Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/4378ac-4905-4d7c-b8de-ed1496df69a8/1/KtZo1Hvx3Hlt2GiCFvtaE2mmF9U.roa
File:                     KtZo1Hvx3Hlt2GiCFvtaE2mmF9U.roa (raw, json)
Hash identifier:          hqwtOa3gnZEydH9Ze4ThYsm0muYQKWi+YSLKs7316nk=
Subject key identifier:   2A:D6:68:D4:7B:F1:DC:79:6D:D8:68:82:16:FB:5A:13:69:A6:17:D5
Certificate issuer:       /CN=0ec0bbde13c36582b79481cdb1882ff0260b0fed
Certificate serial:       018570428DA7418F0477CF34EB740748D29E
Authority key identifier: 0E:C0:BB:DE:13:C3:65:82:B7:94:81:CD:B1:88:2F:F0:26:0B:0F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DsC73hPDZYK3lIHNsYgv8CYLD-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/4378ac-4905-4d7c-b8de-ed1496df69a8/1/KtZo1Hvx3Hlt2GiCFvtaE2mmF9U.roa
Signing time:             Mon 02 Jan 2023 02:14:47 +0000
ROA not before:           Mon 02 Jan 2023 02:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29182
IP address blocks:        185.246.64.0/23 maxlen: 23
                          185.246.66.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:42:8d:a7:41:8f:04:77:cf:34:eb:74:07:48:d2:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ec0bbde13c36582b79481cdb1882ff0260b0fed
        Validity
            Not Before: Jan  2 02:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ad668d47bf1dc796dd8688216fb5a1369a617d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:db:2e:6a:2a:61:c9:bb:73:65:c7:65:f0:
                    44:c6:ad:82:51:93:60:08:4d:a3:a5:53:0b:93:31:
                    22:d9:5e:15:85:51:1b:3b:0e:2f:92:ec:fc:4d:f9:
                    21:3d:16:4c:4d:20:83:9b:b2:d8:18:93:8e:3a:01:
                    d6:fd:fc:c3:ba:13:f9:1c:44:22:a6:6e:2b:ae:23:
                    a3:8e:29:26:b7:c4:de:74:08:40:65:fb:ed:ba:d8:
                    8b:43:70:5b:6e:3e:21:40:53:0c:05:e1:ba:9f:a5:
                    2a:99:2f:cc:1a:9a:7e:de:9e:b6:f7:a4:45:67:f8:
                    31:b2:33:58:28:f2:d5:09:2e:5b:aa:94:60:10:7e:
                    b7:3b:f2:e3:30:92:30:c9:cd:6a:ce:26:11:49:7a:
                    85:95:f4:8d:d2:02:9a:51:93:26:40:2d:92:d0:99:
                    ed:e3:ac:ac:19:5c:32:cc:7d:4e:ab:7e:54:8a:1d:
                    bc:f1:58:fd:8e:d9:e8:38:05:ae:f5:56:1a:ad:34:
                    16:cf:65:98:76:8d:0a:ea:b3:2e:7c:62:03:4a:47:
                    e9:08:3d:41:15:2e:56:6b:0e:a7:c5:99:d3:cd:3e:
                    13:39:a6:e7:5e:70:e8:e0:aa:f5:01:8d:55:90:53:
                    ae:06:35:47:71:11:d0:4c:30:87:ce:33:19:8b:de:
                    33:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D6:68:D4:7B:F1:DC:79:6D:D8:68:82:16:FB:5A:13:69:A6:17:D5
            X509v3 Authority Key Identifier:
                keyid:0E:C0:BB:DE:13:C3:65:82:B7:94:81:CD:B1:88:2F:F0:26:0B:0F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DsC73hPDZYK3lIHNsYgv8CYLD-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/4378ac-4905-4d7c-b8de-ed1496df69a8/1/KtZo1Hvx3Hlt2GiCFvtaE2mmF9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/4378ac-4905-4d7c-b8de-ed1496df69a8/1/DsC73hPDZYK3lIHNsYgv8CYLD-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:37:73:56:e5:a1:e5:76:c9:ed:09:f0:a2:14:52:54:86:b7:
         4a:12:90:97:b4:ae:41:e5:9b:39:e6:5e:9d:42:6b:3c:90:f8:
         7c:7b:86:96:a1:67:99:cf:a2:f4:f3:1e:11:26:35:70:f7:b7:
         ac:8a:05:9d:54:06:f8:13:c7:5a:34:7f:f4:b9:52:77:31:c6:
         26:b4:15:38:cd:1e:e4:22:64:5a:c4:e4:08:b7:65:98:74:c2:
         bd:4e:c6:76:fa:3e:40:05:cd:e4:78:5a:ef:fe:a4:aa:8c:7e:
         38:b6:53:1a:8b:1a:ec:39:38:f6:49:5e:06:0c:ba:4a:04:d2:
         ec:b1:db:5b:dd:41:7e:19:11:22:1c:de:f0:7d:d8:5d:ca:4e:
         98:7a:51:22:48:ac:16:3e:b6:c7:63:f3:01:fd:83:2c:34:2d:
         aa:5b:83:f3:db:37:bf:c1:19:43:b4:73:21:38:58:94:c5:9c:
         a1:6e:7f:b0:41:a4:8b:f0:1e:12:71:01:3f:32:84:e3:e8:6b:
         f2:71:ed:7a:8b:70:ad:8f:52:e6:5a:d0:3b:ec:c5:85:2e:af:
         2b:23:52:e7:c5:08:23:9c:c3:be:02:87:f8:e2:40:18:52:76:
         8a:9b:5d:dc:47:b7:11:f5:e2:43:f0:22:c0:9c:31:67:19:5a:
         05:81:05:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwQo2nQY8Ed88063QHSNKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlYzBiYmRlMTNjMzY1ODJiNzk0ODFjZGIxODgyZmYwMjYw
YjBmZWQwHhcNMjMwMTAyMDIxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQ2NjhkNDdiZjFkYzc5NmRkODY4ODIxNmZiNWExMzY5YTYxN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdPbLmoqYcm7c2XHZfBExq2CUZNg
CE2jpVMLkzEi2V4VhVEbOw4vkuz8TfkhPRZMTSCDm7LYGJOOOgHW/fzDuhP5HEQi
pm4rriOjjikmt8TedAhAZfvtutiLQ3Bbbj4hQFMMBeG6n6UqmS/MGpp+3p6296RF
Z/gxsjNYKPLVCS5bqpRgEH63O/LjMJIwyc1qziYRSXqFlfSN0gKaUZMmQC2S0Jnt
46ysGVwyzH1Oq35Uih288Vj9jtnoOAWu9VYarTQWz2WYdo0K6rMufGIDSkfpCD1B
FS5Waw6nxZnTzT4TOabnXnDo4Kr1AY1VkFOuBjVHcRHQTDCHzjMZi94zLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrWaNR78dx5bdhoghb7WhNpphfVMB8GA1UdIwQY
MBaAFA7Au94Tw2WCt5SBzbGIL/AmCw/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHNDNzNoUERaWUszbElITnNZZ3Y4Q1lMRC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS80Mzc4YWMtNDkwNS00ZDdjLWI4ZGUt
ZWQxNDk2ZGY2OWE4LzEvS3RabzFIdngzSGx0MkdpQ0Z2dGFFMm1tRjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS80Mzc4YWMtNDkwNS00ZDdjLWI4ZGUtZWQxNDk2ZGY2OWE4
LzEvRHNDNzNoUERaWUszbElITnNZZ3Y4Q1lMRC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufZAMA0G
CSqGSIb3DQEBCwUAA4IBAQAkN3NW5aHldsntCfCiFFJUhrdKEpCXtK5B5Zs55l6d
Qms8kPh8e4aWoWeZz6L08x4RJjVw97esigWdVAb4E8daNH/0uVJ3McYmtBU4zR7k
ImRaxOQIt2WYdMK9TsZ2+j5ABc3keFrv/qSqjH44tlMaixrsOTj2SV4GDLpKBNLs
sdtb3UF+GREiHN7wfdhdyk6YelEiSKwWPrbHY/MB/YMsNC2qW4Pz2ze/wRlDtHMh
OFiUxZyhbn+wQaSL8B4ScQE/MoTj6Gvyce16i3Ctj1LmWtA77MWFLq8rI1LnxQgj
nMO+Aof44kAYUnaKm13cR7cR9eJD8CLAnDFnGVoFgQXJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:42 2024 by rpki-client on console-fra.rpki-client.org