Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/2508c5-84e9-4d66-bffb-53dc23d10733/1/_3ha4PD1xbrN7brPhu3gY08mbl4.roa
File:                     _3ha4PD1xbrN7brPhu3gY08mbl4.roa (raw, json)
Hash identifier:          nOqrmcEj/S01qISKrHk31FQrzLlcVKcFZB1HeZxCck8=
Subject key identifier:   FF:78:5A:E0:F0:F5:C5:BA:CD:ED:BA:CF:86:ED:E0:63:4F:26:6E:5E
Certificate issuer:       /CN=cf6680f898961fcd4b2012f0e8008b5c5180ef42
Certificate serial:       DDE9C3
Authority key identifier: CF:66:80:F8:98:96:1F:CD:4B:20:12:F0:E8:00:8B:5C:51:80:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z2aA-JiWH81LIBLw6ACLXFGA70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/2508c5-84e9-4d66-bffb-53dc23d10733/1/_3ha4PD1xbrN7brPhu3gY08mbl4.roa
Signing time:             Sat 01 Jan 2022 06:03:28 +0000
ROA not before:           Sat 01 Jan 2022 06:03:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        193.221.210.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14543299 (0xdde9c3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf6680f898961fcd4b2012f0e8008b5c5180ef42
        Validity
            Not Before: Jan  1 06:03:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ff785ae0f0f5c5bacdedbacf86ede0634f266e5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a9:71:3f:34:b9:a7:0a:fc:e6:48:1f:b0:e5:
                    7c:18:79:23:18:02:a9:f6:5f:c1:93:52:66:af:29:
                    22:7f:76:e2:88:59:28:fb:cd:b0:2e:47:ff:ed:6b:
                    94:8b:a3:1b:55:e0:04:3b:12:76:7a:8b:15:18:c4:
                    23:6c:a4:1f:ef:3a:07:b3:e6:2a:1d:74:13:f6:73:
                    78:70:44:4c:1e:17:50:89:07:c9:35:97:22:f8:1c:
                    de:d1:b8:bd:83:f2:a1:d4:e8:be:01:2c:58:bb:1f:
                    27:b6:51:08:1f:f8:0e:89:3f:7f:52:50:d9:98:e2:
                    28:a1:2e:cd:2b:d4:3b:16:8c:30:03:69:96:01:94:
                    0b:67:d7:93:b3:2d:09:95:5e:78:00:c8:f9:e7:1e:
                    ed:c2:77:a0:0c:7e:11:ae:fc:4c:7e:21:31:70:18:
                    68:8b:97:69:44:79:df:de:24:82:8d:b7:dd:cb:49:
                    40:b9:da:98:07:c8:fc:32:2b:fc:6d:83:a7:78:ba:
                    e1:60:63:e3:80:57:89:14:c6:f5:fc:28:29:03:3e:
                    a9:ae:4b:1e:d5:dd:50:e7:c1:30:c3:58:6a:00:2b:
                    72:2e:8c:35:55:c0:45:63:e2:4c:86:45:3d:c2:90:
                    dd:e3:0b:17:63:29:e8:bc:ca:ca:76:1b:7d:a2:63:
                    03:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:78:5A:E0:F0:F5:C5:BA:CD:ED:BA:CF:86:ED:E0:63:4F:26:6E:5E
            X509v3 Authority Key Identifier:
                keyid:CF:66:80:F8:98:96:1F:CD:4B:20:12:F0:E8:00:8B:5C:51:80:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z2aA-JiWH81LIBLw6ACLXFGA70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/2508c5-84e9-4d66-bffb-53dc23d10733/1/_3ha4PD1xbrN7brPhu3gY08mbl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/2508c5-84e9-4d66-bffb-53dc23d10733/1/z2aA-JiWH81LIBLw6ACLXFGA70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d3:ca:44:29:0e:db:5e:38:69:24:b7:f9:74:3d:4f:f2:4e:
         7c:20:31:b1:27:ce:0d:b2:66:32:9e:e2:e1:06:bf:21:52:70:
         2a:f7:c5:41:8e:b3:cf:19:84:f9:54:c3:7a:83:c4:df:ac:e1:
         f9:f4:6a:d3:21:e5:d9:72:b7:95:0c:45:30:41:11:9b:d8:b5:
         27:f9:b3:e9:c0:5f:57:7c:cb:9e:ff:ce:f1:2b:da:af:bb:8d:
         43:98:88:3f:f5:6b:c6:ba:74:f9:78:be:c3:c9:58:52:ca:26:
         f2:3e:11:a5:60:98:64:c0:1c:ee:8c:47:54:f2:8e:6d:40:65:
         66:a6:91:0d:83:52:b5:8d:8f:be:44:e4:3f:e0:27:f7:5f:21:
         f2:0f:f0:2a:33:42:df:56:62:a6:db:5b:df:a0:92:6c:56:32:
         6f:77:f1:cd:58:c1:12:7f:8e:2f:7b:06:ec:e5:dd:a3:13:89:
         35:37:be:72:dc:c2:24:c4:09:81:0a:7f:49:18:e5:81:12:03:
         7e:43:91:23:a3:a3:a4:8d:1a:41:54:de:dd:98:48:5f:9b:90:
         04:27:1d:94:fb:8b:a4:b9:8d:48:07:06:00:53:4c:cc:3d:1e:
         bc:f8:24:c5:9b:4b:95:0f:ff:0e:fc:89:0d:60:41:5a:9c:7f:
         a9:3f:fa:1d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAN3pwzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZjY2ODBmODk4OTYxZmNkNGIyMDEyZjBlODAwOGI1YzUxODBlZjQyMB4XDTIyMDEw
MTA2MDMyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmY3ODVhZTBmMGY1
YzViYWNkZWRiYWNmODZlZGUwNjM0ZjI2NmU1ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALWpcT80uacK/OZIH7DlfBh5IxgCqfZfwZNSZq8pIn924ohZ
KPvNsC5H/+1rlIujG1XgBDsSdnqLFRjEI2ykH+86B7PmKh10E/ZzeHBETB4XUIkH
yTWXIvgc3tG4vYPyodTovgEsWLsfJ7ZRCB/4Dok/f1JQ2ZjiKKEuzSvUOxaMMANp
lgGUC2fXk7MtCZVeeADI+ece7cJ3oAx+Ea78TH4hMXAYaIuXaUR5394kgo233ctJ
QLnamAfI/DIr/G2Dp3i64WBj44BXiRTG9fwoKQM+qa5LHtXdUOfBMMNYagArci6M
NVXARWPiTIZFPcKQ3eMLF2Mp6LzKynYbfaJjA4kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBT/eFrg8PXFus3tus+G7eBjTyZuXjAfBgNVHSMEGDAWgBTPZoD4mJYfzUsg
EvDoAItcUYDvQjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3oyYUEtSmlXSDgxTElCTHc2QUNMWEZHQTcwSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmUvMjUwOGM1LTg0ZTktNGQ2Ni1iZmZiLTUzZGMyM2QxMDczMy8x
L18zaGE0UEQxeGJyTjdiclBodTNnWTA4bWJsNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUv
MjUwOGM1LTg0ZTktNGQ2Ni1iZmZiLTUzZGMyM2QxMDczMy8xL3oyYUEtSmlXSDgx
TElCTHc2QUNMWEZHQTcwSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMHd0jANBgkqhkiG9w0BAQsFAAOC
AQEADtPKRCkO2144aSS3+XQ9T/JOfCAxsSfODbJmMp7i4Qa/IVJwKvfFQY6zzxmE
+VTDeoPE36zh+fRq0yHl2XK3lQxFMEERm9i1J/mz6cBfV3zLnv/O8Svar7uNQ5iI
P/Vrxrp0+Xi+w8lYUsom8j4RpWCYZMAc7oxHVPKObUBlZqaRDYNStY2PvkTkP+An
918h8g/wKjNC31Zipttb36CSbFYyb3fxzVjBEn+OL3sG7OXdoxOJNTe+ctzCJMQJ
gQp/SRjlgRIDfkORI6OjpI0aQVTe3ZhIX5uQBCcdlPuLpLmNSAcGAFNMzD0evPgk
xZtLlQ//DvyJDWBBWpx/qT/6HQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:53 2024 by rpki-client on console-ams.rpki-client.org