTj_4HDuzKXiSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/1d1b8d-c67e-4e9d-b2d4-4fdff4d74c90/1/ZQxZLbH9_ItOag57p1ZGhjc6a18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d880:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:06:25:de:98:e7:76:99:36:b9:d6:f4:2a:15:af:7a:5e:1c:
         8e:c9:7f:53:2b:e4:63:40:8b:5e:1a:28:cf:7a:ca:31:79:53:
         6e:aa:90:7b:29:9c:bf:a6:e9:4c:92:55:ee:9c:54:4b:07:f6:
         32:76:5d:5b:f2:31:57:1a:0c:0f:3b:da:c0:11:69:1a:0a:97:
         29:80:d4:7e:c9:36:01:bf:cc:09:bc:16:bc:16:f7:77:25:40:
         5d:9d:46:bd:93:b1:a2:65:fa:f1:92:75:ce:6d:ac:b4:87:fe:
         2d:67:9f:04:6c:89:90:e2:90:83:7d:de:f3:b4:3b:75:2c:f5:
         8d:6b:38:d2:10:4b:9b:21:39:26:26:46:07:83:a4:7a:c7:10:
         e9:ae:4d:48:1a:7f:d8:2b:bc:66:b4:3f:85:c4:e8:8d:9e:9b:
         c9:3e:f2:7b:4a:ea:0b:5a:39:11:ce:82:a4:ba:fc:e9:8e:5c:
         7d:51:b2:75:2a:15:6c:3b:3f:6a:75:61:98:29:12:4a:8f:20:
         06:23:d9:98:fb:ba:79:f7:c0:74:a1:73:96:3d:7f:10:6d:b5:
         02:cc:47:4a:3c:77:db:40:86:7e:21:7e:09:b5:49:cf:98:bb:
         d4:e9:0c:76:b9:f2:b1:5c:21:f3:70:3e:a6:e5:79:ba:14:0f:
         9d:70:d2:e5
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBRHi3zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NTBjNTkyZGIxZmRmYzhiNGU2YTBlN2JhNzU2NDY4NjM3M2E2YjVmMB4XDTIyMDEw
MTE1NTYwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjBkMTNiYmI4Y2Fk
NDBjMjk3YWRiNGUzZmY4MWMzYmIzMjk3ODkyOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANuQI1DwKVO/SgjEQ11o5f/znxXxdW4lN1qe7QTsAykPLRUH
B+h25a+pPh0dY/7Csyi0f4YlHCaSb/uTaiTJhkiLP+2tqbumnQ5+H98dlTsK35Zk
30+xFsqvoszWUk8eKwYlANWST/epX8/yWOI4B/lDJDPuH18MWm7Oog5WxiyFEXQN
vY0yepncdUsxYilJNJ5hchOUjnBm8zlOwixGYSNxqoap0S3IqCJo9gyTNEvgIlh3
jlwBoTxQumftSqCm5A82Oz/NOJvdLtE6t7csPfsYXjeNbSKDfby/qtqzxMPI3gYY
FMyDeE971hfclFIjPR39WbEfU86myGwtkWBeRRMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTw0Tu7jK1AwpettOP/gcO7MpeJKTAfBgNVHSMEGDAWgBRlDFktsf38i05q
DnunVkaGNzprXzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1pReFpMYkg5X0l0T2FnNTdwMVpHaGpjNmExOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDYvMWQxYjhkLWM2N2UtNGU5ZC1iMmQ0LTRmZGZmNGQ3NGM5MC8x
LzhORTd1NHl0UU1LWHJiVGpfNEhEdXpLWGlTay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYv
MWQxYjhkLWM2N2UtNGU5ZC1iMmQ0LTRmZGZmNGQ3NGM5MC8xL1pReFpMYkg5X0l0
T2FnNTdwMVpHaGpjNmExOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoK2IABATANBgkqhkiG9w0BAQsF
AAOCAQEAbQYl3pjndpk2udb0KhWvel4cjsl/UyvkY0CLXhooz3rKMXlTbqqQeymc
v6bpTJJV7pxUSwf2MnZdW/IxVxoMDzvawBFpGgqXKYDUfsk2Ab/MCbwWvBb3dyVA
XZ1GvZOxomX68ZJ1zm2stIf+LWefBGyJkOKQg33e87Q7dSz1jWs40hBLmyE5JiZG
B4OkescQ6a5NSBp/2Cu8ZrQ/hcTojZ6byT7ye0rqC1o5Ec6CpLr86Y5cfVGydSoV
bDs/anVhmCkSSo8gBiPZmPu6effAdKFzlj1/EG21AsxHSjx320CGfiF+CbVJz5i7
1OkMdrnysVwh83A+puV5uhQPnXDS5Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:17 2024 by rpki-client on console-ams.rpki-client.org