Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/438306-1d14-459a-b2d6-64e50ebbb21e/1/hkqSw6XhISa7EoyYYkOmjSrPOpM.roa
File:                     hkqSw6XhISa7EoyYYkOmjSrPOpM.roa (raw, json)
Hash identifier:          8dQVGZshqsZQZDV29M4bS6KV7wuQAODgvVplsvroqZI=
Subject key identifier:   86:4A:92:C3:A5:E1:21:26:BB:12:8C:98:62:43:A6:8D:2A:CF:3A:93
Certificate issuer:       /CN=e6a0c256d32e4544d6b7fd37f9cee559d3d2694f
Certificate serial:       0185732829D0CCDA8B6408023D1A6CCF34AB
Authority key identifier: E6:A0:C2:56:D3:2E:45:44:D6:B7:FD:37:F9:CE:E5:59:D3:D2:69:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5qDCVtMuRUTWt_03-c7lWdPSaU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/438306-1d14-459a-b2d6-64e50ebbb21e/1/hkqSw6XhISa7EoyYYkOmjSrPOpM.roa
Signing time:             Mon 02 Jan 2023 15:44:50 +0000
ROA not before:           Mon 02 Jan 2023 15:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        212.52.8.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:28:29:d0:cc:da:8b:64:08:02:3d:1a:6c:cf:34:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6a0c256d32e4544d6b7fd37f9cee559d3d2694f
        Validity
            Not Before: Jan  2 15:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=864a92c3a5e12126bb128c986243a68d2acf3a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e4:ad:d7:26:12:a6:22:f8:15:bb:d0:a1:62:
                    dc:6f:9f:51:21:fd:5b:0d:d6:5d:a5:a1:f3:47:e3:
                    c8:81:73:72:8f:36:e8:e3:b9:aa:08:ec:6a:3a:19:
                    2f:bb:f4:f0:db:1f:e2:c1:6e:b0:4e:1e:41:64:4a:
                    2d:f1:b1:a5:78:29:20:c1:07:9b:c0:0c:b0:f5:44:
                    36:37:32:e8:b6:58:6b:ff:57:59:e3:43:41:47:f1:
                    38:ca:e3:7d:2c:c1:c1:fb:3b:33:47:46:37:87:d1:
                    79:e7:c8:92:80:67:0f:b9:c4:1e:6d:44:ad:d1:70:
                    af:8a:6f:ab:8e:43:56:3c:ce:fd:6a:a2:37:4f:dc:
                    b2:29:97:62:18:9d:68:c5:77:d7:58:be:52:9b:d0:
                    20:78:6a:9d:8d:30:72:12:e9:ac:76:ea:c1:ac:c7:
                    c9:b7:b0:81:6a:8e:89:0f:f9:45:53:cf:47:ad:24:
                    9f:6b:79:9b:87:3b:c0:46:ff:c5:e9:b3:37:7a:6b:
                    24:1c:ad:fc:82:13:87:ae:a3:df:88:e0:02:d5:4f:
                    6b:7a:95:ee:b0:70:5d:d0:fe:de:e4:8e:08:4a:9f:
                    6b:5c:06:1f:6b:56:d5:2e:85:fe:e5:91:ae:50:ba:
                    d1:ef:fa:26:50:17:52:8a:69:d6:8a:b2:42:cd:4a:
                    33:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4A:92:C3:A5:E1:21:26:BB:12:8C:98:62:43:A6:8D:2A:CF:3A:93
            X509v3 Authority Key Identifier:
                keyid:E6:A0:C2:56:D3:2E:45:44:D6:B7:FD:37:F9:CE:E5:59:D3:D2:69:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5qDCVtMuRUTWt_03-c7lWdPSaU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/438306-1d14-459a-b2d6-64e50ebbb21e/1/hkqSw6XhISa7EoyYYkOmjSrPOpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/438306-1d14-459a-b2d6-64e50ebbb21e/1/5qDCVtMuRUTWt_03-c7lWdPSaU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:ec:ae:90:34:65:1b:7f:ce:b9:6c:70:12:29:98:6e:54:06:
         49:d9:42:23:78:67:91:8b:9d:b2:e3:f8:f2:f5:83:b9:cc:86:
         a3:36:39:ee:11:40:83:1c:1d:6c:6f:5a:6a:d7:6a:e2:61:56:
         7b:3f:6f:29:9d:6b:f6:21:95:9c:45:3b:0a:3e:db:08:ea:88:
         dd:39:44:a6:8b:b3:b9:f0:13:a2:3a:ce:75:83:9f:72:34:bc:
         98:8e:08:0d:ba:48:77:f2:6d:d0:85:8f:af:a3:2a:4f:fe:6c:
         8b:ff:91:18:79:04:7b:cb:bc:df:31:d9:9d:67:00:3e:e9:e3:
         21:41:67:91:fb:27:55:9c:c4:01:97:d5:ed:8f:34:0a:b2:41:
         34:c4:af:d7:24:c8:61:60:b8:fe:77:28:18:12:71:25:96:ea:
         61:b3:e2:2f:04:47:3d:02:83:d4:a1:e9:05:47:be:ee:89:2c:
         c7:3a:d8:dd:bb:db:e0:ac:fe:1e:77:fc:85:6e:1c:95:8a:0b:
         ab:b9:ad:75:ad:f1:9d:9d:2c:d6:37:67:72:8e:b9:d9:7e:bf:
         d4:9c:03:e4:45:ac:8e:97:da:a5:88:0f:fa:22:37:4c:a5:52:
         18:cc:ef:a0:d7:c0:39:c9:0c:91:70:ec:02:20:af:22:58:2b:
         f1:35:10:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVzKCnQzNqLZAgCPRpszzSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YTBjMjU2ZDMyZTQ1NDRkNmI3ZmQzN2Y5Y2VlNTU5ZDNk
MjY5NGYwHhcNMjMwMTAyMTU0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRhOTJjM2E1ZTEyMTI2YmIxMjhjOTg2MjQzYTY4ZDJhY2YzYTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOSt1yYSpiL4FbvQoWLcb59RIf1b
DdZdpaHzR+PIgXNyjzbo47mqCOxqOhkvu/Tw2x/iwW6wTh5BZEot8bGleCkgwQeb
wAyw9UQ2NzLotlhr/1dZ40NBR/E4yuN9LMHB+zszR0Y3h9F558iSgGcPucQebUSt
0XCvim+rjkNWPM79aqI3T9yyKZdiGJ1oxXfXWL5Sm9AgeGqdjTByEumsdurBrMfJ
t7CBao6JD/lFU89HrSSfa3mbhzvARv/F6bM3emskHK38ghOHrqPfiOAC1U9repXu
sHBd0P7e5I4ISp9rXAYfa1bVLoX+5ZGuULrR7/omUBdSimnWirJCzUozQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZKksOl4SEmuxKMmGJDpo0qzzqTMB8GA1UdIwQY
MBaAFOagwlbTLkVE1rf9N/nO5VnT0mlPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXFEQ1Z0TXVSVVRXdF8wMy1jN2xXZFBTYVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MzgzMDYtMWQxNC00NTlhLWIyZDYt
NjRlNTBlYmJiMjFlLzEvaGtxU3c2WGhJU2E3RW95WVlrT21qU3JQT3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MzgzMDYtMWQxNC00NTlhLWIyZDYtNjRlNTBlYmJiMjFl
LzEvNXFEQ1Z0TXVSVVRXdF8wMy1jN2xXZFBTYVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQIMA0G
CSqGSIb3DQEBCwUAA4IBAQCt7K6QNGUbf865bHASKZhuVAZJ2UIjeGeRi52y4/jy
9YO5zIajNjnuEUCDHB1sb1pq12riYVZ7P28pnWv2IZWcRTsKPtsI6ojdOUSmi7O5
8BOiOs51g59yNLyYjggNukh38m3QhY+voypP/myL/5EYeQR7y7zfMdmdZwA+6eMh
QWeR+ydVnMQBl9XtjzQKskE0xK/XJMhhYLj+dygYEnElluphs+IvBEc9AoPUoekF
R77uiSzHOtjdu9vgrP4ed/yFbhyVigurua11rfGdnSzWN2dyjrnZfr/UnAPkRayO
l9qliA/6IjdMpVIYzO+g18A5yQyRcOwCIK8iWCvxNRDP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:03 2024 by rpki-client on console-fra.rpki-client.org