Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/f42724-d009-487d-a79c-bfa04f6cde50/1/PyS73X3OS-7gl5Rc901h5-EYsek.roa
File:                     PyS73X3OS-7gl5Rc901h5-EYsek.roa (raw, json)
Hash identifier:          7hSHCrg/Um2AIVvSb4pIVMAJ31VAb1KDdAe7NKjbzsY=
Subject key identifier:   3F:24:BB:DD:7D:CE:4B:EE:E0:97:94:5C:F7:4D:61:E7:E1:18:B1:E9
Certificate issuer:       /CN=a663abd479cbff76082304bf60d03adc3187d936
Certificate serial:       018CC26D1747C7E9ABCA8E8776B91AB2032A
Authority key identifier: A6:63:AB:D4:79:CB:FF:76:08:23:04:BF:60:D0:3A:DC:31:87:D9:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pmOr1HnL_3YIIwS_YNA63DGH2TY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/f42724-d009-487d-a79c-bfa04f6cde50/1/PyS73X3OS-7gl5Rc901h5-EYsek.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64200
IP address blocks:        185.198.88.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:17:47:c7:e9:ab:ca:8e:87:76:b9:1a:b2:03:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a663abd479cbff76082304bf60d03adc3187d936
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f24bbdd7dce4beee097945cf74d61e7e118b1e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:61:0d:e3:fa:ac:26:78:68:5b:f7:74:db:57:
                    28:77:ca:4f:9b:4c:ee:e4:8b:1f:fc:eb:e3:62:31:
                    f3:ae:60:1d:8c:6c:d6:38:de:6d:a2:7f:15:ff:ed:
                    33:a3:8c:a1:45:59:e9:d6:c9:53:1f:a6:09:c5:a8:
                    fe:07:78:c4:a4:82:7d:20:f5:db:1c:36:34:e0:08:
                    f0:cb:13:ec:bb:02:a6:b0:04:d6:20:72:8d:9a:16:
                    ca:ca:d3:d1:a2:0e:fa:2a:db:55:dc:a1:cd:26:73:
                    17:2b:51:5f:7e:df:4a:3e:ad:4b:d4:b9:21:3b:45:
                    e9:aa:74:85:11:87:1c:e7:bd:26:11:de:fd:81:b8:
                    b7:f7:dc:a7:e9:0d:4d:2f:dc:92:0a:b6:d4:1a:6c:
                    29:f9:df:a3:64:4b:ec:50:47:4a:98:40:df:5c:00:
                    f2:81:98:e6:15:ac:95:a9:96:07:83:8e:5e:8e:45:
                    27:57:be:ed:39:54:5c:4a:bd:eb:31:76:c9:ae:6c:
                    bb:2f:4b:48:bf:14:74:be:01:82:6c:b2:04:40:aa:
                    8c:b8:da:91:7b:c6:bd:99:a7:8a:2a:f3:54:c3:9b:
                    cc:3b:41:dc:3d:92:a1:e7:3f:db:6e:10:a0:81:7f:
                    e2:24:9c:22:9d:1e:a0:c3:05:59:36:58:da:a1:f3:
                    26:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:24:BB:DD:7D:CE:4B:EE:E0:97:94:5C:F7:4D:61:E7:E1:18:B1:E9
            X509v3 Authority Key Identifier:
                keyid:A6:63:AB:D4:79:CB:FF:76:08:23:04:BF:60:D0:3A:DC:31:87:D9:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pmOr1HnL_3YIIwS_YNA63DGH2TY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/f42724-d009-487d-a79c-bfa04f6cde50/1/PyS73X3OS-7gl5Rc901h5-EYsek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/f42724-d009-487d-a79c-bfa04f6cde50/1/pmOr1HnL_3YIIwS_YNA63DGH2TY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:90:7f:bf:67:26:8b:93:bf:d4:3d:b2:8d:6a:1c:89:dc:45:
         b3:7c:eb:a0:c2:14:e9:c5:91:e6:f2:8f:e7:c8:6c:3c:ef:3e:
         fc:fe:f3:7f:2f:4c:1a:47:a8:52:52:73:a1:dc:9e:b7:25:a8:
         c0:c7:eb:12:cc:bb:b4:e6:f5:7f:8b:8e:61:58:dd:35:10:16:
         a7:c5:67:4b:52:67:08:28:1a:94:86:53:0c:b2:33:69:5c:9c:
         fa:6e:3b:a6:c7:63:87:ee:d6:9a:18:3a:0b:9b:ca:3c:71:cb:
         59:6e:26:7d:f9:d1:0d:d0:c1:91:c9:42:81:d1:ba:a9:47:7d:
         9c:7b:66:52:2f:39:25:e5:1d:96:08:f6:79:4e:9f:c0:86:f0:
         0b:9d:85:bd:c5:a8:f3:a9:eb:17:f8:a8:44:ad:7d:b9:d0:e7:
         d6:cb:d7:cf:22:ad:7e:e3:ac:da:6a:e6:3b:0a:7d:0e:fc:22:
         bd:73:52:4b:01:dd:82:fe:2b:51:a6:dc:47:c9:02:eb:45:18:
         de:22:7d:e6:6d:d5:a1:e2:ee:eb:d2:f2:22:a0:78:4a:d8:c0:
         75:ee:e2:0f:c6:b7:d5:f1:7d:f8:65:46:34:73:2e:fa:1e:33:
         ba:e4:91:f8:ff:f5:58:27:e3:5b:15:b0:61:88:3f:a3:d4:10:
         a5:5c:62:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRdHx+mryo6HdrkasgMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NjNhYmQ0NzljYmZmNzYwODIzMDRiZjYwZDAzYWRjMzE4
N2Q5MzYwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI0YmJkZDdkY2U0YmVlZTA5Nzk0NWNmNzRkNjFlN2UxMThiMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2EN4/qsJnhoW/d021cod8pPm0zu
5Isf/OvjYjHzrmAdjGzWON5ton8V/+0zo4yhRVnp1slTH6YJxaj+B3jEpIJ9IPXb
HDY04AjwyxPsuwKmsATWIHKNmhbKytPRog76KttV3KHNJnMXK1Ffft9KPq1L1Lkh
O0XpqnSFEYcc570mEd79gbi399yn6Q1NL9ySCrbUGmwp+d+jZEvsUEdKmEDfXADy
gZjmFayVqZYHg45ejkUnV77tOVRcSr3rMXbJrmy7L0tIvxR0vgGCbLIEQKqMuNqR
e8a9maeKKvNUw5vMO0HcPZKh5z/bbhCggX/iJJwinR6gwwVZNljaofMmdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8ku919zkvu4JeUXPdNYefhGLHpMB8GA1UdIwQY
MBaAFKZjq9R5y/92CCMEv2DQOtwxh9k2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG1PcjFIbkxfM1lJSXdTX1lOQTYzREdIMlRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9mNDI3MjQtZDAwOS00ODdkLWE3OWMt
YmZhMDRmNmNkZTUwLzEvUHlTNzNYM09TLTdnbDVSYzkwMWg1LUVZc2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9mNDI3MjQtZDAwOS00ODdkLWE3OWMtYmZhMDRmNmNkZTUw
LzEvcG1PcjFIbkxfM1lJSXdTX1lOQTYzREdIMlRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucZYMA0G
CSqGSIb3DQEBCwUAA4IBAQB9kH+/ZyaLk7/UPbKNahyJ3EWzfOugwhTpxZHm8o/n
yGw87z78/vN/L0waR6hSUnOh3J63JajAx+sSzLu05vV/i45hWN01EBanxWdLUmcI
KBqUhlMMsjNpXJz6bjumx2OH7taaGDoLm8o8cctZbiZ9+dEN0MGRyUKB0bqpR32c
e2ZSLzkl5R2WCPZ5Tp/AhvALnYW9xajzqesX+KhErX250OfWy9fPIq1+46zaauY7
Cn0O/CK9c1JLAd2C/itRptxHyQLrRRjeIn3mbdWh4u7r0vIioHhK2MB17uIPxrfV
8X34ZUY0cy76HjO65JH4//VYJ+NbFbBhiD+j1BClXGLJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:48 2024 by rpki-client on console-fra.rpki-client.org