Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/4530a1-3fd0-4d04-bd95-a4647ad97ea3/1/rM53oCzsRyKk321v1LgpEyPH7Do.roa
File:                     rM53oCzsRyKk321v1LgpEyPH7Do.roa (raw, json)
Hash identifier:          wXoikFOZOAVtaANJ2k47cxv0gY7SKjPaqvna7ATXY90=
Subject key identifier:   AC:CE:77:A0:2C:EC:47:22:A4:DF:6D:6F:D4:B8:29:13:23:C7:EC:3A
Certificate issuer:       /CN=aaabc8e1e31f149029f9a255b1a446c92c922f5e
Certificate serial:       C41DDC
Authority key identifier: AA:AB:C8:E1:E3:1F:14:90:29:F9:A2:55:B1:A4:46:C9:2C:92:2F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqvI4eMfFJAp-aJVsaRGySySL14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/4530a1-3fd0-4d04-bd95-a4647ad97ea3/1/rM53oCzsRyKk321v1LgpEyPH7Do.roa
Signing time:             Sat 01 Jan 2022 05:58:46 +0000
ROA not before:           Sat 01 Jan 2022 05:58:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2856
IP address blocks:        194.104.234.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12852700 (0xc41ddc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaabc8e1e31f149029f9a255b1a446c92c922f5e
        Validity
            Not Before: Jan  1 05:58:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=acce77a02cec4722a4df6d6fd4b8291323c7ec3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:62:1c:2f:33:ed:d3:82:5b:e7:14:c9:d0:10:
                    a6:29:28:a5:7b:d0:88:51:c1:e0:78:bf:96:95:0a:
                    0e:61:e9:ea:6f:82:7e:1e:95:b8:7a:cf:70:25:14:
                    57:59:2c:f6:a5:30:d5:df:56:94:41:63:9b:2c:ea:
                    17:f4:6d:88:a0:c2:f6:4c:e0:99:eb:71:60:2b:b9:
                    15:83:37:29:2c:63:d9:95:3c:1c:2c:8c:13:5a:0a:
                    85:b7:d6:36:2f:f6:1e:cc:1b:27:0d:b0:af:35:89:
                    17:d2:9d:ac:35:9b:69:a9:91:a3:e9:e9:6d:af:b8:
                    a1:d1:db:3c:5c:25:93:7c:d7:17:a0:1b:48:ed:29:
                    53:aa:bb:c1:5f:9d:56:bf:7a:f7:ee:30:bd:90:8d:
                    5a:67:98:c3:db:be:eb:b2:d6:00:b0:32:81:5c:6b:
                    2e:71:18:06:f8:8b:76:58:16:50:b6:72:f0:c7:fe:
                    a6:9a:75:a4:0f:fe:ac:6b:76:0e:66:94:4e:a4:26:
                    d3:89:fc:c6:f6:13:da:d6:fc:99:40:a8:5a:b1:ef:
                    6c:02:46:93:21:6a:f8:32:45:d1:b8:86:7f:b0:e0:
                    d5:32:7f:5e:3b:12:39:0d:e4:eb:de:62:e0:9c:93:
                    e4:77:22:bd:5c:22:02:04:45:be:5d:2a:31:69:33:
                    2a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:CE:77:A0:2C:EC:47:22:A4:DF:6D:6F:D4:B8:29:13:23:C7:EC:3A
            X509v3 Authority Key Identifier:
                keyid:AA:AB:C8:E1:E3:1F:14:90:29:F9:A2:55:B1:A4:46:C9:2C:92:2F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqvI4eMfFJAp-aJVsaRGySySL14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/4530a1-3fd0-4d04-bd95-a4647ad97ea3/1/rM53oCzsRyKk321v1LgpEyPH7Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/4530a1-3fd0-4d04-bd95-a4647ad97ea3/1/qqvI4eMfFJAp-aJVsaRGySySL14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:60:88:01:31:03:bd:0b:83:be:3d:7c:fc:ad:e3:99:f0:48:
         b3:0c:b9:21:33:cb:49:b6:a1:e1:d7:e7:9e:09:21:0f:28:8d:
         14:84:2c:12:51:0b:67:02:c9:c4:1d:06:b9:b6:02:58:4b:d9:
         ed:4b:f5:12:99:05:26:4d:0d:84:14:e8:ad:d0:a7:cf:30:bc:
         15:6b:8e:31:bb:e4:16:c1:9a:2d:b9:98:13:32:f0:af:6a:55:
         a2:72:e2:01:ee:b3:19:c4:f6:e4:5c:e4:3a:57:80:f2:ae:b2:
         cb:c1:7c:fd:8e:06:7c:cc:62:69:63:fa:19:cd:9d:c3:cf:64:
         48:c1:0a:24:b1:0a:8c:0e:6c:1f:eb:46:86:be:c6:22:82:cb:
         f8:e7:10:92:e9:71:ed:92:ab:27:7a:9c:6c:24:dc:2e:14:e7:
         33:7a:f0:5c:fc:34:21:30:05:b8:3f:b3:c0:25:32:ef:61:8b:
         d1:f9:ba:ec:c6:f7:86:f4:55:b9:43:d5:39:5d:c6:45:d9:d3:
         09:9d:82:5e:bb:d6:8d:e5:9f:54:15:f5:19:2a:f7:12:11:a3:
         79:6d:2f:e3:42:91:b6:d9:03:06:7d:b0:d8:c1:00:fd:6d:31:
         2c:cc:2e:65:7b:9c:35:87:db:f8:08:66:25:e3:84:81:75:0a:
         c2:e8:83:11
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAMQd3DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YWFiYzhlMWUzMWYxNDkwMjlmOWEyNTViMWE0NDZjOTJjOTIyZjVlMB4XDTIyMDEw
MTA1NTg0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWNjZTc3YTAyY2Vj
NDcyMmE0ZGY2ZDZmZDRiODI5MTMyM2M3ZWMzYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANJiHC8z7dOCW+cUydAQpikopXvQiFHB4Hi/lpUKDmHp6m+C
fh6VuHrPcCUUV1ks9qUw1d9WlEFjmyzqF/RtiKDC9kzgmetxYCu5FYM3KSxj2ZU8
HCyME1oKhbfWNi/2HswbJw2wrzWJF9KdrDWbaamRo+npba+4odHbPFwlk3zXF6Ab
SO0pU6q7wV+dVr969+4wvZCNWmeYw9u+67LWALAygVxrLnEYBviLdlgWULZy8Mf+
ppp1pA/+rGt2DmaUTqQm04n8xvYT2tb8mUCoWrHvbAJGkyFq+DJF0biGf7Dg1TJ/
XjsSOQ3k695i4JyT5HcivVwiAgRFvl0qMWkzKt8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSsznegLOxHIqTfbW/UuCkTI8fsOjAfBgNVHSMEGDAWgBSqq8jh4x8UkCn5
olWxpEbJLJIvXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Fxdkk0ZU1mRkpBcC1hSlZzYVJHeVN5U0wxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzEvNDUzMGExLTNmZDAtNGQwNC1iZDk1LWE0NjQ3YWQ5N2VhMy8x
L3JNNTNvQ3pzUnlLazMyMXYxTGdwRXlQSDdEby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEv
NDUzMGExLTNmZDAtNGQwNC1iZDk1LWE0NjQ3YWQ5N2VhMy8xL3Fxdkk0ZU1mRkpB
cC1hSlZzYVJHeVN5U0wxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJo6jANBgkqhkiG9w0BAQsFAAOC
AQEAHWCIATEDvQuDvj18/K3jmfBIswy5ITPLSbah4dfnngkhDyiNFIQsElELZwLJ
xB0GubYCWEvZ7Uv1EpkFJk0NhBTordCnzzC8FWuOMbvkFsGaLbmYEzLwr2pVonLi
Ae6zGcT25FzkOleA8q6yy8F8/Y4GfMxiaWP6Gc2dw89kSMEKJLEKjA5sH+tGhr7G
IoLL+OcQkulx7ZKrJ3qcbCTcLhTnM3rwXPw0ITAFuD+zwCUy72GL0fm67Mb3hvRV
uUPVOV3GRdnTCZ2CXrvWjeWfVBX1GSr3EhGjeW0v40KRttkDBn2w2MEA/W0xLMwu
ZXucNYfb+AhmJeOEgXUKwuiDEQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:33 2024 by rpki-client on console-fra.rpki-client.org