Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/08fd6b-02b4-4e34-97a9-74cff927b033/1/Okvpmly92Fj8TkTUB3kGAJjodOE.roa
File:                     Okvpmly92Fj8TkTUB3kGAJjodOE.roa (raw, json)
Hash identifier:          fNDaoJ6db1nCy2fGzqH4n7uOaUKlYbZY048DApbBN0E=
Subject key identifier:   3A:4B:E9:9A:5C:BD:D8:58:FC:4E:44:D4:07:79:06:00:98:E8:74:E1
Certificate issuer:       /CN=fc9003cbb188b6c79716ee38dcee468ac19d8cab
Certificate serial:       018CC725BB67539561B5518B28BBFD8AB1D3
Authority key identifier: FC:90:03:CB:B1:88:B6:C7:97:16:EE:38:DC:EE:46:8A:C1:9D:8C:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JADy7GItseXFu443O5GisGdjKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/08fd6b-02b4-4e34-97a9-74cff927b033/1/Okvpmly92Fj8TkTUB3kGAJjodOE.roa
Signing time:             Mon 01 Jan 2024 22:29:47 +0000
ROA not before:           Mon 01 Jan 2024 22:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203712
IP address blocks:        185.126.104.0/22 maxlen: 24
                          2a0a:7040::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:bb:67:53:95:61:b5:51:8b:28:bb:fd:8a:b1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc9003cbb188b6c79716ee38dcee468ac19d8cab
        Validity
            Not Before: Jan  1 22:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a4be99a5cbdd858fc4e44d40779060098e874e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:2a:36:65:7c:42:97:21:99:d4:c3:5c:23:
                    65:92:44:44:ed:30:f4:1f:40:f4:b9:2b:c8:2b:27:
                    4f:f1:e9:c1:76:2d:05:f4:b5:03:f1:d4:7e:b6:24:
                    8b:71:d3:38:35:53:eb:ee:9c:be:80:5f:dd:84:cb:
                    7e:1e:ed:a2:89:f2:1c:b4:c2:f0:81:8d:62:20:31:
                    13:6c:28:14:93:62:f4:27:90:e1:3b:6c:4c:1b:be:
                    f5:d5:de:c4:20:c7:f0:43:1e:55:9d:f4:c1:47:1a:
                    24:74:68:ba:cb:88:ec:32:37:2e:c8:70:ed:f2:c6:
                    83:a1:c2:66:f4:5a:f1:1d:d9:84:5d:6f:c4:5a:9d:
                    c9:47:3c:2d:47:1f:e0:48:de:14:10:24:2f:6b:a5:
                    5c:39:92:bb:8c:b6:a3:9e:e0:72:d8:4e:5f:1d:3a:
                    f5:a6:79:0b:10:02:e8:95:a4:fc:d2:e7:42:6e:6d:
                    91:98:00:ab:d1:22:42:32:29:6a:0b:21:b9:66:18:
                    a1:b0:7d:e1:f3:2c:41:b3:0a:59:7f:43:d8:6f:53:
                    0c:8e:2e:de:28:2c:b5:f2:4b:fe:99:58:23:2e:bb:
                    d0:57:6b:3a:c5:fc:20:8c:32:dc:cd:e3:3a:6a:64:
                    6a:97:2c:21:49:20:29:66:2e:ee:f6:dd:9c:ca:85:
                    75:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4B:E9:9A:5C:BD:D8:58:FC:4E:44:D4:07:79:06:00:98:E8:74:E1
            X509v3 Authority Key Identifier:
                keyid:FC:90:03:CB:B1:88:B6:C7:97:16:EE:38:DC:EE:46:8A:C1:9D:8C:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JADy7GItseXFu443O5GisGdjKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/08fd6b-02b4-4e34-97a9-74cff927b033/1/Okvpmly92Fj8TkTUB3kGAJjodOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/08fd6b-02b4-4e34-97a9-74cff927b033/1/_JADy7GItseXFu443O5GisGdjKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.104.0/22
                IPv6:
                  2a0a:7040::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:b2:42:b5:77:b7:9f:cb:f6:8d:fd:1e:7b:d8:81:9b:32:5c:
         15:24:76:0e:10:cb:ac:c0:95:06:4a:fa:83:77:8b:fa:3c:2f:
         de:08:6b:5e:d5:75:8a:c2:83:2c:58:86:f2:c0:c9:a2:b4:73:
         a9:13:ce:b8:19:ae:c1:e9:93:5d:3e:ed:00:af:92:6c:35:48:
         b4:3f:9d:2b:6f:4f:97:67:25:66:37:99:99:00:cc:61:0f:ac:
         f3:80:97:b4:92:41:6a:03:f4:85:39:c7:3d:8e:bf:32:11:75:
         19:a1:82:4c:4c:e9:b9:c7:73:48:4f:9d:d9:08:cc:90:b1:97:
         78:b5:c2:1f:c2:2f:67:e5:f7:33:af:fb:86:1b:a3:54:85:33:
         93:40:f3:d6:02:83:03:95:c4:e4:ae:3c:f0:c1:4c:36:f6:2d:
         94:9a:8e:b1:3b:d2:8d:a7:57:10:81:ff:f1:04:84:b2:04:a1:
         f3:19:48:f4:14:14:f2:2f:bf:c9:f4:61:36:a2:90:bf:8c:f7:
         ee:62:03:f6:90:54:01:46:56:41:e8:49:47:dc:df:d4:92:a4:
         a3:d4:5d:42:14:6d:f4:ff:e7:50:c5:65:52:ad:15:18:c3:4a:
         ae:80:d8:78:e2:d6:44:be:0f:e2:c6:29:ff:b3:3e:72:07:1e:
         fa:3e:a4:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJbtnU5VhtVGLKLv9irHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTAwM2NiYjE4OGI2Yzc5NzE2ZWUzOGRjZWU0NjhhYzE5
ZDhjYWIwHhcNMjQwMTAxMjIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTRiZTk5YTVjYmRkODU4ZmM0ZTQ0ZDQwNzc5MDYwMDk4ZTg3NGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk70qNmV8QpchmdTDXCNlkkRE7TD0
H0D0uSvIKydP8enBdi0F9LUD8dR+tiSLcdM4NVPr7py+gF/dhMt+Hu2iifIctMLw
gY1iIDETbCgUk2L0J5DhO2xMG7711d7EIMfwQx5VnfTBRxokdGi6y4jsMjcuyHDt
8saDocJm9FrxHdmEXW/EWp3JRzwtRx/gSN4UECQva6VcOZK7jLajnuBy2E5fHTr1
pnkLEALolaT80udCbm2RmACr0SJCMilqCyG5ZhihsH3h8yxBswpZf0PYb1MMji7e
KCy18kv+mVgjLrvQV2s6xfwgjDLczeM6amRqlywhSSApZi7u9t2cyoV1jQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDpL6ZpcvdhY/E5E1Ad5BgCY6HThMB8GA1UdIwQY
MBaAFPyQA8uxiLbHlxbuONzuRorBnYyrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pBRHk3R0l0c2VYRnU0NDNPNUdpc0dkaktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wOGZkNmItMDJiNC00ZTM0LTk3YTkt
NzRjZmY5MjdiMDMzLzEvT2t2cG1seTkyRmo4VGtUVUIza0dBSmpvZE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wOGZkNmItMDJiNC00ZTM0LTk3YTktNzRjZmY5MjdiMDMz
LzEvX0pBRHk3R0l0c2VYRnU0NDNPNUdpc0dkaktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX5oMA0E
AgACMAcDBQAqCnBAMA0GCSqGSIb3DQEBCwUAA4IBAQCIskK1d7efy/aN/R572IGb
MlwVJHYOEMuswJUGSvqDd4v6PC/eCGte1XWKwoMsWIbywMmitHOpE864Ga7B6ZNd
Pu0Ar5JsNUi0P50rb0+XZyVmN5mZAMxhD6zzgJe0kkFqA/SFOcc9jr8yEXUZoYJM
TOm5x3NIT53ZCMyQsZd4tcIfwi9n5fczr/uGG6NUhTOTQPPWAoMDlcTkrjzwwUw2
9i2Umo6xO9KNp1cQgf/xBISyBKHzGUj0FBTyL7/J9GE2opC/jPfuYgP2kFQBRlZB
6ElH3N/UkqSj1F1CFG30/+dQxWVSrRUYw0qugNh44tZEvg/ixin/sz5yBx76PqRD
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:08 2024 by rpki-client on console-ams.rpki-client.org