Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/P8AQFzGSxe8XWLNjYs-Chbex6rA.roa
File:                     P8AQFzGSxe8XWLNjYs-Chbex6rA.roa (raw, json)
Hash identifier:          CAF+1nbZrffP/5YQFsHl7parRGKboaEMeg5Kqun38Yc=
Subject key identifier:   3F:C0:10:17:31:92:C5:EF:17:58:B3:63:62:CF:82:85:B7:B1:EA:B0
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018F2A33191D13C2C87E0141D17397357D6F
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/P8AQFzGSxe8XWLNjYs-Chbex6rA.roa
Signing time:             Mon 29 Apr 2024 14:12:22 +0000
ROA not before:           Mon 29 Apr 2024 14:12:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:33:19:1d:13:c2:c8:7e:01:41:d1:73:97:35:7d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: Apr 29 14:12:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fc010173192c5ef1758b36362cf8285b7b1eab0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:75:79:5a:b7:d0:cf:5e:44:fa:57:85:c4:49:
                    be:72:af:5a:07:ba:7c:ca:97:5f:6a:7b:ee:3b:a0:
                    6a:a4:69:87:18:cb:6c:17:de:5c:c7:71:3a:f8:0f:
                    aa:dc:47:71:b2:c3:1f:ba:31:ab:b8:60:69:0d:80:
                    86:be:4b:d7:13:65:75:4e:bb:94:71:65:f9:29:09:
                    b6:a3:d7:7e:22:0b:94:23:0c:93:64:6f:42:97:18:
                    c0:89:5c:56:a2:4a:84:69:8a:56:d4:3e:e9:b6:bc:
                    dc:49:fa:09:c9:5b:25:3c:8e:64:ee:dd:e1:76:d3:
                    67:42:a6:81:c2:1b:95:fc:fb:4a:d5:ec:b8:5c:8c:
                    a3:6a:5d:d9:ce:b9:17:21:4f:27:e9:ff:09:df:fd:
                    6e:b1:bf:36:6e:d5:12:d4:50:a5:ed:d8:41:92:d2:
                    e3:99:bc:87:f9:47:96:c1:07:26:23:96:7d:68:0c:
                    20:97:14:6e:13:5e:30:87:68:b4:93:3b:3b:08:49:
                    ad:2f:4f:3d:65:6a:1a:58:60:a6:3b:64:ee:65:fc:
                    63:76:99:ad:77:4e:1a:23:25:7d:35:e2:fd:9b:ac:
                    36:f7:dc:35:18:4a:5d:3a:d7:3e:49:b3:79:c3:1f:
                    c6:dd:70:41:9b:3d:a1:df:d8:b4:27:f0:5e:f6:ac:
                    e2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C0:10:17:31:92:C5:EF:17:58:B3:63:62:CF:82:85:B7:B1:EA:B0
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/P8AQFzGSxe8XWLNjYs-Chbex6rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:8a:4d:5b:58:5b:ed:5b:94:ec:be:3c:2b:d9:5c:24:04:cc:
         ec:fc:80:f9:22:9d:7c:46:b1:09:3a:26:69:f2:76:28:cb:4a:
         e5:b4:a3:5b:92:a3:02:9c:82:52:58:9a:13:ac:ab:22:20:a6:
         5b:7d:44:06:44:6f:cb:f1:92:98:41:25:f2:0e:62:01:aa:af:
         c0:30:fb:d2:2a:51:95:5d:98:4f:d7:7d:95:32:a4:bf:b2:9f:
         07:a1:1e:c0:15:2d:cf:04:79:92:20:e3:ae:9c:ed:b1:0f:a7:
         cd:17:81:31:b4:14:48:90:86:5e:74:f3:0f:fa:eb:c2:af:7a:
         a9:92:9a:6f:6a:7e:64:f1:5b:17:11:d9:76:1f:17:27:af:84:
         a2:ee:c9:13:49:9a:1a:66:d6:83:4c:e6:06:c8:01:f0:cc:30:
         94:f3:ca:73:31:fe:e5:8f:a7:5d:b6:41:26:05:fa:6d:d5:70:
         50:9d:ae:31:c3:3f:41:7b:40:bb:bb:35:a0:d1:4d:1c:23:4d:
         53:f4:82:ad:c2:75:1e:3e:07:6d:50:92:72:41:93:cd:c2:7e:
         ce:5d:84:5b:2d:91:1a:55:68:01:d8:b4:c9:63:72:a1:cf:79:
         0a:07:df:ff:9a:d0:42:db:9a:46:e3:73:a7:aa:ad:b6:2a:91:
         ab:28:56:ed
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY8qMxkdE8LIfgFB0XOXNX1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNDI5MTQxMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmMwMTAxNzMxOTJjNWVmMTc1OGIzNjM2MmNmODI4NWI3YjFlYWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nV5WrfQz15E+leFxEm+cq9aB7p8
ypdfanvuO6BqpGmHGMtsF95cx3E6+A+q3EdxssMfujGruGBpDYCGvkvXE2V1TruU
cWX5KQm2o9d+IguUIwyTZG9ClxjAiVxWokqEaYpW1D7ptrzcSfoJyVslPI5k7t3h
dtNnQqaBwhuV/PtK1ey4XIyjal3ZzrkXIU8n6f8J3/1usb82btUS1FCl7dhBktLj
mbyH+UeWwQcmI5Z9aAwglxRuE14wh2i0kzs7CEmtL089ZWoaWGCmO2TuZfxjdpmt
d04aIyV9NeL9m6w299w1GEpdOtc+SbN5wx/G3XBBmz2h39i0J/Be9qzi4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD/AEBcxksXvF1izY2LPgoW3seqwMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvUDhBUUZ6R1N4ZThYV0xOallzLUNoYmV4NnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACGKTVtYW+1blOy+PCvZ
XCQEzOz8gPkinXxGsQk6JmnydijLSuW0o1uSowKcglJYmhOsqyIgplt9RAZEb8vx
kphBJfIOYgGqr8Aw+9IqUZVdmE/XfZUypL+ynwehHsAVLc8EeZIg466c7bEPp80X
gTG0FEiQhl508w/668KveqmSmm9qfmTxWxcR2XYfFyevhKLuyRNJmhpm1oNM5gbI
AfDMMJTzynMx/uWPp122QSYF+m3VcFCdrjHDP0F7QLu7NaDRTRwjTVP0gq3CdR4+
B21QknJBk83Cfs5dhFstkRpVaAHYtMljcqHPeQoH3/+a0ELbmkbjc6eqrbYqkaso
Vu0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:07 2024 by rpki-client on console-fra.rpki-client.org