Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/c8bd33-f2c6-4381-83e4-059e0d7da369/1/sZtY59zcRo0vYchhG3becDjAuzA.roa
File:                     sZtY59zcRo0vYchhG3becDjAuzA.roa (raw, json)
Hash identifier:          YtPsTjjykcldQcibbQJD+GqCadSA4RhgAji5g5AEpK0=
Subject key identifier:   B1:9B:58:E7:DC:DC:46:8D:2F:61:C8:61:1B:76:DE:70:38:C0:BB:30
Certificate issuer:       /CN=7abca3cc0aa411940be93134f1bb4294488c89b1
Certificate serial:       0ACA5C
Authority key identifier: 7A:BC:A3:CC:0A:A4:11:94:0B:E9:31:34:F1:BB:42:94:48:8C:89:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eryjzAqkEZQL6TE08btClEiMibE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/c8bd33-f2c6-4381-83e4-059e0d7da369/1/sZtY59zcRo0vYchhG3becDjAuzA.roa
Signing time:             Mon 31 Jan 2022 16:40:55 +0000
ROA not before:           Mon 31 Jan 2022 16:40:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59645
IP address blocks:        195.191.196.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 707164 (0xaca5c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7abca3cc0aa411940be93134f1bb4294488c89b1
        Validity
            Not Before: Jan 31 16:40:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b19b58e7dcdc468d2f61c8611b76de7038c0bb30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:bf:f6:2b:d6:b4:6c:2f:28:42:44:99:74:c4:
                    6e:7b:61:34:83:56:6b:10:12:98:c5:0e:6e:b9:1a:
                    83:7a:87:7f:29:2c:b9:d4:39:c6:b9:bc:30:42:b9:
                    b9:51:12:09:8e:ac:8e:26:ca:ab:67:66:59:a3:16:
                    a7:59:88:4e:a8:6a:bb:e6:e8:0d:b4:f1:63:ba:b2:
                    cd:d2:bf:6c:ab:53:00:ca:d2:ae:69:be:b2:d3:be:
                    6c:33:9b:98:77:5f:84:ec:4d:f8:13:29:81:6b:bb:
                    af:a9:1a:07:d7:7a:68:2b:a3:07:76:34:d9:64:19:
                    c7:cd:4d:46:6e:a3:b8:3c:d1:24:90:d3:20:ee:9e:
                    c7:ab:a3:ed:81:f9:5d:9b:b5:cb:26:c2:22:61:6d:
                    48:d1:29:c7:43:7e:95:2d:ca:a0:f6:6f:79:76:3f:
                    51:1b:1d:ad:72:c2:43:c3:02:b3:a2:15:8b:b1:e0:
                    c3:c5:a8:19:b7:e9:91:99:b9:85:45:b6:f1:25:b3:
                    ef:1b:fd:76:a7:be:1e:9b:10:b7:ce:52:23:02:36:
                    03:d4:8d:d6:86:11:e4:6d:4e:04:1d:00:f5:24:87:
                    d3:37:42:46:23:cd:1f:54:3e:d4:c4:3c:9e:71:ad:
                    82:d4:e4:c4:7b:3f:f4:2d:71:6b:ee:42:a7:dc:5c:
                    4b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:9B:58:E7:DC:DC:46:8D:2F:61:C8:61:1B:76:DE:70:38:C0:BB:30
            X509v3 Authority Key Identifier:
                keyid:7A:BC:A3:CC:0A:A4:11:94:0B:E9:31:34:F1:BB:42:94:48:8C:89:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eryjzAqkEZQL6TE08btClEiMibE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c8bd33-f2c6-4381-83e4-059e0d7da369/1/sZtY59zcRo0vYchhG3becDjAuzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c8bd33-f2c6-4381-83e4-059e0d7da369/1/eryjzAqkEZQL6TE08btClEiMibE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:81:d5:a8:83:05:57:75:f8:9e:23:4b:49:75:5a:60:13:63:
         49:40:d3:41:e4:55:04:d2:4b:40:3c:79:52:06:3e:1b:44:5f:
         51:19:d6:d9:3e:cd:56:0f:b7:16:7e:a5:89:b4:8a:7d:68:55:
         72:da:a5:3d:f5:d3:ca:b5:42:63:dd:02:d4:22:2f:e7:e8:14:
         ca:47:81:e8:0c:b5:71:46:3c:ab:53:06:cc:ac:5e:02:72:fc:
         23:b7:77:8e:dc:db:7d:05:f9:10:bb:52:a1:d5:ae:c7:a1:4e:
         dc:97:38:6e:9b:e4:84:91:7e:12:f6:ba:ce:52:9c:78:94:34:
         a4:2d:94:5b:4c:3e:85:70:18:54:c9:ff:12:a5:c6:68:33:5b:
         fb:d0:31:88:8b:09:d7:dc:ed:c2:e0:b5:f1:99:33:fb:6c:35:
         fe:51:14:6b:5b:cb:89:bf:69:83:70:11:67:62:28:96:1f:08:
         2d:5d:0c:6d:d0:d6:03:d9:46:a2:8c:6a:9e:0e:2c:f0:01:f2:
         89:73:b7:b7:c8:07:84:b7:36:7a:b5:73:fd:ff:80:04:3a:48:
         ab:07:87:1d:15:33:38:dd:cd:5b:77:a1:ad:9d:5a:bf:a2:95:
         d3:dd:ac:34:ef:43:5d:a1:9d:f5:da:13:36:83:69:e4:c2:a2:
         7a:03:ae:06
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDCspcMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDdh
YmNhM2NjMGFhNDExOTQwYmU5MzEzNGYxYmI0Mjk0NDg4Yzg5YjEwHhcNMjIwMTMx
MTY0MDU1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiMTliNThlN2RjZGM0
NjhkMmY2MWM4NjExYjc2ZGU3MDM4YzBiYjMwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAhr/2K9a0bC8oQkSZdMRue2E0g1ZrEBKYxQ5uuRqDeod/KSy5
1DnGubwwQrm5URIJjqyOJsqrZ2ZZoxanWYhOqGq75ugNtPFjurLN0r9sq1MAytKu
ab6y075sM5uYd1+E7E34EymBa7uvqRoH13poK6MHdjTZZBnHzU1GbqO4PNEkkNMg
7p7Hq6Ptgfldm7XLJsIiYW1I0SnHQ36VLcqg9m95dj9RGx2tcsJDwwKzohWLseDD
xagZt+mRmbmFRbbxJbPvG/12p74emxC3zlIjAjYD1I3WhhHkbU4EHQD1JIfTN0JG
I80fVD7UxDyeca2C1OTEez/0LXFr7kKn3FxLXwIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFLGbWOfc3EaNL2HIYRt23nA4wLswMB8GA1UdIwQYMBaAFHq8o8wKpBGUC+kx
NPG7QpRIjImxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ZXJ5anpBcWtFWlFMNlRFMDhidENsRWlNaWJFLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83MS9jOGJkMzMtZjJjNi00MzgxLTgzZTQtMDU5ZTBkN2RhMzY5LzEv
c1p0WTU5emNSbzB2WWNoaEczYmVjRGpBdXpBLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9j
OGJkMzMtZjJjNi00MzgxLTgzZTQtMDU5ZTBkN2RhMzY5LzEvZXJ5anpBcWtFWlFM
NlRFMDhidENsRWlNaWJFLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7/EMA0GCSqGSIb3DQEBCwUAA4IB
AQB1gdWogwVXdfieI0tJdVpgE2NJQNNB5FUE0ktAPHlSBj4bRF9RGdbZPs1WD7cW
fqWJtIp9aFVy2qU99dPKtUJj3QLUIi/n6BTKR4HoDLVxRjyrUwbMrF4Ccvwjt3eO
3Nt9BfkQu1Kh1a7HoU7clzhum+SEkX4S9rrOUpx4lDSkLZRbTD6FcBhUyf8SpcZo
M1v70DGIiwnX3O3C4LXxmTP7bDX+URRrW8uJv2mDcBFnYiiWHwgtXQxt0NYD2Uai
jGqeDizwAfKJc7e3yAeEtzZ6tXP9/4AEOkirB4cdFTM43c1bd6GtnVq/opXT3aw0
70NdoZ312hM2g2nkwqJ6A64G
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:47 2024 by rpki-client on console-fra.rpki-client.org