Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b3f2e4-5177-48ae-955e-5d816a82c283/1/j7-iblN5JOeJyLdHecq0S1ivdqw.roa
File:                     j7-iblN5JOeJyLdHecq0S1ivdqw.roa (raw, json)
Hash identifier:          CheuFxIqng2yjFQNcKCwttoUt/f2nW5FWlg7QfmAb5w=
Subject key identifier:   8F:BF:A2:6E:53:79:24:E7:89:C8:B7:47:79:CA:B4:4B:58:AF:76:AC
Certificate issuer:       /CN=344f5eb0efc517d6caaeb7c74a847f965c0e14d9
Certificate serial:       01856B4A1D719226C76F83912336AB7B5C23
Authority key identifier: 34:4F:5E:B0:EF:C5:17:D6:CA:AE:B7:C7:4A:84:7F:96:5C:0E:14:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NE9esO_FF9bKrrfHSoR_llwOFNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b3f2e4-5177-48ae-955e-5d816a82c283/1/j7-iblN5JOeJyLdHecq0S1ivdqw.roa
Signing time:             Sun 01 Jan 2023 03:04:57 +0000
ROA not before:           Sun 01 Jan 2023 03:04:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210773
IP address blocks:        185.252.31.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:4a:1d:71:92:26:c7:6f:83:91:23:36:ab:7b:5c:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=344f5eb0efc517d6caaeb7c74a847f965c0e14d9
        Validity
            Not Before: Jan  1 03:04:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8fbfa26e537924e789c8b74779cab44b58af76ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fb:35:c3:dc:23:69:2c:48:84:52:15:4e:e8:
                    6f:a1:f2:50:09:9b:26:8d:c5:60:93:43:23:d1:8c:
                    0e:94:11:94:f7:d8:ff:07:2f:2b:c5:e7:35:d1:3b:
                    ab:0f:43:ad:d4:4c:6f:17:0a:cf:11:29:ee:8a:4b:
                    9e:04:19:7a:09:31:b7:1c:73:cd:58:32:f3:99:c9:
                    bc:06:a8:66:39:0f:0f:f5:52:a0:ab:83:65:94:37:
                    86:94:d0:16:b2:c6:6b:79:d9:48:46:32:75:a5:d0:
                    1d:fa:4f:88:0a:4b:5f:6d:7e:8c:48:33:12:a0:e7:
                    a2:76:cb:26:8f:34:40:11:63:f0:f4:31:6c:18:5a:
                    c2:2b:82:9f:5a:30:cb:3e:a3:19:d4:33:58:44:5b:
                    a1:00:e3:5d:35:25:8d:f4:b7:e2:30:5d:06:fb:a9:
                    e7:15:ea:c5:1b:12:7c:df:cb:b6:05:bd:d4:81:98:
                    0c:24:58:50:41:f6:b2:97:61:d3:58:f8:0b:10:fd:
                    17:72:85:d0:37:52:4c:57:b2:62:3c:76:5f:9a:e6:
                    86:c1:27:c8:76:ec:42:47:28:13:54:d6:c5:7f:e9:
                    a9:9c:ad:9c:21:77:3e:b7:b0:5f:a5:5c:ed:84:49:
                    40:7d:7f:d9:24:e4:ec:1d:d4:ae:d5:02:9e:66:88:
                    e2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:BF:A2:6E:53:79:24:E7:89:C8:B7:47:79:CA:B4:4B:58:AF:76:AC
            X509v3 Authority Key Identifier:
                keyid:34:4F:5E:B0:EF:C5:17:D6:CA:AE:B7:C7:4A:84:7F:96:5C:0E:14:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NE9esO_FF9bKrrfHSoR_llwOFNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b3f2e4-5177-48ae-955e-5d816a82c283/1/j7-iblN5JOeJyLdHecq0S1ivdqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b3f2e4-5177-48ae-955e-5d816a82c283/1/NE9esO_FF9bKrrfHSoR_llwOFNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ee:4f:13:03:d1:58:f9:7c:7b:79:ca:6c:87:14:12:79:a4:
         f7:cd:a4:05:3d:f3:6b:e0:0e:b2:a2:c7:2e:6b:53:8e:f7:de:
         e2:7c:6f:f7:bb:15:f4:78:9f:bb:f1:fe:73:53:50:82:eb:37:
         78:8d:ec:05:b6:47:df:83:89:e5:ca:68:d7:de:a8:f3:0f:e8:
         a3:45:20:ea:ad:d6:0b:7a:54:93:0a:8b:27:40:d0:4a:12:03:
         ea:90:28:5e:00:6f:99:54:fc:dd:fa:5f:26:4f:49:15:0e:b9:
         33:6e:c8:b9:7b:59:b5:8e:63:1b:f2:92:5b:a6:b4:f4:00:bf:
         e2:c5:ea:09:b7:8d:c6:2f:0a:48:4d:4b:0d:70:f6:ea:45:71:
         00:f1:47:8f:51:67:59:de:0d:23:6e:32:07:72:dc:fb:06:7e:
         52:7a:d3:13:67:a5:26:47:11:c3:db:7d:23:79:73:06:5f:4e:
         20:79:7f:f2:21:cc:ea:a4:1e:a1:07:b6:fd:1c:7b:b4:56:bc:
         5c:fa:dc:d2:4a:4f:68:2d:00:b8:60:68:57:7b:42:fb:8b:a2:
         06:e3:b2:25:0f:be:3b:1d:18:8f:7d:5e:89:5c:fd:40:2f:11:
         0c:44:e0:22:9a:9c:30:3e:f7:88:7d:b3:38:eb:eb:11:c2:18:
         71:1f:f9:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVrSh1xkibHb4ORIzare1wjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NGY1ZWIwZWZjNTE3ZDZjYWFlYjdjNzRhODQ3Zjk2NWMw
ZTE0ZDkwHhcNMjMwMTAxMDMwNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmJmYTI2ZTUzNzkyNGU3ODljOGI3NDc3OWNhYjQ0YjU4YWY3NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvs1w9wjaSxIhFIVTuhvofJQCZsm
jcVgk0Mj0YwOlBGU99j/By8rxec10TurD0Ot1ExvFwrPESnuikueBBl6CTG3HHPN
WDLzmcm8BqhmOQ8P9VKgq4NllDeGlNAWssZredlIRjJ1pdAd+k+ICktfbX6MSDMS
oOeidssmjzRAEWPw9DFsGFrCK4KfWjDLPqMZ1DNYRFuhAONdNSWN9LfiMF0G+6nn
FerFGxJ838u2Bb3UgZgMJFhQQfayl2HTWPgLEP0XcoXQN1JMV7JiPHZfmuaGwSfI
duxCRygTVNbFf+mpnK2cIXc+t7BfpVzthElAfX/ZJOTsHdSu1QKeZojikwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+/om5TeSTnici3R3nKtEtYr3asMB8GA1UdIwQY
MBaAFDRPXrDvxRfWyq63x0qEf5ZcDhTZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkU5ZXNPX0ZGOWJLcnJmSFNvUl9sbHdPRk5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iM2YyZTQtNTE3Ny00OGFlLTk1NWUt
NWQ4MTZhODJjMjgzLzEvajctaWJsTjVKT2VKeUxkSGVjcTBTMWl2ZHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iM2YyZTQtNTE3Ny00OGFlLTk1NWUtNWQ4MTZhODJjMjgz
LzEvTkU5ZXNPX0ZGOWJLcnJmSFNvUl9sbHdPRk5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufwfMA0G
CSqGSIb3DQEBCwUAA4IBAQBy7k8TA9FY+Xx7ecpshxQSeaT3zaQFPfNr4A6yoscu
a1OO997ifG/3uxX0eJ+78f5zU1CC6zd4jewFtkffg4nlymjX3qjzD+ijRSDqrdYL
elSTCosnQNBKEgPqkCheAG+ZVPzd+l8mT0kVDrkzbsi5e1m1jmMb8pJbprT0AL/i
xeoJt43GLwpITUsNcPbqRXEA8UePUWdZ3g0jbjIHctz7Bn5SetMTZ6UmRxHD230j
eXMGX04geX/yIczqpB6hB7b9HHu0Vrxc+tzSSk9oLQC4YGhXe0L7i6IG47IlD747
HRiPfV6JXP1ALxEMROAimpwwPveIfbM46+sRwhhxH/m/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:40 2024 by rpki-client on console-fra.rpki-client.org