Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/68536b-da89-4063-90da-104984df48b1/1/XFUb1ztKhJkg3N5q-83VBPeCiJk.roa
File:                     XFUb1ztKhJkg3N5q-83VBPeCiJk.roa (raw, json)
Hash identifier:          TP7JWqifQc/CtvPl5Av+U4oZYe60xWbBv5qJrjkjkc0=
Subject key identifier:   5C:55:1B:D7:3B:4A:84:99:20:DC:DE:6A:FB:CD:D5:04:F7:82:88:99
Certificate issuer:       /CN=6c86838aae16bc368182714fcb4f8eaf87c80fcf
Certificate serial:       01672E52
Authority key identifier: 6C:86:83:8A:AE:16:BC:36:81:82:71:4F:CB:4F:8E:AF:87:C8:0F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bIaDiq4WvDaBgnFPy0-Or4fID88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/68536b-da89-4063-90da-104984df48b1/1/XFUb1ztKhJkg3N5q-83VBPeCiJk.roa
Signing time:             Mon 25 Apr 2022 18:07:25 +0000
ROA not before:           Mon 25 Apr 2022 18:07:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62240
IP address blocks:        195.60.171.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 23539282 (0x1672e52)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c86838aae16bc368182714fcb4f8eaf87c80fcf
        Validity
            Not Before: Apr 25 18:07:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c551bd73b4a849920dcde6afbcdd504f7828899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:19:cd:ae:8d:69:c7:33:e3:b5:31:c1:be:02:
                    a4:74:35:cf:7b:5a:41:f6:e5:98:50:26:f3:73:ef:
                    66:d2:37:20:bc:7b:cd:bf:e4:92:c8:5c:da:b4:73:
                    5a:ae:18:33:ab:f5:95:de:20:40:2a:aa:26:22:2f:
                    fd:43:58:58:a7:b4:e8:60:4f:23:b3:7c:25:06:23:
                    9e:db:d1:7a:52:e3:77:da:8a:a0:d2:cc:38:63:fa:
                    46:4e:06:5b:ce:c9:23:97:34:a7:39:05:13:63:90:
                    1e:19:54:55:33:12:b6:55:c9:ac:59:cb:5a:ff:9d:
                    1b:89:cc:5a:80:a1:47:bf:f9:ad:d8:18:87:47:d5:
                    0d:41:d5:ce:fb:11:29:3a:a5:52:9c:d5:cd:c2:9d:
                    91:bd:34:4c:4a:40:5e:60:a7:9c:28:0b:d7:95:9b:
                    d5:3f:4d:57:30:12:80:1c:dc:ee:8e:bf:10:56:f9:
                    94:49:86:a0:4c:16:be:c9:5d:d3:e4:bb:33:3f:f3:
                    f9:9f:1f:28:99:b6:7e:0f:0b:de:6f:4e:7b:0c:6b:
                    b9:c1:5e:02:e2:5c:87:2b:8e:73:46:6a:c1:42:91:
                    09:7e:43:6c:9f:32:a0:d3:1f:34:30:9d:58:9e:6a:
                    8c:fe:1b:08:33:51:f1:2e:a9:c4:32:a1:9a:44:d0:
                    b3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:55:1B:D7:3B:4A:84:99:20:DC:DE:6A:FB:CD:D5:04:F7:82:88:99
            X509v3 Authority Key Identifier:
                keyid:6C:86:83:8A:AE:16:BC:36:81:82:71:4F:CB:4F:8E:AF:87:C8:0F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bIaDiq4WvDaBgnFPy0-Or4fID88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/68536b-da89-4063-90da-104984df48b1/1/XFUb1ztKhJkg3N5q-83VBPeCiJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/68536b-da89-4063-90da-104984df48b1/1/bIaDiq4WvDaBgnFPy0-Or4fID88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:8e:ba:d5:e9:86:28:b2:5d:72:5f:82:b1:e6:6a:f1:de:83:
         e7:cc:cb:49:0a:4e:4d:ba:e4:94:a0:a1:08:9a:66:83:c4:07:
         99:52:1e:f9:d0:50:26:1f:a9:ac:7c:f9:aa:31:10:41:4d:29:
         6a:ee:51:df:f5:63:e2:e4:f7:e4:61:39:2e:a2:71:b0:5c:52:
         73:47:95:50:cd:35:41:ff:84:35:39:c2:86:88:fa:99:5c:83:
         6a:44:cf:4a:62:18:ae:96:0b:80:17:33:70:9b:47:2d:f8:6f:
         af:76:17:92:ce:78:90:2a:c6:01:2e:9b:2a:5f:22:0d:b6:50:
         67:fc:61:b2:10:34:28:1f:16:26:43:38:2d:ec:93:a6:f1:72:
         8a:43:db:f4:a4:bb:bc:31:4e:e2:88:95:b8:a6:c7:58:6f:2d:
         87:b5:f0:8c:24:fb:19:50:83:6c:f2:51:26:3b:8d:c2:44:f1:
         78:68:63:dd:c5:e2:ea:26:52:b8:d0:c7:2e:6b:76:04:1d:07:
         6f:06:13:e6:6b:65:d5:ef:94:65:93:26:0c:ba:1d:43:bb:e9:
         2a:39:1c:99:ba:72:6c:eb:1b:9e:c5:6a:71:d8:70:bf:14:3f:
         23:dc:6e:42:69:68:e9:35:cf:ae:9c:a9:a6:95:d8:e3:a2:14:
         c4:81:90:cd
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAWcuUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Yzg2ODM4YWFlMTZiYzM2ODE4MjcxNGZjYjRmOGVhZjg3YzgwZmNmMB4XDTIyMDQy
NTE4MDcyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWM1NTFiZDczYjRh
ODQ5OTIwZGNkZTZhZmJjZGQ1MDRmNzgyODg5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN8Zza6Naccz47Uxwb4CpHQ1z3taQfblmFAm83PvZtI3ILx7
zb/kkshc2rRzWq4YM6v1ld4gQCqqJiIv/UNYWKe06GBPI7N8JQYjntvRelLjd9qK
oNLMOGP6Rk4GW87JI5c0pzkFE2OQHhlUVTMStlXJrFnLWv+dG4nMWoChR7/5rdgY
h0fVDUHVzvsRKTqlUpzVzcKdkb00TEpAXmCnnCgL15Wb1T9NVzASgBzc7o6/EFb5
lEmGoEwWvsld0+S7Mz/z+Z8fKJm2fg8L3m9OewxrucFeAuJchyuOc0ZqwUKRCX5D
bJ8yoNMfNDCdWJ5qjP4bCDNR8S6pxDKhmkTQs8ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRcVRvXO0qEmSDc3mr7zdUE94KImTAfBgNVHSMEGDAWgBRshoOKrha8NoGC
cU/LT46vh8gPzzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJYURpcTRXdkRhQmduRlB5MC1PcjRmSUQ4OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2IvNjg1MzZiLWRhODktNDA2My05MGRhLTEwNDk4NGRmNDhiMS8x
L1hGVWIxenRLaEprZzNONXEtODNWQlBlQ2lKay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Iv
Njg1MzZiLWRhODktNDA2My05MGRhLTEwNDk4NGRmNDhiMS8xL2JJYURpcTRXdkRh
QmduRlB5MC1PcjRmSUQ4OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMM8qzANBgkqhkiG9w0BAQsFAAOC
AQEAmI661emGKLJdcl+CseZq8d6D58zLSQpOTbrklKChCJpmg8QHmVIe+dBQJh+p
rHz5qjEQQU0pau5R3/Vj4uT35GE5LqJxsFxSc0eVUM01Qf+ENTnChoj6mVyDakTP
SmIYrpYLgBczcJtHLfhvr3YXks54kCrGAS6bKl8iDbZQZ/xhshA0KB8WJkM4LeyT
pvFyikPb9KS7vDFO4oiVuKbHWG8th7XwjCT7GVCDbPJRJjuNwkTxeGhj3cXi6iZS
uNDHLmt2BB0HbwYT5mtl1e+UZZMmDLodQ7vpKjkcmbpybOsbnsVqcdhwvxQ/I9xu
Qmlo6TXPrpypppXY46IUxIGQzQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:02 2024 by rpki-client on console-ams.rpki-client.org