Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/zzn3kwxeAfolJkzhPvwG7qgouxY.roa
File:                     zzn3kwxeAfolJkzhPvwG7qgouxY.roa (raw, json)
Hash identifier:          xlZEhsoYnUZv3Z+9GZyA+qdsv40e64gupN3uJVnuFMk=
Subject key identifier:   CF:39:F7:93:0C:5E:01:FA:25:26:4C:E1:3E:FC:06:EE:A8:28:BB:16
Certificate issuer:       /CN=a12ef01850a8733356b5f7785d56b092703cf562
Certificate serial:       0300C3
Authority key identifier: A1:2E:F0:18:50:A8:73:33:56:B5:F7:78:5D:56:B0:92:70:3C:F5:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oS7wGFCoczNWtfd4XVawknA89WI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/zzn3kwxeAfolJkzhPvwG7qgouxY.roa
Signing time:             Thu 03 Feb 2022 13:00:14 +0000
ROA not before:           Thu 03 Feb 2022 13:00:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6898
IP address blocks:        31.44.32.0/20 maxlen: 20
                          185.155.184.0/23 maxlen: 23
                          193.221.216.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
                          46.21.16.0/23 maxlen: 23
                          46.21.31.0/24 maxlen: 24
                          46.21.29.0/24 maxlen: 24
                          193.222.104.0/23 maxlen: 23
                          2a00:bd00::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 196803 (0x300c3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a12ef01850a8733356b5f7785d56b092703cf562
        Validity
            Not Before: Feb  3 13:00:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf39f7930c5e01fa25264ce13efc06eea828bb16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:72:24:9e:58:a4:cb:95:6e:5d:54:a9:1a:a6:
                    9c:3c:8e:7e:b2:d4:87:6c:55:c5:57:1d:85:ac:d8:
                    b1:05:80:9b:89:87:f5:f9:0b:ea:51:e8:92:4f:12:
                    de:a8:5f:26:20:06:4f:7d:33:14:3c:27:ae:9e:67:
                    81:c5:86:47:78:9a:37:07:ea:3c:8a:68:65:a9:da:
                    c7:32:d2:b6:de:82:b4:c1:c3:be:1c:e6:31:a6:86:
                    26:b7:f8:2b:b3:47:f2:02:10:6f:5c:0f:64:0a:59:
                    0c:2a:ec:ab:77:96:4f:86:7c:82:c8:f7:4b:bd:98:
                    34:4b:16:4f:18:39:21:2d:6f:53:09:8f:d5:dc:75:
                    2f:c3:19:94:9d:57:44:99:97:60:53:cf:b8:df:a4:
                    e4:ba:92:ae:b6:11:1f:c5:e8:f6:ff:0b:2e:73:de:
                    4d:f8:45:99:e6:66:8c:fb:98:55:a5:f4:5e:cd:ab:
                    68:66:52:c5:6c:f8:84:99:45:7c:81:e6:8f:eb:d0:
                    3c:c2:a8:36:3c:44:f7:b2:b5:d9:d3:05:07:0b:80:
                    c8:ec:aa:c9:4a:ec:3e:59:78:32:27:50:98:5e:2a:
                    ee:96:95:62:8c:ba:cd:11:85:aa:86:bc:b9:90:c7:
                    9b:6e:40:03:61:2c:f6:d7:2f:2a:49:de:d5:d5:2a:
                    2e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:39:F7:93:0C:5E:01:FA:25:26:4C:E1:3E:FC:06:EE:A8:28:BB:16
            X509v3 Authority Key Identifier:
                keyid:A1:2E:F0:18:50:A8:73:33:56:B5:F7:78:5D:56:B0:92:70:3C:F5:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oS7wGFCoczNWtfd4XVawknA89WI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/zzn3kwxeAfolJkzhPvwG7qgouxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/oS7wGFCoczNWtfd4XVawknA89WI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20
                  46.21.16.0/23
                  46.21.29.0/24
                  46.21.31.0/24
                  185.155.184.0/23
                  193.221.216.0/23
                  193.222.104.0/23
                IPv6:
                  2a00:bd00::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:ef:8f:e1:d1:7e:17:ac:68:17:3e:55:0d:1e:af:a4:60:ef:
         49:ed:5e:48:8c:06:e7:98:e9:9c:58:ee:80:2c:3b:02:2c:52:
         ec:c1:69:42:80:9c:36:63:8f:c5:a7:d8:ed:55:90:f5:d1:50:
         6c:be:2e:3c:75:0a:ad:15:9e:a9:a6:c1:87:94:7f:88:7e:0b:
         ca:83:98:bf:b2:af:65:d9:68:fa:54:e8:28:75:b1:1b:61:da:
         86:5e:86:3b:70:66:9d:f9:31:bc:d0:2b:5b:49:7a:c0:3e:12:
         76:ee:ea:2e:0b:8d:7a:4a:65:12:a2:b0:a9:b5:d1:b6:3e:12:
         19:ec:51:96:f2:8c:31:89:f2:ad:78:3a:0b:dc:e5:26:db:ca:
         d7:1e:ad:16:5c:85:ec:62:95:c8:73:1b:ff:56:28:28:d4:ab:
         2c:87:39:40:ea:3c:87:4f:43:fc:f7:24:11:89:9a:1b:0e:96:
         2e:38:29:7b:7d:91:20:1f:ca:8d:d7:a4:c0:e4:2b:5d:38:2a:
         1a:9d:ea:fc:b5:9d:b4:b5:64:3c:67:17:af:31:11:6e:b5:08:
         7c:d4:e4:46:54:00:54:b2:d3:6d:41:9e:ec:5f:2c:90:2e:3c:
         dd:ba:e8:75:71:f2:1c:ff:1d:06:b1:b3:23:02:f5:80:92:f0:
         93:08:1c:e5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIDAwDDMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGEx
MmVmMDE4NTBhODczMzM1NmI1Zjc3ODVkNTZiMDkyNzAzY2Y1NjIwHhcNMjIwMjAz
MTMwMDE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjZjM5Zjc5MzBjNWUw
MWZhMjUyNjRjZTEzZWZjMDZlZWE4MjhiYjE2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxHIknliky5VuXVSpGqacPI5+stSHbFXFVx2FrNixBYCbiYf1
+QvqUeiSTxLeqF8mIAZPfTMUPCeunmeBxYZHeJo3B+o8imhlqdrHMtK23oK0wcO+
HOYxpoYmt/grs0fyAhBvXA9kClkMKuyrd5ZPhnyCyPdLvZg0SxZPGDkhLW9TCY/V
3HUvwxmUnVdEmZdgU8+436TkupKuthEfxej2/wsuc95N+EWZ5maM+5hVpfRezato
ZlLFbPiEmUV8geaP69A8wqg2PET3srXZ0wUHC4DI7KrJSuw+WXgyJ1CYXirulpVi
jLrNEYWqhry5kMebbkADYSz21y8qSd7V1SouIQIDAQABo4ICPDCCAjgwHQYDVR0O
BBYEFM8595MMXgH6JSZM4T78Bu6oKLsWMB8GA1UdIwQYMBaAFKEu8BhQqHMzVrX3
eF1WsJJwPPViMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
b1M3d0dGQ29jek5XdGZkNFhWYXdrbkE4OVdJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8yOS9kYmM2OTktNGU3Mi00ZGZhLTlkMDItZDgzY2ZlZDI0ZjQ4LzEv
enpuM2t3eGVBZm9sSmt6aFB2d0c3cWdvdXhZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9k
YmM2OTktNGU3Mi00ZGZhLTlkMDItZDgzY2ZlZDI0ZjQ4LzEvb1M3d0dGQ29jek5X
dGZkNFhWYXdrbkE4OVdJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIG
CCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEHywgAwQBLhUQAwQALhUdAwQALhUf
AwQBuZu4AwQBwd3YAwQBwd5oMA0EAgACMAcDBQAqAL0AMA0GCSqGSIb3DQEBCwUA
A4IBAQCv74/h0X4XrGgXPlUNHq+kYO9J7V5IjAbnmOmcWO6ALDsCLFLswWlCgJw2
Y4/Fp9jtVZD10VBsvi48dQqtFZ6ppsGHlH+IfgvKg5i/sq9l2Wj6VOgodbEbYdqG
XoY7cGad+TG80CtbSXrAPhJ27uouC416SmUSorCptdG2PhIZ7FGW8owxifKteDoL
3OUm28rXHq0WXIXsYpXIcxv/Vigo1KsshzlA6jyHT0P89yQRiZobDpYuOCl7fZEg
H8qN16TA5CtdOCoaner8tZ20tWQ8ZxevMRFutQh81ORGVABUstNtQZ7sXyyQLjzd
uuh1cfIc/x0GsbMjAvWAkvCTCBzl
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:47 2024 by rpki-client on console-ams.rpki-client.org