Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/a6e89e-bb99-4435-9e50-20c41d2c24db/1/COnUSV3ygzGSbMybxK6VTfedx3w.roa
File:                     COnUSV3ygzGSbMybxK6VTfedx3w.roa (raw, json)
Hash identifier:          FBRtrviC5knj4++flHuYzudjoJ9WxjG0CignKdTU0Z4=
Subject key identifier:   08:E9:D4:49:5D:F2:83:31:92:6C:CC:9B:C4:AE:95:4D:F7:9D:C7:7C
Certificate issuer:       /CN=c96d86d86495dc676b7f13dba7d258a6362acd24
Certificate serial:       0191EAA1
Authority key identifier: C9:6D:86:D8:64:95:DC:67:6B:7F:13:DB:A7:D2:58:A6:36:2A:CD:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yW2G2GSV3GdrfxPbp9JYpjYqzSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/a6e89e-bb99-4435-9e50-20c41d2c24db/1/COnUSV3ygzGSbMybxK6VTfedx3w.roa
Signing time:             Sat 01 Jan 2022 10:01:50 +0000
ROA not before:           Sat 01 Jan 2022 10:01:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212862
IP address blocks:        91.205.220.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 26340001 (0x191eaa1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c96d86d86495dc676b7f13dba7d258a6362acd24
        Validity
            Not Before: Jan  1 10:01:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=08e9d4495df28331926ccc9bc4ae954df79dc77c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:14:58:9b:60:02:5e:d0:16:09:63:97:a3:b4:
                    a1:8d:c3:a8:4d:12:75:36:57:2d:23:a7:d6:9a:83:
                    96:99:1d:bd:e5:b7:17:bf:17:ba:67:08:c1:e8:57:
                    61:00:79:a7:ce:da:ad:13:3c:03:5e:c6:76:ce:52:
                    dd:47:30:47:e0:b7:0e:5d:52:2f:c8:50:14:b1:92:
                    03:8f:05:c5:e4:84:51:14:3f:3c:90:ef:dd:d1:ab:
                    70:de:ad:06:5a:eb:71:bc:c9:d5:df:1c:e1:3e:11:
                    d0:6f:31:21:9a:f3:30:f0:e8:48:94:bf:d5:95:cc:
                    12:8d:85:a6:28:29:97:6f:0e:72:62:3b:a8:7b:98:
                    d5:52:72:18:81:47:5c:2c:ac:a0:27:42:95:2e:b3:
                    88:36:22:86:9a:ee:58:a8:b8:4a:21:a4:74:bc:36:
                    60:50:ca:e5:c4:12:a6:94:cc:3c:66:b3:da:f7:b4:
                    5b:f9:43:37:e0:98:51:ea:24:93:48:08:2d:ab:d9:
                    47:cb:f4:cb:f0:95:d0:8f:f3:86:8d:77:4a:3f:50:
                    cf:7f:7d:57:f7:db:02:c4:7c:28:97:eb:7a:22:81:
                    c6:99:d3:7e:61:16:b1:59:60:ec:79:a7:8a:66:76:
                    49:9e:2f:08:33:00:dd:75:a3:07:f0:66:6d:5c:29:
                    a8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E9:D4:49:5D:F2:83:31:92:6C:CC:9B:C4:AE:95:4D:F7:9D:C7:7C
            X509v3 Authority Key Identifier:
                keyid:C9:6D:86:D8:64:95:DC:67:6B:7F:13:DB:A7:D2:58:A6:36:2A:CD:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yW2G2GSV3GdrfxPbp9JYpjYqzSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a6e89e-bb99-4435-9e50-20c41d2c24db/1/COnUSV3ygzGSbMybxK6VTfedx3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a6e89e-bb99-4435-9e50-20c41d2c24db/1/yW2G2GSV3GdrfxPbp9JYpjYqzSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:45:9d:b2:67:31:4f:d0:a5:f1:66:09:3a:0a:e4:ed:2e:6e:
         77:7c:c1:75:1e:79:38:14:57:11:56:35:02:fc:49:d6:02:61:
         c7:b3:98:91:de:c4:90:0b:35:1d:7d:c1:61:ac:db:01:95:a5:
         2e:22:3b:70:bd:6b:b6:8c:a3:6c:a8:6e:4b:ff:22:f3:fe:84:
         92:31:af:84:a2:73:6f:a8:e7:79:11:00:24:ac:3c:f1:97:9e:
         3f:a7:bc:d6:99:b0:a5:23:a3:65:57:25:bb:e3:bb:f4:ed:88:
         ef:d4:6e:18:fb:24:b5:4a:48:3c:fb:83:03:07:98:0f:c6:d8:
         13:21:4e:69:95:b2:b1:bc:a9:37:5e:f5:f1:fd:2d:d5:d1:2b:
         aa:a8:f0:b3:ea:be:0e:ac:c1:f2:10:46:52:fa:d2:70:3f:15:
         3f:37:2f:e7:c0:bf:80:2b:76:d4:ef:03:92:68:b5:7e:62:c1:
         e8:2f:51:c3:66:af:1c:43:bb:a3:74:84:df:7e:d9:0a:d2:d6:
         83:e8:e2:3d:b5:a1:ae:ce:0d:cb:11:f0:2a:c5:92:1b:e0:c8:
         2f:68:aa:34:d3:11:8f:53:62:e6:32:29:31:3c:8d:f0:0e:46:
         3c:f1:ef:59:32:9b:21:e7:3c:4c:ee:d8:fa:ab:8b:9c:50:34:
         6c:11:46:fe
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAZHqoTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
OTZkODZkODY0OTVkYzY3NmI3ZjEzZGJhN2QyNThhNjM2MmFjZDI0MB4XDTIyMDEw
MTEwMDE1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDhlOWQ0NDk1ZGYy
ODMzMTkyNmNjYzliYzRhZTk1NGRmNzlkYzc3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALIUWJtgAl7QFgljl6O0oY3DqE0SdTZXLSOn1pqDlpkdveW3
F78XumcIwehXYQB5p87arRM8A17Gds5S3UcwR+C3Dl1SL8hQFLGSA48FxeSEURQ/
PJDv3dGrcN6tBlrrcbzJ1d8c4T4R0G8xIZrzMPDoSJS/1ZXMEo2Fpigpl28OcmI7
qHuY1VJyGIFHXCysoCdClS6ziDYihpruWKi4SiGkdLw2YFDK5cQSppTMPGaz2ve0
W/lDN+CYUeokk0gILavZR8v0y/CV0I/zho13Sj9Qz399V/fbAsR8KJfreiKBxpnT
fmEWsVlg7HmnimZ2SZ4vCDMA3XWjB/BmbVwpqD0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQI6dRJXfKDMZJszJvErpVN953HfDAfBgNVHSMEGDAWgBTJbYbYZJXcZ2t/
E9un0limNirNJDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lXMkcyR1NWM0dkcmZ4UGJwOUpZcGpZcXpTUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGIvYTZlODllLWJiOTktNDQzNS05ZTUwLTIwYzQxZDJjMjRkYi8x
L0NPblVTVjN5Z3pHU2JNeWJ4SzZWVGZlZHgzdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGIv
YTZlODllLWJiOTktNDQzNS05ZTUwLTIwYzQxZDJjMjRkYi8xL3lXMkcyR1NWM0dk
cmZ4UGJwOUpZcGpZcXpTUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvN3DANBgkqhkiG9w0BAQsFAAOC
AQEAHkWdsmcxT9Cl8WYJOgrk7S5ud3zBdR55OBRXEVY1AvxJ1gJhx7OYkd7EkAs1
HX3BYazbAZWlLiI7cL1rtoyjbKhuS/8i8/6EkjGvhKJzb6jneREAJKw88ZeeP6e8
1pmwpSOjZVclu+O79O2I79RuGPsktUpIPPuDAweYD8bYEyFOaZWysbypN1718f0t
1dErqqjws+q+DqzB8hBGUvrScD8VPzcv58C/gCt21O8Dkmi1fmLB6C9Rw2avHEO7
o3SE337ZCtLWg+jiPbWhrs4NyxHwKsWSG+DIL2iqNNMRj1Ni5jIpMTyN8A5GPPHv
WTKbIec8TO7Y+quLnFA0bBFG/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:23 2024 by rpki-client on console-ams.rpki-client.org