Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/S387aWDkfFt48htpm8QR4GuqGWk.roa
File:                     S387aWDkfFt48htpm8QR4GuqGWk.roa (raw, json)
Hash identifier:          +t8M+afgXGMsMKSeGQf/E/0pQgLXqc+qBs5gwR0xCqE=
Subject key identifier:   4B:7F:3B:69:60:E4:7C:5B:78:F2:1B:69:9B:C4:11:E0:6B:AA:19:69
Certificate issuer:       /CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
Certificate serial:       018CC7274F30212F00E865B68E1248C7E7E6
Authority key identifier: 39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/S387aWDkfFt48htpm8QR4GuqGWk.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21100
IP address blocks:        185.14.28.0/22 maxlen: 22
                          217.12.218.0/24 maxlen: 24
                          217.12.200.0/23 maxlen: 23
                          5.34.180.0/23 maxlen: 23
                          217.12.208.0/23 maxlen: 23
                          2a02:27ab::/32 maxlen: 32
                          2a02:27a9::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4f:30:21:2f:00:e8:65:b6:8e:12:48:c7:e7:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7f3b6960e47c5b78f21b699bc411e06baa1969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f9:a9:1f:55:21:de:57:54:8f:28:bf:02:a8:
                    86:70:b2:e9:36:53:e5:5c:87:21:14:82:a3:89:4e:
                    44:9b:11:15:87:eb:17:d9:03:f3:73:78:c9:07:41:
                    85:45:49:ad:9f:e8:3a:ed:f1:79:f0:1b:95:d7:06:
                    e1:39:d2:43:56:a6:3b:a9:47:4f:d3:4d:a6:ab:a6:
                    36:28:b8:0d:5a:25:47:c4:b3:b2:6a:cf:44:52:38:
                    24:70:32:b7:9f:dc:3c:38:6a:6b:05:52:93:2a:fa:
                    07:b2:13:b6:8f:89:6f:b6:10:96:6e:c9:be:e7:bf:
                    58:e0:b6:73:18:b9:bd:b0:3a:a2:5d:46:c5:09:e4:
                    e5:25:0a:e1:e5:af:b7:b1:0a:19:65:be:c8:cc:fa:
                    4f:a8:e8:c1:44:09:4c:43:58:d9:73:3d:a4:d4:c7:
                    46:1f:5a:11:51:de:36:a8:5f:d4:49:55:d1:73:5d:
                    f5:65:73:20:91:49:af:66:c8:cc:da:56:97:ff:07:
                    0b:8e:ff:79:2f:c0:d8:48:61:55:60:0a:e0:ab:d2:
                    63:9a:cc:05:2d:ca:72:d5:37:bb:00:ba:e3:cc:42:
                    f0:9d:20:36:8b:16:98:b6:4d:27:d8:2e:64:9f:86:
                    94:b6:2f:42:b0:15:ab:09:b1:3a:85:44:dd:61:e7:
                    09:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7F:3B:69:60:E4:7C:5B:78:F2:1B:69:9B:C4:11:E0:6B:AA:19:69
            X509v3 Authority Key Identifier:
                keyid:39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/S387aWDkfFt48htpm8QR4GuqGWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/OVAwNhWspuX29bVpHHwsjcpfI00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.180.0/23
                  185.14.28.0/22
                  217.12.200.0/23
                  217.12.208.0/23
                  217.12.218.0/24
                IPv6:
                  2a02:27a9::/32
                  2a02:27ab::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:af:86:83:d0:4c:f7:f3:d6:89:ff:8a:8b:20:7e:7b:fe:d9:
         17:08:89:1e:6e:7d:f4:a5:c9:b0:f5:d2:23:e7:88:24:f1:0f:
         d1:89:d6:e9:b3:27:14:c4:ab:b2:2e:2c:00:ca:85:0b:56:23:
         81:91:b4:26:31:8f:b8:50:8f:9d:aa:ec:8d:ec:60:8e:1f:5a:
         91:f6:0e:7d:56:38:63:06:bb:bb:2d:d4:e5:dd:11:fc:7b:5b:
         02:7e:8f:de:3d:59:2a:76:70:09:c1:a5:3c:52:44:9f:05:dd:
         f3:ea:b4:bf:4c:a8:42:cb:e7:a3:ff:de:b9:3f:3c:0e:39:ac:
         17:8a:08:db:60:52:8f:b4:62:54:ba:35:75:cd:df:ec:20:25:
         c7:34:d7:8d:2a:64:8b:2b:de:1e:c3:b8:9c:a6:93:d5:bd:a2:
         d3:c7:da:3d:54:67:18:88:63:b3:bf:7f:b4:53:cc:e9:0a:ff:
         c0:df:d5:39:f7:ff:3c:b4:fd:5f:1e:93:8c:79:03:0d:c4:2a:
         05:88:1b:b2:cd:ae:b6:77:43:a6:b5:12:e3:e2:fc:bf:c7:bb:
         96:15:49:f7:12:25:51:75:d3:d6:e7:d6:cc:1c:67:94:8c:07:
         a2:28:07:0b:27:c1:f4:a5:d1:fe:fa:a3:64:b9:ef:86:bb:e9:
         54:9e:fa:c9
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzHJ08wIS8A6GW2jhJIx+fmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NTAzMDM2MTVhY2E2ZTVmNmY1YjU2OTFjN2MyYzhkY2E1
ZjIzNGQwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdmM2I2OTYwZTQ3YzViNzhmMjFiNjk5YmM0MTFlMDZiYWExOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPmpH1Uh3ldUjyi/AqiGcLLpNlPl
XIchFIKjiU5EmxEVh+sX2QPzc3jJB0GFRUmtn+g67fF58BuV1wbhOdJDVqY7qUdP
002mq6Y2KLgNWiVHxLOyas9EUjgkcDK3n9w8OGprBVKTKvoHshO2j4lvthCWbsm+
579Y4LZzGLm9sDqiXUbFCeTlJQrh5a+3sQoZZb7IzPpPqOjBRAlMQ1jZcz2k1MdG
H1oRUd42qF/USVXRc131ZXMgkUmvZsjM2laX/wcLjv95L8DYSGFVYArgq9JjmswF
Lcpy1Te7ALrjzELwnSA2ixaYtk0n2C5kn4aUti9CsBWrCbE6hUTdYecJcQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFEt/O2lg5HxbePIbaZvEEeBrqhlpMB8GA1UdIwQY
MBaAFDlQMDYVrKbl9vW1aRx8LI3KXyNNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1ZBd05oV3NwdVgyOWJWcEhId3NqY3BmSTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8zOGM2OTQtMjNhNy00OGIyLWFhZWMt
NmM4ZmQwYmM1YjAwLzEvUzM4N2FXRGtmRnQ0OGh0cG04UVI0R3VxR1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8zOGM2OTQtMjNhNy00OGIyLWFhZWMtNmM4ZmQwYmM1YjAw
LzEvT1ZBd05oV3NwdVgyOWJWcEhId3NqY3BmSTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQBBSK0AwQC
uQ4cAwQB2QzIAwQB2QzQAwQA2QzaMBQEAgACMA4DBQAqAiepAwUAKgInqzANBgkq
hkiG9w0BAQsFAAOCAQEAaK+Gg9BM9/PWif+KiyB+e/7ZFwiJHm599KXJsPXSI+eI
JPEP0YnW6bMnFMSrsi4sAMqFC1YjgZG0JjGPuFCPnarsjexgjh9akfYOfVY4Ywa7
uy3U5d0R/HtbAn6P3j1ZKnZwCcGlPFJEnwXd8+q0v0yoQsvno//euT88DjmsF4oI
22BSj7RiVLo1dc3f7CAlxzTXjSpkiyveHsO4nKaT1b2i08faPVRnGIhjs79/tFPM
6Qr/wN/VOff/PLT9Xx6TjHkDDcQqBYgbss2utndDprUS4+L8v8e7lhVJ9xIlUXXT
1ufWzBxnlIwHoigHCyfB9KXR/vqjZLnvhrvpVJ76yQ==
-----END CERTIFICATE-----
Generated at Fri Jun 7 11:40:20 2024 by rpki-client on console-ams.rpki-client.org