Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/8f7ae3-8e5e-4f06-9824-c869d7691b32/1/27KgHHnxLqqFy8ItslC1F4-gtwo.roa
File:                     27KgHHnxLqqFy8ItslC1F4-gtwo.roa (raw, json)
Hash identifier:          cA+dzDXLzkNZ2n9hUoGuK/Ew2CPpPW+DiduUTTD+Zxw=
Subject key identifier:   DB:B2:A0:1C:79:F1:2E:AA:85:CB:C2:2D:B2:50:B5:17:8F:A0:B7:0A
Certificate issuer:       /CN=4c0dad1bf18215a2fa808691a7bc5f9e702f99e2
Certificate serial:       0189D67EC29B67D4E156E07A80FFE77D8958
Authority key identifier: 4C:0D:AD:1B:F1:82:15:A2:FA:80:86:91:A7:BC:5F:9E:70:2F:99:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TA2tG_GCFaL6gIaRp7xfnnAvmeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/8f7ae3-8e5e-4f06-9824-c869d7691b32/1/27KgHHnxLqqFy8ItslC1F4-gtwo.roa
Signing time:             Tue 08 Aug 2023 18:52:58 +0000
ROA not before:           Tue 08 Aug 2023 18:52:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207607
IP address blocks:        185.115.204.0/24 maxlen: 24
                          2a12:f280::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d6:7e:c2:9b:67:d4:e1:56:e0:7a:80:ff:e7:7d:89:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c0dad1bf18215a2fa808691a7bc5f9e702f99e2
        Validity
            Not Before: Aug  8 18:52:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbb2a01c79f12eaa85cbc22db250b5178fa0b70a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ca:4d:d7:2b:86:af:5f:05:f7:3c:27:7b:22:
                    03:04:dd:0c:66:94:d2:8c:a2:c4:97:1f:42:b8:20:
                    1b:67:f6:9e:ce:17:d0:9d:bd:f9:f3:b3:9d:57:a8:
                    4b:b9:1b:3e:a3:65:3d:de:63:c5:e2:71:f7:52:69:
                    bc:c6:c5:84:e6:26:01:d5:81:42:91:c5:6e:12:03:
                    45:a9:97:01:16:2b:a7:d5:f9:fd:d0:35:c4:1b:e8:
                    ff:22:1e:e6:6d:9f:66:1d:71:64:50:63:a2:03:56:
                    1c:08:b0:af:f8:a5:6b:4e:ca:12:7d:e3:80:6e:0a:
                    d8:39:77:22:0a:98:d5:66:95:47:a8:f7:be:e4:b2:
                    bc:88:19:f1:38:75:e4:09:da:02:2a:9f:49:0c:58:
                    84:7d:26:84:07:c3:e3:1c:f8:9f:29:e7:9e:0b:d2:
                    27:b3:9a:9d:d9:8e:43:7c:e9:ad:ce:ec:1c:37:a1:
                    4d:de:14:0f:f6:00:9c:8c:e6:cb:bd:f8:33:a1:ef:
                    ea:58:c0:1c:8e:2c:02:71:2e:c8:e3:eb:f8:85:03:
                    13:9c:12:49:7d:ce:a6:7b:e3:ef:f5:1a:ab:10:1a:
                    0e:9e:fd:2c:39:23:84:f7:93:17:14:19:2b:d2:93:
                    e6:c9:4a:e8:0d:28:41:72:68:dd:0d:c9:ab:ac:c7:
                    8a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:B2:A0:1C:79:F1:2E:AA:85:CB:C2:2D:B2:50:B5:17:8F:A0:B7:0A
            X509v3 Authority Key Identifier:
                keyid:4C:0D:AD:1B:F1:82:15:A2:FA:80:86:91:A7:BC:5F:9E:70:2F:99:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TA2tG_GCFaL6gIaRp7xfnnAvmeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/8f7ae3-8e5e-4f06-9824-c869d7691b32/1/27KgHHnxLqqFy8ItslC1F4-gtwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/8f7ae3-8e5e-4f06-9824-c869d7691b32/1/TA2tG_GCFaL6gIaRp7xfnnAvmeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.204.0/24
                IPv6:
                  2a12:f280::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:6b:b6:d8:ff:2b:29:36:1d:be:a5:3c:3a:53:0e:e9:e0:74:
         77:cc:44:a9:77:f5:df:1b:be:23:a8:d3:44:dd:4e:55:a5:94:
         29:aa:c0:bb:e7:8f:93:a1:82:22:cf:45:a3:c8:3d:81:33:d8:
         c7:9c:ec:0d:ef:b0:3f:e2:69:a0:c7:92:d0:86:d2:5b:1f:ab:
         0b:fb:0e:03:5a:6f:98:9f:87:ed:c1:6a:da:4f:b6:42:6c:4a:
         33:68:ec:a5:2e:99:17:8d:4b:54:21:6a:09:5b:38:37:55:5d:
         73:01:eb:54:1f:69:78:30:70:f0:14:cd:df:fa:5f:77:6a:a5:
         8b:d4:5a:ed:75:0d:8b:87:8d:c0:3b:ef:40:c8:62:68:17:87:
         bf:5e:94:6e:04:60:20:6c:76:07:11:a6:b9:90:17:80:0e:0e:
         7a:b9:81:b6:4b:db:6c:9e:6b:d9:1b:74:6c:5f:dd:97:c3:3e:
         06:01:d4:a9:53:8c:af:7d:10:81:32:4e:ac:96:6c:6d:cf:c4:
         7e:3a:e8:c2:8e:fa:8e:54:c6:58:db:46:27:8a:7a:9c:42:2b:
         2f:23:cc:2d:da:f4:aa:48:28:df:0e:14:9c:63:ce:fb:72:fe:
         7f:f5:f8:b0:88:29:6b:14:64:96:ba:f3:2f:ce:e3:3e:0e:1c:
         69:87:f4:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYnWfsKbZ9ThVuB6gP/nfYlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMGRhZDFiZjE4MjE1YTJmYTgwODY5MWE3YmM1ZjllNzAy
Zjk5ZTIwHhcNMjMwODA4MTg1MjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmIyYTAxYzc5ZjEyZWFhODVjYmMyMmRiMjUwYjUxNzhmYTBiNzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0spN1yuGr18F9zwneyIDBN0MZpTS
jKLElx9CuCAbZ/aezhfQnb3587OdV6hLuRs+o2U93mPF4nH3Umm8xsWE5iYB1YFC
kcVuEgNFqZcBFiun1fn90DXEG+j/Ih7mbZ9mHXFkUGOiA1YcCLCv+KVrTsoSfeOA
bgrYOXciCpjVZpVHqPe+5LK8iBnxOHXkCdoCKp9JDFiEfSaEB8PjHPifKeeeC9In
s5qd2Y5DfOmtzuwcN6FN3hQP9gCcjObLvfgzoe/qWMAcjiwCcS7I4+v4hQMTnBJJ
fc6me+Pv9RqrEBoOnv0sOSOE95MXFBkr0pPmyUroDShBcmjdDcmrrMeK4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNuyoBx58S6qhcvCLbJQtRePoLcKMB8GA1UdIwQY
MBaAFEwNrRvxghWi+oCGkae8X55wL5niMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEEydEdfR0NGYUw2Z0lhUnA3eGZubkF2bWVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi84ZjdhZTMtOGU1ZS00ZjA2LTk4MjQt
Yzg2OWQ3NjkxYjMyLzEvMjdLZ0hIbnhMcXFGeThJdHNsQzFGNC1ndHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi84ZjdhZTMtOGU1ZS00ZjA2LTk4MjQtYzg2OWQ3NjkxYjMy
LzEvVEEydEdfR0NGYUw2Z0lhUnA3eGZubkF2bWVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXPMMA0E
AgACMAcDBQMqEvKAMA0GCSqGSIb3DQEBCwUAA4IBAQCKa7bY/yspNh2+pTw6Uw7p
4HR3zESpd/XfG74jqNNE3U5VpZQpqsC754+ToYIiz0WjyD2BM9jHnOwN77A/4mmg
x5LQhtJbH6sL+w4DWm+Yn4ftwWraT7ZCbEozaOylLpkXjUtUIWoJWzg3VV1zAetU
H2l4MHDwFM3f+l93aqWL1FrtdQ2Lh43AO+9AyGJoF4e/XpRuBGAgbHYHEaa5kBeA
Dg56uYG2S9tsnmvZG3RsX92Xwz4GAdSpU4yvfRCBMk6slmxtz8R+OujCjvqOVMZY
20YninqcQisvI8wt2vSqSCjfDhScY877cv5/9fiwiClrFGSWuvMvzuM+Dhxph/SR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:04 2024 by rpki-client on console-ams.rpki-client.org