Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/25852a-aeee-4002-a8ab-0ff9557967dc/1/BsGcWJp0_nGJMJlJbvS4bi3kVzc.roa
File:                     BsGcWJp0_nGJMJlJbvS4bi3kVzc.roa (raw, json)
Hash identifier:          bBaKMFxjiCr8KKYvL7HxQyS8tcWWp4hmkgB8rSPk/48=
Subject key identifier:   06:C1:9C:58:9A:74:FE:71:89:30:99:49:6E:F4:B8:6E:2D:E4:57:37
Certificate issuer:       /CN=71ed7ba32e16b552184e665579e8874b74a1ca9b
Certificate serial:       01856FD51839CBB9275D75607B55C6CF7BCB
Authority key identifier: 71:ED:7B:A3:2E:16:B5:52:18:4E:66:55:79:E8:87:4B:74:A1:CA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ce17oy4WtVIYTmZVeeiHS3Shyps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/25852a-aeee-4002-a8ab-0ff9557967dc/1/BsGcWJp0_nGJMJlJbvS4bi3kVzc.roa
Signing time:             Mon 02 Jan 2023 00:15:14 +0000
ROA not before:           Mon 02 Jan 2023 00:15:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41390
IP address blocks:        195.3.144.0/22 maxlen: 26

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:18:39:cb:b9:27:5d:75:60:7b:55:c6:cf:7b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ed7ba32e16b552184e665579e8874b74a1ca9b
        Validity
            Not Before: Jan  2 00:15:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06c19c589a74fe71893099496ef4b86e2de45737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:04:10:01:74:8f:58:76:a9:b8:4b:06:31:14:
                    49:0a:a5:71:c6:2a:9c:97:d7:e5:8b:63:39:ed:a9:
                    99:b1:74:07:ba:bc:d4:66:6d:c2:26:76:52:c6:5c:
                    f2:7b:4c:01:51:44:e8:19:64:61:df:0c:49:4b:45:
                    e3:47:90:11:f3:fa:14:19:9f:31:03:98:11:9e:3d:
                    3c:3a:9b:56:a0:c4:69:48:a0:f4:ac:6b:70:2f:da:
                    13:b7:32:ca:7b:21:fb:3b:53:48:41:ee:82:d3:39:
                    ac:ce:ca:9e:c7:d1:c2:76:56:00:35:30:2d:cc:55:
                    8e:29:c7:ae:fa:36:b9:89:f3:35:40:95:9d:0b:d0:
                    f1:0a:1b:88:f5:69:29:bd:64:a5:f3:62:f6:33:43:
                    e3:b6:8c:46:11:8c:17:de:d2:c6:5f:57:1c:d1:f5:
                    31:6f:31:26:0d:13:59:72:b0:20:f2:ae:dd:e7:09:
                    b2:0e:2e:7d:c5:26:fc:af:9f:e9:ef:b1:19:38:77:
                    7d:a6:d1:e6:52:17:15:53:d3:15:f5:a4:36:67:b5:
                    78:cd:16:53:98:7b:ab:75:fe:2d:17:3f:94:ed:7c:
                    2c:59:1f:a4:cb:39:97:72:c9:7f:1e:34:6b:83:1b:
                    3f:af:dd:ae:32:69:0c:b2:d5:1a:e9:76:12:c7:9c:
                    cc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C1:9C:58:9A:74:FE:71:89:30:99:49:6E:F4:B8:6E:2D:E4:57:37
            X509v3 Authority Key Identifier:
                keyid:71:ED:7B:A3:2E:16:B5:52:18:4E:66:55:79:E8:87:4B:74:A1:CA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce17oy4WtVIYTmZVeeiHS3Shyps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/25852a-aeee-4002-a8ab-0ff9557967dc/1/BsGcWJp0_nGJMJlJbvS4bi3kVzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/25852a-aeee-4002-a8ab-0ff9557967dc/1/ce17oy4WtVIYTmZVeeiHS3Shyps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.3.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:22:d5:fd:ce:2b:e7:a9:3d:a4:38:49:ab:8f:be:4b:76:ff:
         cd:a0:a7:e1:7a:73:1a:9b:f1:0e:24:3a:e3:cb:2e:83:25:a0:
         64:50:01:60:c1:8c:d9:aa:0d:69:84:66:c7:d7:79:77:73:da:
         73:6f:cd:2a:86:2a:7d:0f:ad:fc:27:11:be:c2:79:10:95:4f:
         3a:b3:6a:f3:13:11:f9:e4:a9:0f:83:a7:d5:37:13:51:d1:21:
         2e:55:88:02:b0:2c:6d:50:f7:ba:68:34:37:22:7a:c1:d5:51:
         e3:8f:b7:82:62:b5:68:3e:2f:ac:59:9a:83:1e:45:18:b5:4c:
         5f:a9:c9:ca:59:4a:a5:44:2b:42:e0:8b:2e:2f:ca:8d:06:61:
         bc:f9:91:5c:a5:27:27:d8:38:fb:96:ed:30:76:f2:2c:58:2d:
         2b:1b:aa:f8:22:86:b6:12:29:ce:87:88:ed:4c:92:e9:49:5d:
         3b:78:87:b3:07:17:fe:2b:7d:69:91:83:89:44:88:7f:aa:cb:
         06:61:cb:b8:da:ec:c0:af:e9:c0:07:03:b9:7b:ef:02:b5:84:
         98:99:33:37:46:c8:ca:82:ac:19:f1:9d:86:f8:5f:c3:1f:02:
         8a:1c:a4:98:11:91:3f:91:6d:86:b5:32:a1:50:91:5c:ee:b5:
         91:ab:d8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVv1Rg5y7knXXVge1XGz3vLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZWQ3YmEzMmUxNmI1NTIxODRlNjY1NTc5ZTg4NzRiNzRh
MWNhOWIwHhcNMjMwMTAyMDAxNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmMxOWM1ODlhNzRmZTcxODkzMDk5NDk2ZWY0Yjg2ZTJkZTQ1NzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAQQAXSPWHapuEsGMRRJCqVxxiqc
l9fli2M57amZsXQHurzUZm3CJnZSxlzye0wBUUToGWRh3wxJS0XjR5AR8/oUGZ8x
A5gRnj08OptWoMRpSKD0rGtwL9oTtzLKeyH7O1NIQe6C0zmszsqex9HCdlYANTAt
zFWOKceu+ja5ifM1QJWdC9DxChuI9WkpvWSl82L2M0PjtoxGEYwX3tLGX1cc0fUx
bzEmDRNZcrAg8q7d5wmyDi59xSb8r5/p77EZOHd9ptHmUhcVU9MV9aQ2Z7V4zRZT
mHurdf4tFz+U7XwsWR+kyzmXcsl/HjRrgxs/r92uMmkMstUa6XYSx5zMXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbBnFiadP5xiTCZSW70uG4t5Fc3MB8GA1UdIwQY
MBaAFHHte6MuFrVSGE5mVXnoh0t0ocqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2UxN295NFd0VklZVG1aVmVlaUhTM1NoeXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8yNTg1MmEtYWVlZS00MDAyLWE4YWIt
MGZmOTU1Nzk2N2RjLzEvQnNHY1dKcDBfbkdKTUpsSmJ2UzRiaTNrVnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8yNTg1MmEtYWVlZS00MDAyLWE4YWItMGZmOTU1Nzk2N2Rj
LzEvY2UxN295NFd0VklZVG1aVmVlaUhTM1NoeXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwwOQMA0G
CSqGSIb3DQEBCwUAA4IBAQCpItX9zivnqT2kOEmrj75Ldv/NoKfhenMam/EOJDrj
yy6DJaBkUAFgwYzZqg1phGbH13l3c9pzb80qhip9D638JxG+wnkQlU86s2rzExH5
5KkPg6fVNxNR0SEuVYgCsCxtUPe6aDQ3InrB1VHjj7eCYrVoPi+sWZqDHkUYtUxf
qcnKWUqlRCtC4IsuL8qNBmG8+ZFcpScn2Dj7lu0wdvIsWC0rG6r4Ioa2EinOh4jt
TJLpSV07eIezBxf+K31pkYOJRIh/qssGYcu42uzAr+nABwO5e+8CtYSYmTM3RsjK
gqwZ8Z2G+F/DHwKKHKSYEZE/kW2GtTKhUJFc7rWRq9ix
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:03 2024 by rpki-client on console-fra.rpki-client.org