Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/331659-30ca-4a88-a26c-440848c0cf71/1/H2AfVnr6uwoqJXYVjkXyFmzqPgE.roa
File:                     H2AfVnr6uwoqJXYVjkXyFmzqPgE.roa (raw, json)
Hash identifier:          7j1qxLEIMeM3pX2Uf2cCFcehAfRksMYW/E1aARHD2f0=
Subject key identifier:   1F:60:1F:56:7A:FA:BB:0A:2A:25:76:15:8E:45:F2:16:6C:EA:3E:01
Certificate issuer:       /CN=81724e7b0cb233ae7e7f2eb3766959fc6827fb1b
Certificate serial:       1521BF8F
Authority key identifier: 81:72:4E:7B:0C:B2:33:AE:7E:7F:2E:B3:76:69:59:FC:68:27:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gXJOewyyM65-fy6zdmlZ_Ggn-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/331659-30ca-4a88-a26c-440848c0cf71/1/H2AfVnr6uwoqJXYVjkXyFmzqPgE.roa
Signing time:             Wed 16 Mar 2022 17:08:40 +0000
ROA not before:           Wed 16 Mar 2022 17:08:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     396982
IP address blocks:        185.14.172.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 354533263 (0x1521bf8f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81724e7b0cb233ae7e7f2eb3766959fc6827fb1b
        Validity
            Not Before: Mar 16 17:08:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f601f567afabb0a2a2576158e45f2166cea3e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:69:ae:d1:f6:86:24:2e:39:ba:a7:1c:01:a9:
                    ae:a5:d4:85:5c:82:5f:f9:91:17:5c:6f:a1:ae:76:
                    28:8a:44:2b:5d:6c:cb:ef:83:20:cb:c5:8e:f1:32:
                    a9:00:42:ea:96:1d:a0:22:36:1b:4e:30:12:2b:f1:
                    0a:a0:ad:33:84:71:17:a2:3a:8c:32:e1:d5:72:21:
                    fa:1d:ce:b7:ba:69:90:c1:0b:43:bc:68:64:af:1b:
                    3b:f5:63:b6:45:21:f3:81:3f:c7:fd:e4:d5:87:2e:
                    d0:e9:ea:27:ab:92:19:94:28:a3:67:b3:7e:4c:76:
                    ab:33:a9:16:9d:59:b7:9f:43:04:13:95:95:ab:0c:
                    ad:26:a1:1e:da:fd:ca:03:05:60:ce:1a:6d:47:7b:
                    12:3e:43:78:03:8d:42:21:39:82:0a:ac:cc:07:99:
                    9a:e4:d8:92:91:c9:17:35:e7:08:f9:f4:55:74:7e:
                    5b:13:29:21:df:02:28:57:66:be:0c:db:82:f3:70:
                    01:ad:12:10:6b:da:03:c2:d7:54:6d:90:86:e2:f1:
                    32:ff:9f:1f:aa:5d:58:84:bd:e2:b2:94:a1:50:4e:
                    43:70:8b:e1:96:15:11:20:9c:46:e3:db:8c:c8:fa:
                    cd:9e:41:7c:26:17:6a:de:15:71:01:92:93:99:5a:
                    ae:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:60:1F:56:7A:FA:BB:0A:2A:25:76:15:8E:45:F2:16:6C:EA:3E:01
            X509v3 Authority Key Identifier:
                keyid:81:72:4E:7B:0C:B2:33:AE:7E:7F:2E:B3:76:69:59:FC:68:27:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gXJOewyyM65-fy6zdmlZ_Ggn-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/331659-30ca-4a88-a26c-440848c0cf71/1/H2AfVnr6uwoqJXYVjkXyFmzqPgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/331659-30ca-4a88-a26c-440848c0cf71/1/gXJOewyyM65-fy6zdmlZ_Ggn-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:32:5e:f1:d2:65:b3:27:65:e6:f2:1a:09:ac:1a:99:2a:a7:
         77:31:d6:6b:bb:29:a2:4e:05:54:4b:e5:bd:b0:2a:29:9a:52:
         f0:de:01:18:ba:ad:4f:e4:b5:95:f2:d0:f9:a9:2a:7c:73:95:
         52:21:d3:26:e8:dd:64:07:5a:ca:0e:c2:f3:cc:2b:d3:72:3f:
         f2:d3:21:7b:d5:ad:ed:b5:b8:c8:ca:47:ce:6f:78:e2:2c:20:
         07:df:d7:3d:e9:8b:c3:21:46:e7:b5:61:48:90:3c:4a:07:bd:
         dd:ac:0d:6e:1c:de:65:cb:80:1f:fc:38:40:94:94:12:54:5f:
         16:b5:6b:3e:52:17:c0:83:5c:1e:5f:a3:b3:2b:c0:02:1b:f1:
         90:23:0e:b2:3a:2f:92:e7:01:62:3e:e8:e8:fa:21:4d:bc:34:
         8f:26:ba:83:bc:d6:34:14:a8:a2:42:6b:0b:c4:24:e0:64:6a:
         d2:db:2e:14:0d:d6:98:1c:6b:cd:f6:f8:b1:5f:5e:ee:13:d1:
         99:ed:59:a9:c6:ec:fe:bf:b5:78:09:9c:1d:61:1f:6f:3a:df:
         2d:bf:80:4f:09:fa:a1:e6:6d:e4:15:70:79:32:1e:8d:24:9f:
         07:57:e4:ed:ca:91:98:15:84:96:96:49:3d:51:91:64:47:4e:
         11:93:83:95
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEFSG/jzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MTcyNGU3YjBjYjIzM2FlN2U3ZjJlYjM3NjY5NTlmYzY4MjdmYjFiMB4XDTIyMDMx
NjE3MDg0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWY2MDFmNTY3YWZh
YmIwYTJhMjU3NjE1OGU0NWYyMTY2Y2VhM2UwMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMhprtH2hiQuObqnHAGprqXUhVyCX/mRF1xvoa52KIpEK11s
y++DIMvFjvEyqQBC6pYdoCI2G04wEivxCqCtM4RxF6I6jDLh1XIh+h3Ot7ppkMEL
Q7xoZK8bO/VjtkUh84E/x/3k1Ycu0OnqJ6uSGZQoo2ezfkx2qzOpFp1Zt59DBBOV
lasMrSahHtr9ygMFYM4abUd7Ej5DeAONQiE5ggqszAeZmuTYkpHJFzXnCPn0VXR+
WxMpId8CKFdmvgzbgvNwAa0SEGvaA8LXVG2QhuLxMv+fH6pdWIS94rKUoVBOQ3CL
4ZYVESCcRuPbjMj6zZ5BfCYXat4VcQGSk5larskCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQfYB9Wevq7CioldhWORfIWbOo+ATAfBgNVHSMEGDAWgBSBck57DLIzrn5/
LrN2aVn8aCf7GzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dYSk9ld3l5TTY1LWZ5NnpkbWxaX0dnbi14cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDcvMzMxNjU5LTMwY2EtNGE4OC1hMjZjLTQ0MDg0OGMwY2Y3MS8x
L0gyQWZWbnI2dXdvcUpYWVZqa1h5Rm16cVBnRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcv
MzMxNjU5LTMwY2EtNGE4OC1hMjZjLTQ0MDg0OGMwY2Y3MS8xL2dYSk9ld3l5TTY1
LWZ5NnpkbWxaX0dnbi14cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkOrDANBgkqhkiG9w0BAQsFAAOC
AQEACjJe8dJlsydl5vIaCawamSqndzHWa7spok4FVEvlvbAqKZpS8N4BGLqtT+S1
lfLQ+akqfHOVUiHTJujdZAdayg7C88wr03I/8tMhe9Wt7bW4yMpHzm944iwgB9/X
PemLwyFG57VhSJA8Sge93awNbhzeZcuAH/w4QJSUElRfFrVrPlIXwINcHl+jsyvA
AhvxkCMOsjovkucBYj7o6PohTbw0jya6g7zWNBSookJrC8Qk4GRq0tsuFA3WmBxr
zfb4sV9e7hPRme1Zqcbs/r+1eAmcHWEfbzrfLb+ATwn6oeZt5BVweTIejSSfB1fk
7cqRmBWElpZJPVGRZEdOEZODlQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:26 2024 by rpki-client on console-ams.rpki-client.org