Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/r65Au2EBq1bH7UA8C3ywl0QxBNY.roa
File:                     r65Au2EBq1bH7UA8C3ywl0QxBNY.roa (raw, json)
Hash identifier:          COH8OTlaTjV3a5Zk+DSB/5Uh2/9RtEXhWxwNrqROxng=
Subject key identifier:   AF:AE:40:BB:61:01:AB:56:C7:ED:40:3C:0B:7C:B0:97:44:31:04:D6
Certificate issuer:       /CN=009421965995af1d65e8e9a98a21dc2681d989f1
Certificate serial:       6FEB70
Authority key identifier: 00:94:21:96:59:95:AF:1D:65:E8:E9:A9:8A:21:DC:26:81:D9:89:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJQhllmVrx1l6OmpiiHcJoHZifE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/r65Au2EBq1bH7UA8C3ywl0QxBNY.roa
Signing time:             Sat 01 Jan 2022 01:57:58 +0000
ROA not before:           Sat 01 Jan 2022 01:57:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        146.19.74.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7334768 (0x6feb70)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=009421965995af1d65e8e9a98a21dc2681d989f1
        Validity
            Not Before: Jan  1 01:57:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=afae40bb6101ab56c7ed403c0b7cb097443104d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9f:98:80:72:ff:b4:d8:3d:57:fb:86:76:6d:
                    76:e4:71:b9:a9:27:c2:a0:02:92:8a:3c:ba:e8:0c:
                    d2:4f:e3:05:d2:2e:fa:1b:c0:0b:24:bb:f6:46:fe:
                    53:01:3c:14:0c:45:9a:30:b7:79:5f:39:5a:b7:f6:
                    f5:c0:40:62:8c:76:89:c4:bb:26:57:25:1b:ad:bd:
                    3e:e0:28:99:a2:81:e9:2f:c5:5d:48:95:54:6f:d8:
                    1d:2b:23:1a:56:44:90:be:f4:79:90:67:3e:25:48:
                    7d:0f:52:1d:d1:ce:93:c1:fa:f7:24:e4:0a:88:3f:
                    1d:b6:d8:a3:00:37:04:fe:bd:0a:91:6c:8a:3b:a6:
                    ec:f4:e4:75:01:b4:f0:4e:9e:4c:8e:4d:4e:b5:43:
                    7c:6a:01:dc:0b:89:78:f7:1e:c1:a9:e5:c1:01:0d:
                    74:03:9e:75:5c:29:af:3a:db:b8:f3:0f:14:a2:97:
                    b5:64:14:59:54:3a:ae:49:4a:0b:54:a3:b4:ce:a3:
                    80:8b:78:5c:fb:93:8b:b7:6e:51:4c:56:87:be:43:
                    14:b1:cd:54:04:98:5c:c3:c5:67:91:71:76:b0:e0:
                    6f:7c:8b:13:38:fc:4c:a1:22:9b:84:ba:d9:50:7b:
                    7c:55:18:c2:7c:3a:48:cc:0d:c6:fb:14:f1:3e:68:
                    f5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AE:40:BB:61:01:AB:56:C7:ED:40:3C:0B:7C:B0:97:44:31:04:D6
            X509v3 Authority Key Identifier:
                keyid:00:94:21:96:59:95:AF:1D:65:E8:E9:A9:8A:21:DC:26:81:D9:89:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJQhllmVrx1l6OmpiiHcJoHZifE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/r65Au2EBq1bH7UA8C3ywl0QxBNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/1a529e-0050-4637-9820-55eb114866c0/1/AJQhllmVrx1l6OmpiiHcJoHZifE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e9:b0:67:81:d6:bf:78:c8:79:81:b9:52:01:b8:34:47:57:a0:
         74:18:3e:b0:77:63:42:61:19:d1:3c:77:a0:48:bd:ab:e3:53:
         89:c5:8a:bd:dd:bd:2e:4a:60:b8:5b:c1:a2:f6:6e:99:d0:14:
         35:1a:b0:d6:a7:64:0a:61:2a:71:40:62:36:d9:2a:58:f8:6a:
         c0:04:b9:28:5f:eb:9e:e6:2a:0f:14:90:a3:aa:d0:94:20:48:
         64:2e:05:a1:28:d2:a1:1d:88:19:79:f8:e7:15:a5:eb:7d:f4:
         09:78:1a:74:57:b4:08:32:33:da:ba:3e:9c:be:7f:ac:d7:41:
         f5:11:a3:0c:1d:d2:75:45:d6:dd:b5:96:80:5b:94:6a:d2:e3:
         3a:13:19:73:4e:93:0e:23:56:3f:4b:a3:8a:d0:8b:2d:32:38:
         10:3d:e5:0d:db:5e:5c:4c:5b:92:a5:64:b5:d6:40:9c:a6:92:
         0e:21:98:e2:d8:30:1d:5e:53:30:47:d7:a8:e4:42:c6:f0:29:
         eb:8d:a6:ad:6b:5c:95:a0:c6:70:b1:e2:25:33:18:00:e4:4a:
         09:7e:de:f2:f5:57:27:27:5a:4a:7b:c4:b8:a2:a3:8e:38:aa:
         32:f8:52:5f:33:22:50:2f:16:54:1a:fd:0f:20:d0:ff:81:4b:
         92:84:27:7b
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDb+twMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDAw
OTQyMTk2NTk5NWFmMWQ2NWU4ZTlhOThhMjFkYzI2ODFkOTg5ZjEwHhcNMjIwMTAx
MDE1NzU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhhZmFlNDBiYjYxMDFh
YjU2YzdlZDQwM2MwYjdjYjA5NzQ0MzEwNGQ2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtZ+YgHL/tNg9V/uGdm125HG5qSfCoAKSijy66AzST+MF0i76
G8ALJLv2Rv5TATwUDEWaMLd5Xzlat/b1wEBijHaJxLsmVyUbrb0+4CiZooHpL8Vd
SJVUb9gdKyMaVkSQvvR5kGc+JUh9D1Id0c6Twfr3JOQKiD8dttijADcE/r0KkWyK
O6bs9OR1AbTwTp5Mjk1OtUN8agHcC4l49x7BqeXBAQ10A551XCmvOtu48w8Uope1
ZBRZVDquSUoLVKO0zqOAi3hc+5OLt25RTFaHvkMUsc1UBJhcw8VnkXF2sOBvfIsT
OPxMoSKbhLrZUHt8VRjCfDpIzA3G+xTxPmj1yQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFK+uQLthAatWx+1APAt8sJdEMQTWMB8GA1UdIwQYMBaAFACUIZZZla8dZejp
qYoh3CaB2YnxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
QUpRaGxsbVZyeDFsNk9tcGlpSGNKb0haaWZFLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8xMS8xYTUyOWUtMDA1MC00NjM3LTk4MjAtNTVlYjExNDg2NmMwLzEv
cjY1QXUyRUJxMWJIN1VBOEMzeXdsMFF4Qk5ZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8x
YTUyOWUtMDA1MC00NjM3LTk4MjAtNTVlYjExNDg2NmMwLzEvQUpRaGxsbVZyeDFs
Nk9tcGlpSGNKb0haaWZFLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNKMA0GCSqGSIb3DQEBCwUAA4IB
AQDpsGeB1r94yHmBuVIBuDRHV6B0GD6wd2NCYRnRPHegSL2r41OJxYq93b0uSmC4
W8Gi9m6Z0BQ1GrDWp2QKYSpxQGI22SpY+GrABLkoX+ue5ioPFJCjqtCUIEhkLgWh
KNKhHYgZefjnFaXrffQJeBp0V7QIMjPauj6cvn+s10H1EaMMHdJ1RdbdtZaAW5Rq
0uM6ExlzTpMOI1Y/S6OK0IstMjgQPeUN215cTFuSpWS11kCcppIOIZji2DAdXlMw
R9eo5ELG8Cnrjaata1yVoMZwseIlMxgA5EoJft7y9VcnJ1pKe8S4oqOOOKoy+FJf
MyJQLxZUGv0PIND/gUuShCd7
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:53:59 2024 by rpki-client on console-ams.rpki-client.org