Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/4a22bb-2862-421c-b071-da99251b1328/1/hgZUFKRCEOtM8VRJs8iuqTcS0RY.roa
File:                     hgZUFKRCEOtM8VRJs8iuqTcS0RY.roa (raw, json)
Hash identifier:          qbXWtmvSaTPHc1UdF5oASpVYjtU8LcEIT6YYqulmeZQ=
Subject key identifier:   86:06:54:14:A4:42:10:EB:4C:F1:54:49:B3:C8:AE:A9:37:12:D1:16
Certificate issuer:       /CN=12608e7181a303df044911ab4f2d51c2887ef278
Certificate serial:       018CC8DE6AA06277918EB158BD129A28E3D4
Authority key identifier: 12:60:8E:71:81:A3:03:DF:04:49:11:AB:4F:2D:51:C2:88:7E:F2:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmCOcYGjA98ESRGrTy1Rwoh-8ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/4a22bb-2862-421c-b071-da99251b1328/1/hgZUFKRCEOtM8VRJs8iuqTcS0RY.roa
Signing time:             Tue 02 Jan 2024 06:31:08 +0000
ROA not before:           Tue 02 Jan 2024 06:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151609
IP address blocks:        45.149.16.0/24 maxlen: 24
                          45.149.18.0/24 maxlen: 24
                          45.149.19.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:6a:a0:62:77:91:8e:b1:58:bd:12:9a:28:e3:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12608e7181a303df044911ab4f2d51c2887ef278
        Validity
            Not Before: Jan  2 06:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86065414a44210eb4cf15449b3c8aea93712d116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d4:ee:ff:15:c6:58:25:b9:8b:06:c0:50:5c:
                    a0:cb:ce:c7:3d:0a:35:e9:7d:a2:fb:86:47:7a:fc:
                    3e:2b:5e:cd:e7:34:a8:25:49:69:3b:18:d7:b8:04:
                    ea:9d:ab:67:80:c9:42:93:27:a2:35:84:7e:45:77:
                    6b:69:97:39:bf:d1:7b:8c:5e:cc:c5:b3:7c:75:a8:
                    45:40:6a:e2:75:db:7f:56:cd:01:a3:49:23:30:25:
                    b7:5b:53:d4:0b:a7:2f:35:bf:46:6e:2e:6d:92:ca:
                    b1:d2:77:02:8a:eb:85:94:0e:19:63:8c:85:17:14:
                    0a:14:c1:f3:cb:67:4a:34:56:c1:a0:6c:99:5d:f0:
                    4c:ea:ec:48:10:b2:57:9a:88:63:ff:94:ee:8b:a6:
                    00:d5:3f:4e:f2:81:36:12:5c:5b:79:12:44:77:e4:
                    f0:5e:36:7e:d0:cc:ff:36:9d:b8:66:f6:c4:5b:37:
                    90:b7:f6:e5:ba:ae:f8:f7:54:07:a5:29:5a:ca:f0:
                    7c:11:32:ec:74:ea:ef:58:75:0b:d8:51:f9:16:a4:
                    a3:04:00:74:bb:8c:d6:2a:53:da:83:ad:15:89:e2:
                    c2:57:08:ea:17:1d:7c:4b:e8:7b:5e:68:68:d7:4c:
                    02:16:0d:ff:2a:1a:82:23:11:ab:84:86:a6:ab:18:
                    8f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:06:54:14:A4:42:10:EB:4C:F1:54:49:B3:C8:AE:A9:37:12:D1:16
            X509v3 Authority Key Identifier:
                keyid:12:60:8E:71:81:A3:03:DF:04:49:11:AB:4F:2D:51:C2:88:7E:F2:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmCOcYGjA98ESRGrTy1Rwoh-8ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/4a22bb-2862-421c-b071-da99251b1328/1/hgZUFKRCEOtM8VRJs8iuqTcS0RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/4a22bb-2862-421c-b071-da99251b1328/1/EmCOcYGjA98ESRGrTy1Rwoh-8ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.16.0/24
                  45.149.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:08:bf:a5:5a:3e:36:b7:aa:7f:f7:16:2b:d0:2c:d0:85:07:
         b2:0f:49:64:ce:9c:dd:0a:43:d4:99:31:fa:c3:fe:9c:85:63:
         57:a1:47:98:b2:91:96:d4:cf:e2:2a:97:b9:54:9a:21:55:33:
         02:5d:69:7b:25:ce:ca:e3:ec:ed:6d:b2:65:cb:6f:3b:52:44:
         d0:90:fb:aa:42:61:8a:3c:a6:0b:18:7a:a5:4f:85:43:c0:d4:
         a3:31:6d:79:41:e4:5a:a3:43:a5:f5:6d:be:18:23:21:e3:04:
         8b:2e:1a:9c:68:c9:fc:31:3c:c6:aa:4d:5b:3d:3a:60:e9:1e:
         11:22:a0:d2:dd:8b:b9:e4:03:e8:45:5b:d8:10:0e:33:1d:fe:
         8f:00:4b:98:12:b1:33:5d:b7:08:80:4a:0f:ff:d2:2b:c0:cf:
         25:ef:d9:45:1c:66:d2:4c:bd:76:55:ed:88:b6:3e:f8:c0:66:
         af:e7:f4:d5:45:9a:84:7c:0b:44:d8:76:29:19:ab:4c:72:08:
         45:47:c9:ac:6a:93:c9:5c:05:a8:53:a5:4a:e4:39:76:1c:86:
         a6:8d:a6:77:b7:03:eb:f6:9f:e0:ae:aa:f4:e7:41:79:f0:51:
         82:68:95:30:23:89:e0:9e:92:1e:db:e8:ef:5e:15:8e:6d:f4:
         61:9e:b1:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3mqgYneRjrFYvRKaKOPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjA4ZTcxODFhMzAzZGYwNDQ5MTFhYjRmMmQ1MWMyODg3
ZWYyNzgwHhcNMjQwMTAyMDYzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA2NTQxNGE0NDIxMGViNGNmMTU0NDliM2M4YWVhOTM3MTJkMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39Tu/xXGWCW5iwbAUFygy87HPQo1
6X2i+4ZHevw+K17N5zSoJUlpOxjXuATqnatngMlCkyeiNYR+RXdraZc5v9F7jF7M
xbN8dahFQGriddt/Vs0Bo0kjMCW3W1PUC6cvNb9Gbi5tksqx0ncCiuuFlA4ZY4yF
FxQKFMHzy2dKNFbBoGyZXfBM6uxIELJXmohj/5Tui6YA1T9O8oE2ElxbeRJEd+Tw
XjZ+0Mz/Np24ZvbEWzeQt/bluq7491QHpSlayvB8ETLsdOrvWHUL2FH5FqSjBAB0
u4zWKlPag60VieLCVwjqFx18S+h7Xmho10wCFg3/KhqCIxGrhIamqxiPGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIYGVBSkQhDrTPFUSbPIrqk3EtEWMB8GA1UdIwQY
MBaAFBJgjnGBowPfBEkRq08tUcKIfvJ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1DT2NZR2pBOThFU1JHclR5MVJ3b2gtOG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS80YTIyYmItMjg2Mi00MjFjLWIwNzEt
ZGE5OTI1MWIxMzI4LzEvaGdaVUZLUkNFT3RNOFZSSnM4aXVxVGNTMFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS80YTIyYmItMjg2Mi00MjFjLWIwNzEtZGE5OTI1MWIxMzI4
LzEvRW1DT2NZR2pBOThFU1JHclR5MVJ3b2gtOG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZUQAwQB
LZUSMA0GCSqGSIb3DQEBCwUAA4IBAQCaCL+lWj42t6p/9xYr0CzQhQeyD0lkzpzd
CkPUmTH6w/6chWNXoUeYspGW1M/iKpe5VJohVTMCXWl7Jc7K4+ztbbJly287UkTQ
kPuqQmGKPKYLGHqlT4VDwNSjMW15QeRao0Ol9W2+GCMh4wSLLhqcaMn8MTzGqk1b
PTpg6R4RIqDS3Yu55APoRVvYEA4zHf6PAEuYErEzXbcIgEoP/9IrwM8l79lFHGbS
TL12Ve2Itj74wGav5/TVRZqEfAtE2HYpGatMcghFR8msapPJXAWoU6VK5Dl2HIam
jaZ3twPr9p/grqr050F58FGCaJUwI4ngnpIe2+jvXhWObfRhnrFH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:53 2024 by rpki-client on console-ams.rpki-client.org