Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/HScTAY9dPQ1CMUh0YDpkJ4Kuhnw.roa
File:                     HScTAY9dPQ1CMUh0YDpkJ4Kuhnw.roa (raw, json)
Hash identifier:          9eGLvQJyBSkTpePfWE5xMDznRnPS/ihXz2VPE0ENDPY=
Subject key identifier:   1D:27:13:01:8F:5D:3D:0D:42:31:48:74:60:3A:64:27:82:AE:86:7C
Certificate issuer:       /CN=c53feb2ac60fa313f9a7300e4c5ee33b43a88341
Certificate serial:       018CC34950B251A3735557B163C4D29A83D2
Authority key identifier: C5:3F:EB:2A:C6:0F:A3:13:F9:A7:30:0E:4C:5E:E3:3B:43:A8:83:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xT_rKsYPoxP5pzAOTF7jO0Oog0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/HScTAY9dPQ1CMUh0YDpkJ4Kuhnw.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12566
IP address blocks:        185.39.216.0/22 maxlen: 22
                          95.181.220.0/22 maxlen: 22
                          95.181.221.0/24 maxlen: 24
                          2a04:800::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:50:b2:51:a3:73:55:57:b1:63:c4:d2:9a:83:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53feb2ac60fa313f9a7300e4c5ee33b43a88341
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d2713018f5d3d0d42314874603a642782ae867c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:60:22:54:8d:33:9f:69:3e:01:f4:89:45:cd:
                    8c:12:c2:4b:be:d7:1f:98:4f:49:4b:a6:22:9d:55:
                    98:72:0c:43:1b:20:5a:70:3e:3f:d8:7a:e7:68:c9:
                    b0:69:df:c0:c7:2b:e8:2b:3f:97:cf:0d:4e:c4:41:
                    a2:ae:92:51:bc:4d:1d:60:c8:42:6e:73:ae:dc:8a:
                    6c:33:1f:ba:ca:e0:e6:36:d7:4e:09:dd:d9:26:cf:
                    9b:e4:62:88:ed:7d:aa:03:4f:82:68:46:d1:e1:0c:
                    a7:3f:5b:f5:e6:4c:7f:27:dd:02:53:de:78:ff:05:
                    49:a0:85:ad:3e:3e:f4:2f:e4:73:9e:54:f1:c3:13:
                    de:27:56:ec:9f:06:17:04:7b:a1:82:46:91:f8:95:
                    83:47:67:77:ba:d6:a3:37:43:e6:41:3c:7d:23:db:
                    af:ea:74:6c:07:fd:03:a7:d0:d8:3b:36:a1:26:0c:
                    56:b3:26:19:27:7e:12:a7:ec:58:e9:94:f1:1a:1f:
                    33:be:59:43:f8:3f:1e:9e:7b:f3:1c:80:c5:cc:56:
                    4f:4c:27:4d:5b:d4:8a:34:c7:21:6b:9f:cb:4d:22:
                    2e:7b:ae:4f:87:30:d5:0e:01:e4:a4:62:ca:fe:ab:
                    69:0f:66:80:b4:17:f3:ae:3e:7d:f0:fd:a9:53:38:
                    56:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:27:13:01:8F:5D:3D:0D:42:31:48:74:60:3A:64:27:82:AE:86:7C
            X509v3 Authority Key Identifier:
                keyid:C5:3F:EB:2A:C6:0F:A3:13:F9:A7:30:0E:4C:5E:E3:3B:43:A8:83:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xT_rKsYPoxP5pzAOTF7jO0Oog0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/HScTAY9dPQ1CMUh0YDpkJ4Kuhnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/xT_rKsYPoxP5pzAOTF7jO0Oog0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.220.0/22
                  185.39.216.0/22
                IPv6:
                  2a04:800::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:c3:e8:66:27:a1:07:39:1d:a7:fb:43:16:1e:2a:6d:34:76:
         0b:27:24:ed:56:b0:22:30:22:0c:7f:07:a1:4d:12:ab:de:83:
         06:f3:a7:30:63:60:1b:75:27:25:dc:c5:8d:f4:e9:3a:dd:d6:
         25:1d:78:2d:42:36:29:36:4a:e1:5f:0f:1d:48:31:86:f1:51:
         37:fc:c2:bf:8d:42:13:fc:bc:b3:34:c0:4b:11:32:c8:fa:50:
         e7:9e:f5:85:98:06:1a:6e:9a:d6:d0:39:6f:cd:e6:52:62:ca:
         39:3c:2e:23:13:ec:7b:36:4c:0e:85:bf:d9:70:08:00:eb:62:
         f0:2d:23:b6:00:87:16:65:34:b3:14:19:33:d6:16:b4:4d:e6:
         c2:33:a5:28:3f:22:e2:f3:21:56:09:07:2b:60:e4:e2:e3:b2:
         cb:97:8d:b8:bb:a2:30:46:92:61:b7:f3:60:02:9a:14:49:f4:
         3e:ae:85:12:df:ba:bd:5f:73:38:d1:57:87:48:29:e9:4f:6c:
         36:5f:81:f9:1c:f9:45:40:aa:66:36:97:25:ab:2b:3c:84:40:
         5b:ad:68:12:3f:48:71:12:70:82:d1:a2:3d:f0:8b:35:b3:a3:
         7b:6b:9e:5e:10:cf:eb:3f:9d:c8:bf:10:f1:c2:c8:8e:db:6e:
         44:00:bf:7c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSVCyUaNzVVexY8TSmoPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2ZlYjJhYzYwZmEzMTNmOWE3MzAwZTRjNWVlMzNiNDNh
ODgzNDEwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDI3MTMwMThmNWQzZDBkNDIzMTQ4NzQ2MDNhNjQyNzgyYWU4NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2AiVI0zn2k+AfSJRc2MEsJLvtcf
mE9JS6YinVWYcgxDGyBacD4/2HrnaMmwad/AxyvoKz+Xzw1OxEGirpJRvE0dYMhC
bnOu3IpsMx+6yuDmNtdOCd3ZJs+b5GKI7X2qA0+CaEbR4QynP1v15kx/J90CU954
/wVJoIWtPj70L+RznlTxwxPeJ1bsnwYXBHuhgkaR+JWDR2d3utajN0PmQTx9I9uv
6nRsB/0Dp9DYOzahJgxWsyYZJ34Sp+xY6ZTxGh8zvllD+D8ennvzHIDFzFZPTCdN
W9SKNMcha5/LTSIue65PhzDVDgHkpGLK/qtpD2aAtBfzrj598P2pUzhWxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB0nEwGPXT0NQjFIdGA6ZCeCroZ8MB8GA1UdIwQY
MBaAFMU/6yrGD6MT+acwDkxe4ztDqINBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFRfcktzWVBveFA1cHpBT1RGN2pPME9vZzBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zN2VmZDUtNDI2Ni00MTQ2LThlMjEt
NjdmZDcxN2M2Y2E3LzEvSFNjVEFZOWRQUTFDTVVoMFlEcGtKNEt1aG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zN2VmZDUtNDI2Ni00MTQ2LThlMjEtNjdmZDcxN2M2Y2E3
LzEveFRfcktzWVBveFA1cHpBT1RGN2pPME9vZzBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCX7XcAwQC
uSfYMA0EAgACMAcDBQMqBAgAMA0GCSqGSIb3DQEBCwUAA4IBAQCMw+hmJ6EHOR2n
+0MWHiptNHYLJyTtVrAiMCIMfwehTRKr3oMG86cwY2AbdScl3MWN9Ok63dYlHXgt
QjYpNkrhXw8dSDGG8VE3/MK/jUIT/LyzNMBLETLI+lDnnvWFmAYabprW0DlvzeZS
Yso5PC4jE+x7NkwOhb/ZcAgA62LwLSO2AIcWZTSzFBkz1ha0TebCM6UoPyLi8yFW
CQcrYOTi47LLl424u6IwRpJht/NgApoUSfQ+roUS37q9X3M40VeHSCnpT2w2X4H5
HPlFQKpmNpclqys8hEBbrWgSP0hxEnCC0aI98Is1s6N7a55eEM/rP53IvxDxwsiO
225EAL98
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:52 2024 by rpki-client on console-fra.rpki-client.org