Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/oDwSFcY0odLaDJKrXT16RvMwb2M.roa
File:                     oDwSFcY0odLaDJKrXT16RvMwb2M.roa (raw, json)
Hash identifier:          7sVdyhFq647I09oqD5tpRmlyARqgKc1mDDYvbygl3WM=
Subject key identifier:   A0:3C:12:15:C6:34:A1:D2:DA:0C:92:AB:5D:3D:7A:46:F3:30:6F:63
Certificate issuer:       /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial:       018CC87075B9D85BA5F7ACCD8188DFC667D3
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/oDwSFcY0odLaDJKrXT16RvMwb2M.roa
Signing time:             Tue 02 Jan 2024 04:31:02 +0000
ROA not before:           Tue 02 Jan 2024 04:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211415
IP address blocks:        185.242.108.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:75:b9:d8:5b:a5:f7:ac:cd:81:88:df:c6:67:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
        Validity
            Not Before: Jan  2 04:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a03c1215c634a1d2da0c92ab5d3d7a46f3306f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3d:28:ab:09:0d:57:1d:9c:4f:40:f5:28:fc:
                    a8:28:a0:43:62:66:c1:93:7b:21:be:c4:94:49:36:
                    06:68:e4:12:54:93:8d:ed:b0:37:15:61:99:ee:0a:
                    67:af:38:7f:36:28:f3:2a:c8:b0:89:04:61:b3:1b:
                    66:8a:de:38:f9:4d:1e:ac:04:41:08:af:b9:32:d8:
                    af:be:5c:9d:44:e5:3a:15:ce:ac:9e:ff:b8:85:cf:
                    a9:c5:4c:92:ba:3a:78:3b:fc:fd:e7:8a:b7:b0:c5:
                    d8:ef:37:6a:7d:36:97:f8:6c:58:d4:ca:9a:0e:87:
                    0e:18:1f:de:18:ac:fe:f5:0d:77:15:c1:d3:67:99:
                    ba:eb:76:4f:bb:23:57:f7:5b:cc:b2:55:8a:47:43:
                    f5:fd:23:45:72:02:05:c3:7c:63:a9:58:0d:76:a1:
                    cc:17:4c:d4:e8:77:e2:3e:8c:a7:28:be:0e:4d:4d:
                    56:05:c3:13:d0:8b:85:44:57:7b:f0:6f:4c:48:43:
                    ee:c0:bf:cc:dd:df:78:ca:55:45:9f:d9:90:4f:d7:
                    cc:7a:ff:23:d0:ca:8b:c1:3b:ff:49:ae:ea:19:67:
                    90:50:89:69:95:0e:b6:e1:de:ce:83:5d:40:99:65:
                    e2:17:72:a4:89:41:33:34:f3:52:f3:76:65:a8:89:
                    84:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:3C:12:15:C6:34:A1:D2:DA:0C:92:AB:5D:3D:7A:46:F3:30:6F:63
            X509v3 Authority Key Identifier:
                keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/oDwSFcY0odLaDJKrXT16RvMwb2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:71:84:d4:a9:b4:a2:7f:3d:04:45:64:d7:d0:d5:0b:fa:b3:
         67:dd:ff:43:e5:d5:69:7f:06:c8:51:fa:08:e8:03:26:07:b5:
         e2:1c:5d:22:61:be:43:8f:13:0e:e7:6b:f3:e3:9c:39:b0:ac:
         eb:de:a8:68:34:86:05:c0:2a:d6:98:a0:9d:e7:2a:ca:b1:b1:
         5a:2c:f0:47:23:df:b9:3e:24:cf:cc:51:10:97:19:6b:dc:44:
         0b:07:09:5a:86:d6:10:1a:b3:09:2c:7e:60:a6:1a:4c:16:3b:
         b4:60:4b:72:51:f2:11:c0:be:f0:94:4f:7a:4e:69:3f:72:31:
         3b:27:08:db:29:e1:94:8a:91:c1:1d:70:db:d6:35:3c:ae:b2:
         30:6f:6d:3c:77:e4:b5:b6:97:4e:a6:3f:86:1a:6a:9e:18:f5:
         bf:7a:01:63:58:ec:73:30:97:5d:7f:6b:1e:1d:be:95:1f:11:
         41:41:ab:d8:04:79:9d:b5:bd:f6:5f:2f:50:a0:c1:64:3f:a2:
         49:9b:c6:0f:14:37:5a:34:61:1f:2e:b5:5e:ec:a0:5e:33:cb:
         dd:4c:e8:40:b5:ef:9a:e5:2c:4f:b0:81:e8:6e:5e:c9:c2:ef:
         c5:20:63:e4:5c:85:21:ac:40:b4:c9:e3:db:11:9d:87:47:b0:
         a8:ec:90:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcHW52Ful96zNgYjfxmfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjQwMTAyMDQzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDNjMTIxNWM2MzRhMWQyZGEwYzkyYWI1ZDNkN2E0NmYzMzA2ZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT0oqwkNVx2cT0D1KPyoKKBDYmbB
k3shvsSUSTYGaOQSVJON7bA3FWGZ7gpnrzh/NijzKsiwiQRhsxtmit44+U0erARB
CK+5MtivvlydROU6Fc6snv+4hc+pxUySujp4O/z954q3sMXY7zdqfTaX+GxY1Mqa
DocOGB/eGKz+9Q13FcHTZ5m663ZPuyNX91vMslWKR0P1/SNFcgIFw3xjqVgNdqHM
F0zU6HfiPoynKL4OTU1WBcMT0IuFRFd78G9MSEPuwL/M3d94ylVFn9mQT9fMev8j
0MqLwTv/Sa7qGWeQUIlplQ624d7Og11AmWXiF3KkiUEzNPNS83ZlqImEFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKA8EhXGNKHS2gySq109ekbzMG9jMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvb0R3U0ZjWTBvZExhREpLclhUMTZSdk13YjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufJsMA0G
CSqGSIb3DQEBCwUAA4IBAQAvcYTUqbSifz0ERWTX0NUL+rNn3f9D5dVpfwbIUfoI
6AMmB7XiHF0iYb5DjxMO52vz45w5sKzr3qhoNIYFwCrWmKCd5yrKsbFaLPBHI9+5
PiTPzFEQlxlr3EQLBwlahtYQGrMJLH5gphpMFju0YEtyUfIRwL7wlE96Tmk/cjE7
JwjbKeGUipHBHXDb1jU8rrIwb208d+S1tpdOpj+GGmqeGPW/egFjWOxzMJddf2se
Hb6VHxFBQavYBHmdtb32Xy9QoMFkP6JJm8YPFDdaNGEfLrVe7KBeM8vdTOhAte+a
5SxPsIHobl7Jwu/FIGPkXIUhrEC0yePbEZ2HR7Co7JDJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:09 2024 by rpki-client on console-fra.rpki-client.org