Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/TosIn23XR66NKYfw48wvUKBgzXI.roa
File:                     TosIn23XR66NKYfw48wvUKBgzXI.roa (raw, json)
Hash identifier:          DKdOC3EG/S5kUL+gmantijaEiiGKLtAJ0qJY2lpY5fI=
Subject key identifier:   4E:8B:08:9F:6D:D7:47:AE:8D:29:87:F0:E3:CC:2F:50:A0:60:CD:72
Certificate issuer:       /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial:       018EF8323DE6375FA5ABE40488111ADD9F05
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/TosIn23XR66NKYfw48wvUKBgzXI.roa
Signing time:             Fri 19 Apr 2024 21:10:25 +0000
ROA not before:           Fri 19 Apr 2024 21:10:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f8:32:3d:e6:37:5f:a5:ab:e4:04:88:11:1a:dd:9f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
        Validity
            Not Before: Apr 19 21:10:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e8b089f6dd747ae8d2987f0e3cc2f50a060cd72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:95:24:d9:52:39:d6:4f:e4:ef:bb:bc:d8:e3:
                    9f:f0:2a:32:66:d1:33:1e:d2:39:ea:32:6a:47:01:
                    4b:ce:60:0d:de:e6:c5:1f:a8:81:9d:5a:8a:f6:41:
                    b4:4a:99:d8:fe:dc:13:b2:43:35:ed:35:6a:36:25:
                    80:7a:ed:e4:ed:e7:f5:7d:9d:18:2b:7b:cc:b7:bd:
                    15:53:c6:00:15:a4:cc:17:59:f7:09:e8:fb:5e:52:
                    b7:ec:d7:31:71:73:6e:ab:4f:26:a8:f3:75:48:fa:
                    0c:df:4d:de:46:36:c0:5a:1c:d3:9d:be:e7:10:86:
                    7d:bd:cd:5f:a4:5d:0c:48:af:a3:7d:2a:20:eb:6f:
                    c2:3e:86:40:32:26:5a:19:0f:c1:f0:fa:cc:69:38:
                    86:77:50:87:4a:5f:38:6b:58:47:50:53:53:9a:70:
                    41:ec:2d:37:82:8e:8b:65:87:89:59:5f:21:ad:5c:
                    d3:b9:be:73:36:46:b3:22:31:68:61:01:7e:8c:4d:
                    9f:a1:6e:38:33:c2:86:59:fe:27:2f:e6:dc:9d:51:
                    c6:c6:ec:ed:63:3a:db:49:dc:44:96:0e:74:fe:2b:
                    fa:76:d8:f1:64:2f:36:e4:07:d8:6a:56:c4:76:f4:
                    84:5e:0f:da:7f:7d:3f:76:4a:ad:10:27:aa:ae:83:
                    a1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8B:08:9F:6D:D7:47:AE:8D:29:87:F0:E3:CC:2F:50:A0:60:CD:72
            X509v3 Authority Key Identifier:
                keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/TosIn23XR66NKYfw48wvUKBgzXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:81:f9:44:31:3c:b2:51:23:13:46:28:4d:78:aa:26:96:b1:
         7b:d9:9f:3d:cb:0b:22:5b:63:81:a3:f7:0e:16:0c:cd:59:2b:
         97:18:0b:89:0a:94:38:17:1c:17:f5:8d:18:e5:e6:57:a4:81:
         09:a4:64:a7:cd:c6:86:53:e0:84:70:77:2f:8f:e2:47:98:69:
         d7:bf:59:49:40:45:8a:74:f6:db:dc:37:6f:39:2a:ec:d7:16:
         e7:cb:e6:b8:6a:85:8d:5b:fa:e4:d6:94:1b:ef:07:29:39:66:
         e8:55:4b:14:89:f5:25:e1:d2:47:7f:be:1d:5b:03:e6:33:a7:
         b9:e4:ba:d0:03:54:07:76:e3:dd:ef:4d:0a:cb:86:ec:44:85:
         f6:af:b3:b0:a1:90:10:bc:b2:01:8a:75:49:fa:87:b8:45:f4:
         29:7a:65:b5:41:84:7f:ef:c0:d5:98:83:49:2a:75:fc:f6:5b:
         59:3b:eb:4b:23:9f:44:0d:01:30:bf:a8:85:81:61:d6:b8:87:
         fc:7b:f0:cc:e0:54:c7:b2:14:22:b7:a6:69:06:f8:8d:a8:3b:
         26:99:a4:df:bc:22:65:e6:5b:0f:04:24:6f:14:79:59:a9:37:
         9b:f9:26:8a:9d:c1:84:05:7e:80:93:fa:e8:38:c4:c7:bc:78:
         a3:55:00:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY74Mj3mN1+lq+QEiBEa3Z8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNDE5MjExMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThiMDg5ZjZkZDc0N2FlOGQyOTg3ZjBlM2NjMmY1MGEwNjBjZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZUk2VI51k/k77u82OOf8CoyZtEz
HtI56jJqRwFLzmAN3ubFH6iBnVqK9kG0SpnY/twTskM17TVqNiWAeu3k7ef1fZ0Y
K3vMt70VU8YAFaTMF1n3Cej7XlK37NcxcXNuq08mqPN1SPoM303eRjbAWhzTnb7n
EIZ9vc1fpF0MSK+jfSog62/CPoZAMiZaGQ/B8PrMaTiGd1CHSl84a1hHUFNTmnBB
7C03go6LZYeJWV8hrVzTub5zNkazIjFoYQF+jE2foW44M8KGWf4nL+bcnVHGxuzt
YzrbSdxElg50/iv6dtjxZC825AfYalbEdvSEXg/af30/dkqtECeqroOhAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6LCJ9t10eujSmH8OPML1CgYM1yMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvVG9zSW4yM1hSNjZOS1lmdzQ4d3ZVS0JnelhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwQAYMA0G
CSqGSIb3DQEBCwUAA4IBAQCIgflEMTyyUSMTRihNeKomlrF72Z89ywsiW2OBo/cO
FgzNWSuXGAuJCpQ4FxwX9Y0Y5eZXpIEJpGSnzcaGU+CEcHcvj+JHmGnXv1lJQEWK
dPbb3DdvOSrs1xbny+a4aoWNW/rk1pQb7wcpOWboVUsUifUl4dJHf74dWwPmM6e5
5LrQA1QHduPd700Ky4bsRIX2r7OwoZAQvLIBinVJ+oe4RfQpemW1QYR/78DVmINJ
KnX89ltZO+tLI59EDQEwv6iFgWHWuIf8e/DM4FTHshQit6ZpBviNqDsmmaTfvCJl
5lsPBCRvFHlZqTeb+SaKncGEBX6Ak/roOMTHvHijVQCg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:07 2024 by rpki-client on console-fra.rpki-client.org