Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/I0x7D6lERbVDC9CZa4y1z7rfK14.roa
File:                     I0x7D6lERbVDC9CZa4y1z7rfK14.roa (raw, json)
Hash identifier:          N1Ai5hM2WqJ5BxOJbalUFe67S5vu1PXstLON6rKT8OE=
Subject key identifier:   23:4C:7B:0F:A9:44:45:B5:43:0B:D0:99:6B:8C:B5:CF:BA:DF:2B:5E
Certificate issuer:       /CN=009421965995af1d65e8e9a98a21dc2681d989f1
Certificate serial:       01856BEEC1DBEBFC9DFE13EF67412F1B1B75
Authority key identifier: 00:94:21:96:59:95:AF:1D:65:E8:E9:A9:8A:21:DC:26:81:D9:89:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJQhllmVrx1l6OmpiiHcJoHZifE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/I0x7D6lERbVDC9CZa4y1z7rfK14.roa
Signing time:             Sun 01 Jan 2023 06:04:47 +0000
ROA not before:           Sun 01 Jan 2023 06:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208485
IP address blocks:        146.19.74.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ee:c1:db:eb:fc:9d:fe:13:ef:67:41:2f:1b:1b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=009421965995af1d65e8e9a98a21dc2681d989f1
        Validity
            Not Before: Jan  1 06:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=234c7b0fa94445b5430bd0996b8cb5cfbadf2b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ff:e1:00:cb:dc:96:3f:45:15:b7:d6:5b:70:
                    d8:af:81:5a:60:21:12:29:2f:67:3b:11:11:b4:c8:
                    28:a3:df:c4:e0:b0:1b:55:a0:b4:53:31:05:cf:53:
                    01:00:1a:08:98:9a:77:d2:b3:09:38:0f:db:43:a6:
                    16:56:6b:55:cf:ef:16:42:7e:d1:3a:00:09:d6:bc:
                    c6:67:b8:8a:5a:63:3c:ee:cf:e3:e6:02:50:4d:63:
                    5e:4f:44:ad:a2:2a:b8:06:b9:69:10:48:79:e1:f0:
                    a3:ba:f1:2b:a9:89:d3:b3:a1:fb:f0:a5:91:f4:7e:
                    e4:51:6d:e4:c1:c5:bb:d5:cd:8f:53:18:60:ac:a0:
                    62:ab:1c:21:fd:bb:81:90:d0:fa:3f:d9:b4:5d:fd:
                    44:32:ba:2f:ae:9c:e8:aa:5e:73:03:d1:ae:ef:4a:
                    62:c8:76:0a:4a:ee:97:0f:75:82:a0:b2:d4:58:6d:
                    ef:b1:9b:ec:97:2d:e1:d1:39:6c:84:c8:44:59:75:
                    6e:09:16:3f:04:4d:1c:d3:d6:71:25:43:31:c7:c9:
                    83:3a:2f:55:cc:c1:54:66:1e:ed:42:01:a1:7e:0a:
                    36:0f:ac:5c:a8:f4:bd:04:03:83:1a:04:8b:0e:d2:
                    d0:e6:74:1b:8b:e7:99:09:0c:b0:bf:a5:98:25:08:
                    65:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4C:7B:0F:A9:44:45:B5:43:0B:D0:99:6B:8C:B5:CF:BA:DF:2B:5E
            X509v3 Authority Key Identifier:
                keyid:00:94:21:96:59:95:AF:1D:65:E8:E9:A9:8A:21:DC:26:81:D9:89:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJQhllmVrx1l6OmpiiHcJoHZifE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/I0x7D6lERbVDC9CZa4y1z7rfK14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/AJQhllmVrx1l6OmpiiHcJoHZifE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:5c:1d:e4:33:42:ec:b3:27:f8:c0:d4:84:c2:f6:d3:14:7e:
         46:b9:f1:ff:f6:6d:a9:c0:a4:96:4e:49:02:28:07:4d:c7:46:
         00:89:d7:13:87:69:ab:7e:1a:e6:9d:8e:17:88:5b:36:3d:3c:
         c3:ec:ad:e0:3c:31:b7:06:af:7f:58:18:1a:da:43:17:55:38:
         91:44:bd:43:cc:fd:5d:cd:f0:3d:1e:7f:cf:e0:31:b6:4d:ca:
         0f:86:69:4b:10:ab:12:9f:f0:1b:67:07:bb:9e:43:c4:75:c8:
         73:a8:3c:7f:71:4e:ad:99:0a:21:cf:ab:c4:bf:7c:8c:1a:80:
         13:45:f3:32:d4:e7:11:b3:54:f6:9d:d3:12:80:4a:92:e6:a2:
         b5:05:b6:24:8c:97:ad:f2:15:bb:9f:c6:24:9c:1e:c1:2a:83:
         be:29:a7:bd:01:01:11:a3:45:34:54:20:1d:69:0f:24:30:7f:
         9a:9e:d0:40:d7:81:6c:8d:e3:64:9d:32:99:51:71:79:3e:48:
         f1:a0:82:c1:44:ff:e5:f3:34:f0:71:98:67:af:f3:64:00:91:
         41:cc:fb:14:cf:9f:6d:25:80:f1:10:8e:fe:f4:d4:84:67:13:
         08:b9:de:5c:bb:78:c8:e2:f1:0c:bf:3c:72:09:18:2d:e5:f6:
         a8:81:6b:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVr7sHb6/yd/hPvZ0EvGxt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOTQyMTk2NTk5NWFmMWQ2NWU4ZTlhOThhMjFkYzI2ODFk
OTg5ZjEwHhcNMjMwMTAxMDYwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRjN2IwZmE5NDQ0NWI1NDMwYmQwOTk2YjhjYjVjZmJhZGYyYjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP/hAMvclj9FFbfWW3DYr4FaYCES
KS9nOxERtMgoo9/E4LAbVaC0UzEFz1MBABoImJp30rMJOA/bQ6YWVmtVz+8WQn7R
OgAJ1rzGZ7iKWmM87s/j5gJQTWNeT0Stoiq4BrlpEEh54fCjuvErqYnTs6H78KWR
9H7kUW3kwcW71c2PUxhgrKBiqxwh/buBkND6P9m0Xf1EMrovrpzoql5zA9Gu70pi
yHYKSu6XD3WCoLLUWG3vsZvsly3h0TlshMhEWXVuCRY/BE0c09ZxJUMxx8mDOi9V
zMFUZh7tQgGhfgo2D6xcqPS9BAODGgSLDtLQ5nQbi+eZCQywv6WYJQhl/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNMew+pREW1QwvQmWuMtc+63yteMB8GA1UdIwQY
MBaAFACUIZZZla8dZejpqYoh3CaB2YnxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpRaGxsbVZyeDFsNk9tcGlpSGNKb0haaWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8xYTUyOWUtMDA1MC00NjM3LTk4MjAt
NTVlYjExNDg2NmMwLzEvSTB4N0Q2bEVSYlZEQzlDWmE0eTF6N3JmSzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8xYTUyOWUtMDA1MC00NjM3LTk4MjAtNTVlYjExNDg2NmMw
LzEvQUpRaGxsbVZyeDFsNk9tcGlpSGNKb0haaWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNKMA0G
CSqGSIb3DQEBCwUAA4IBAQCIXB3kM0Lssyf4wNSEwvbTFH5GufH/9m2pwKSWTkkC
KAdNx0YAidcTh2mrfhrmnY4XiFs2PTzD7K3gPDG3Bq9/WBga2kMXVTiRRL1DzP1d
zfA9Hn/P4DG2TcoPhmlLEKsSn/AbZwe7nkPEdchzqDx/cU6tmQohz6vEv3yMGoAT
RfMy1OcRs1T2ndMSgEqS5qK1BbYkjJet8hW7n8YknB7BKoO+Kae9AQERo0U0VCAd
aQ8kMH+antBA14FsjeNknTKZUXF5PkjxoILBRP/l8zTwcZhnr/NkAJFBzPsUz59t
JYDxEI7+9NSEZxMIud5cu3jI4vEMvzxyCRgt5faogWte
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:34 2024 by rpki-client on console-fra.rpki-client.org