Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/040f2d-cdc1-4e69-ad85-140bec420a5c/1/2CU-bIaLElSyIiBT-mAUT9xh6SY.roa
File:                     2CU-bIaLElSyIiBT-mAUT9xh6SY.roa (raw, json)
Hash identifier:          5w9xS9c865BdBAKh7Kf9KP0so7rnSSBc2iX34xBfFFU=
Subject key identifier:   D8:25:3E:6C:86:8B:12:54:B2:22:20:53:FA:60:14:4F:DC:61:E9:26
Certificate issuer:       /CN=8c8cc75f718810276e0dd62b07ea8e14731621d0
Certificate serial:       015E2FB4
Authority key identifier: 8C:8C:C7:5F:71:88:10:27:6E:0D:D6:2B:07:EA:8E:14:73:16:21:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jIzHX3GIECduDdYrB-qOFHMWIdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/040f2d-cdc1-4e69-ad85-140bec420a5c/1/2CU-bIaLElSyIiBT-mAUT9xh6SY.roa
Signing time:             Sat 01 Jan 2022 00:52:41 +0000
ROA not before:           Sat 01 Jan 2022 00:52:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40996
IP address blocks:        139.28.76.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22949812 (0x15e2fb4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c8cc75f718810276e0dd62b07ea8e14731621d0
        Validity
            Not Before: Jan  1 00:52:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d8253e6c868b1254b2222053fa60144fdc61e926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ca:ed:11:cf:a1:f1:31:a8:f6:45:cb:3e:6d:
                    98:bf:ca:a0:28:bd:fb:db:c4:e2:03:bf:ed:7c:4c:
                    17:9f:8d:7e:a4:19:dc:bd:fe:f7:b3:61:e9:ec:6d:
                    c5:05:70:69:04:d6:90:c8:d3:d7:26:c4:5e:fd:5c:
                    36:41:6e:85:15:a5:a6:de:33:a7:9d:17:7e:17:58:
                    4e:65:9f:97:2f:25:b9:38:c3:74:5a:3f:9a:db:aa:
                    c0:b2:bc:9d:75:61:17:bf:c9:87:ea:5f:de:f1:38:
                    e4:c8:18:94:41:af:f1:6d:c5:37:83:44:69:b4:ce:
                    e2:06:06:7a:57:b8:92:46:ac:f8:91:3d:c1:1f:a4:
                    21:75:04:26:86:6c:89:de:77:bb:37:25:bb:7f:d1:
                    4b:64:47:7e:b2:90:b1:60:e9:15:93:5c:49:42:a2:
                    94:08:3f:57:cf:a5:ac:eb:09:e3:c6:dc:62:c5:68:
                    f0:e4:ca:b7:fb:ae:33:89:54:e5:17:fe:41:d0:5e:
                    26:a3:eb:a6:52:06:0e:a5:45:54:de:fe:ed:f9:85:
                    a3:1d:dc:d8:55:e3:c7:26:a7:ff:5e:e3:c0:d0:25:
                    6b:35:bc:4e:d1:8d:7c:c2:52:ca:23:4d:eb:91:ad:
                    16:58:a1:ea:cd:40:72:de:d5:fe:e9:13:03:52:e3:
                    8f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:25:3E:6C:86:8B:12:54:B2:22:20:53:FA:60:14:4F:DC:61:E9:26
            X509v3 Authority Key Identifier:
                keyid:8C:8C:C7:5F:71:88:10:27:6E:0D:D6:2B:07:EA:8E:14:73:16:21:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jIzHX3GIECduDdYrB-qOFHMWIdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/040f2d-cdc1-4e69-ad85-140bec420a5c/1/2CU-bIaLElSyIiBT-mAUT9xh6SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/040f2d-cdc1-4e69-ad85-140bec420a5c/1/jIzHX3GIECduDdYrB-qOFHMWIdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:26:8f:f6:29:51:7b:76:f3:df:24:52:93:22:6d:2c:c8:e2:
         a4:19:ab:b5:99:1e:a4:e0:44:8f:49:d1:ed:65:62:c2:31:ed:
         69:60:36:82:ec:4d:72:d8:08:ee:69:09:ef:01:c3:4f:64:b2:
         f3:89:2e:03:d7:e7:45:5d:28:84:80:49:fd:b9:6e:d6:fb:bd:
         18:d7:0a:c0:82:76:a1:19:b0:a4:eb:2e:b0:5d:bb:1d:3e:0c:
         1f:d2:e4:53:1a:7f:6c:fc:cf:8e:b0:65:9e:41:3e:09:56:d4:
         b0:c1:81:fa:06:0c:f5:5e:01:33:6e:33:9b:71:99:fe:02:2c:
         6c:a0:d7:65:ac:db:38:bd:d5:57:a3:c2:85:d4:68:70:83:8b:
         c0:3f:38:bb:57:37:78:5a:43:8b:c1:a3:eb:f1:f4:ad:ca:98:
         fe:99:e3:82:b0:1e:5d:85:54:35:e1:f2:33:02:60:14:61:ee:
         b6:a2:28:1f:3a:4e:3c:7e:04:92:0a:6e:1b:88:8b:a0:76:eb:
         9c:fd:79:58:38:83:1f:17:06:88:c9:98:01:11:a2:8f:79:61:
         7e:ea:8a:a9:b2:3d:78:17:fa:b4:ec:bc:1c:ad:85:84:b5:fb:
         6c:68:6a:6f:50:81:ef:79:f7:5c:0f:d4:5d:d0:83:18:75:94:
         a8:bb:d8:ca
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAV4vtDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YzhjYzc1ZjcxODgxMDI3NmUwZGQ2MmIwN2VhOGUxNDczMTYyMWQwMB4XDTIyMDEw
MTAwNTI0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDgyNTNlNmM4Njhi
MTI1NGIyMjIyMDUzZmE2MDE0NGZkYzYxZTkyNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMbK7RHPofExqPZFyz5tmL/KoCi9+9vE4gO/7XxMF5+NfqQZ
3L3+97Nh6extxQVwaQTWkMjT1ybEXv1cNkFuhRWlpt4zp50XfhdYTmWfly8luTjD
dFo/mtuqwLK8nXVhF7/Jh+pf3vE45MgYlEGv8W3FN4NEabTO4gYGele4kkas+JE9
wR+kIXUEJoZsid53uzclu3/RS2RHfrKQsWDpFZNcSUKilAg/V8+lrOsJ48bcYsVo
8OTKt/uuM4lU5Rf+QdBeJqPrplIGDqVFVN7+7fmFox3c2FXjxyan/17jwNAlazW8
TtGNfMJSyiNN65GtFlih6s1Act7V/ukTA1Ljj6sCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTYJT5shosSVLIiIFP6YBRP3GHpJjAfBgNVHSMEGDAWgBSMjMdfcYgQJ24N
1isH6o4UcxYh0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pJekhYM0dJRUNkdURkWXJCLXFPRkhNV0lkQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDcvMDQwZjJkLWNkYzEtNGU2OS1hZDg1LTE0MGJlYzQyMGE1Yy8x
LzJDVS1iSWFMRWxTeUlpQlQtbUFVVDl4aDZTWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcv
MDQwZjJkLWNkYzEtNGU2OS1hZDg1LTE0MGJlYzQyMGE1Yy8xL2pJekhYM0dJRUNk
dURkWXJCLXFPRkhNV0lkQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAoscTDANBgkqhkiG9w0BAQsFAAOC
AQEARyaP9ilRe3bz3yRSkyJtLMjipBmrtZkepOBEj0nR7WViwjHtaWA2guxNctgI
7mkJ7wHDT2Sy84kuA9fnRV0ohIBJ/blu1vu9GNcKwIJ2oRmwpOsusF27HT4MH9Lk
Uxp/bPzPjrBlnkE+CVbUsMGB+gYM9V4BM24zm3GZ/gIsbKDXZazbOL3VV6PChdRo
cIOLwD84u1c3eFpDi8Gj6/H0rcqY/pnjgrAeXYVUNeHyMwJgFGHutqIoHzpOPH4E
kgpuG4iLoHbrnP15WDiDHxcGiMmYARGij3lhfuqKqbI9eBf6tOy8HK2FhLX7bGhq
b1CB73n3XA/UXdCDGHWUqLvYyg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:25 2024 by rpki-client on console-ams.rpki-client.org