Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/6381b3-41d6-4ed8-bc50-f205e5c32e18/1/D1QHikaCs4ewySUh-RvA4GWJTkg.roa
File:                     D1QHikaCs4ewySUh-RvA4GWJTkg.roa (raw, json)
Hash identifier:          MmPndgIu7UGQ/Pf74+QQ1x7hy17cW3aG0Uhf272nxhU=
Subject key identifier:   0F:54:07:8A:46:82:B3:87:B0:C9:25:21:F9:1B:C0:E0:65:89:4E:48
Certificate issuer:       /CN=81896a2fbabea8e3029a2369115430fc62ced7a8
Certificate serial:       018CC5DD15B45231878D4E02AB42DBD8979A
Authority key identifier: 81:89:6A:2F:BA:BE:A8:E3:02:9A:23:69:11:54:30:FC:62:CE:D7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gYlqL7q-qOMCmiNpEVQw_GLO16g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/6381b3-41d6-4ed8-bc50-f205e5c32e18/1/D1QHikaCs4ewySUh-RvA4GWJTkg.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        62.68.69.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:15:b4:52:31:87:8d:4e:02:ab:42:db:d8:97:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81896a2fbabea8e3029a2369115430fc62ced7a8
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f54078a4682b387b0c92521f91bc0e065894e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7b:92:fa:0d:a2:27:b0:5f:50:20:9a:2f:8b:
                    27:63:9f:0f:cc:69:6f:f7:fb:61:a5:9c:1b:37:be:
                    3b:a3:8e:1f:24:fc:d7:ed:51:14:42:93:1f:e5:6e:
                    cf:57:4e:c9:61:50:30:ac:7d:9c:af:3f:81:98:06:
                    10:ff:8d:1c:da:18:17:70:c0:e3:aa:6d:c5:f1:60:
                    11:7a:8c:0b:09:dc:a4:74:10:4b:9a:b5:06:c0:09:
                    11:8c:b9:e5:80:61:75:6a:61:7d:6e:91:30:df:72:
                    c7:6b:60:ba:3c:33:c8:05:c1:ec:4b:d6:68:77:f0:
                    2d:d0:59:c8:69:53:81:6f:fd:38:af:7e:21:d4:88:
                    92:a6:3e:84:b5:5b:e4:c2:8d:ec:42:40:46:07:8a:
                    cb:65:8f:e9:1f:f9:82:7d:3e:ce:3a:5f:5c:e1:76:
                    f7:ad:9f:50:6f:74:ba:01:62:b8:84:00:17:f2:42:
                    60:4e:6d:ce:57:47:53:e1:00:85:c4:6f:72:2a:d0:
                    e4:34:4b:42:c9:4c:01:c1:c0:a3:45:b1:dc:63:11:
                    a6:50:6f:cb:78:36:b9:2b:67:17:07:29:0a:fe:f0:
                    0c:ed:d0:a5:c0:98:8d:28:7e:e3:4d:f2:eb:97:ee:
                    f3:7a:1e:09:d1:ff:c2:69:82:f5:58:29:77:0a:30:
                    18:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:54:07:8A:46:82:B3:87:B0:C9:25:21:F9:1B:C0:E0:65:89:4E:48
            X509v3 Authority Key Identifier:
                keyid:81:89:6A:2F:BA:BE:A8:E3:02:9A:23:69:11:54:30:FC:62:CE:D7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYlqL7q-qOMCmiNpEVQw_GLO16g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6381b3-41d6-4ed8-bc50-f205e5c32e18/1/D1QHikaCs4ewySUh-RvA4GWJTkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6381b3-41d6-4ed8-bc50-f205e5c32e18/1/gYlqL7q-qOMCmiNpEVQw_GLO16g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:77:42:29:d1:d9:6e:85:5c:ff:97:58:fd:78:00:b3:10:63:
         2b:51:7b:57:dd:70:16:1d:cf:ae:2e:3f:2d:68:ce:52:a4:ed:
         f2:82:14:4c:56:97:1c:26:3e:8c:1a:93:ef:87:81:c3:34:7f:
         9e:9a:c9:4a:15:7c:6e:2f:45:d0:ce:3c:b2:08:31:74:00:2e:
         d1:43:77:2d:55:c6:b0:ab:44:db:ac:c7:c0:82:88:16:58:af:
         a8:21:13:a4:82:14:1d:35:65:d9:7d:d6:48:0b:cd:ac:6b:b5:
         46:a7:ba:db:d9:d9:40:c8:79:65:2b:9d:cc:60:33:64:9f:dc:
         bb:0a:b3:d4:3f:9c:79:2c:fa:e9:6e:aa:a7:31:ed:f7:81:be:
         d8:6a:ec:82:d7:7b:12:64:09:d2:af:44:4c:63:33:64:6f:b0:
         bb:48:84:dd:a3:9b:9d:a7:b0:ce:ca:2e:07:b2:af:f3:53:01:
         10:84:7e:2e:80:a8:47:e2:0c:d6:b2:a9:9c:ea:81:b2:31:ba:
         d0:c2:59:91:0e:a1:f5:6b:83:ab:57:71:30:3a:44:03:4c:41:
         89:84:bf:f8:4f:8e:5c:53:c0:83:0c:07:18:65:44:49:9a:e6:
         9b:63:32:cb:11:5e:70:55:46:db:ae:46:54:eb:c5:09:aa:5e:
         c3:7b:67:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RW0UjGHjU4Cq0Lb2JeaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxODk2YTJmYmFiZWE4ZTMwMjlhMjM2OTExNTQzMGZjNjJj
ZWQ3YTgwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU0MDc4YTQ2ODJiMzg3YjBjOTI1MjFmOTFiYzBlMDY1ODk0ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHuS+g2iJ7BfUCCaL4snY58PzGlv
9/thpZwbN747o44fJPzX7VEUQpMf5W7PV07JYVAwrH2crz+BmAYQ/40c2hgXcMDj
qm3F8WAReowLCdykdBBLmrUGwAkRjLnlgGF1amF9bpEw33LHa2C6PDPIBcHsS9Zo
d/At0FnIaVOBb/04r34h1IiSpj6EtVvkwo3sQkBGB4rLZY/pH/mCfT7OOl9c4Xb3
rZ9Qb3S6AWK4hAAX8kJgTm3OV0dT4QCFxG9yKtDkNEtCyUwBwcCjRbHcYxGmUG/L
eDa5K2cXBykK/vAM7dClwJiNKH7jTfLrl+7zeh4J0f/CaYL1WCl3CjAYvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9UB4pGgrOHsMklIfkbwOBliU5IMB8GA1UdIwQY
MBaAFIGJai+6vqjjApojaRFUMPxizteoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1lscUw3cS1xT01DbWlOcEVWUXdfR0xPMTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82MzgxYjMtNDFkNi00ZWQ4LWJjNTAt
ZjIwNWU1YzMyZTE4LzEvRDFRSGlrYUNzNGV3eVNVaC1SdkE0R1dKVGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82MzgxYjMtNDFkNi00ZWQ4LWJjNTAtZjIwNWU1YzMyZTE4
LzEvZ1lscUw3cS1xT01DbWlOcEVWUXdfR0xPMTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRFMA0G
CSqGSIb3DQEBCwUAA4IBAQCWd0Ip0dluhVz/l1j9eACzEGMrUXtX3XAWHc+uLj8t
aM5SpO3yghRMVpccJj6MGpPvh4HDNH+emslKFXxuL0XQzjyyCDF0AC7RQ3ctVcaw
q0TbrMfAgogWWK+oIROkghQdNWXZfdZIC82sa7VGp7rb2dlAyHllK53MYDNkn9y7
CrPUP5x5LPrpbqqnMe33gb7YauyC13sSZAnSr0RMYzNkb7C7SITdo5udp7DOyi4H
sq/zUwEQhH4ugKhH4gzWsqmc6oGyMbrQwlmRDqH1a4OrV3EwOkQDTEGJhL/4T45c
U8CDDAcYZURJmuabYzLLEV5wVUbbrkZU68UJql7De2fb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:01 2024 by rpki-client on console-fra.rpki-client.org