Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76602c-c1ac-46a3-81bc-deeff3b2ae8a/1/NPO4DXN-bvXMA_z2U5v4jfdS8uA.roa
File:                     NPO4DXN-bvXMA_z2U5v4jfdS8uA.roa (raw, json)
Hash identifier:          NAjpTqyEigG1atrSgO9nY6P8u5QC+tC7a+CcUaIFiVY=
Subject key identifier:   34:F3:B8:0D:73:7E:6E:F5:CC:03:FC:F6:53:9B:F8:8D:F7:52:F2:E0
Certificate issuer:       /CN=d860f6f2c318559e65959cd5f28d159a0842d72a
Certificate serial:       018636C4208D8B009ECD9B4686C331084FBC
Authority key identifier: D8:60:F6:F2:C3:18:55:9E:65:95:9C:D5:F2:8D:15:9A:08:42:D7:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2GD28sMYVZ5llZzV8o0VmghC1yo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76602c-c1ac-46a3-81bc-deeff3b2ae8a/1/NPO4DXN-bvXMA_z2U5v4jfdS8uA.roa
Signing time:             Thu 09 Feb 2023 15:21:08 +0000
ROA not before:           Thu 09 Feb 2023 15:21:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197328
IP address blocks:        185.234.12.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:36:c4:20:8d:8b:00:9e:cd:9b:46:86:c3:31:08:4f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d860f6f2c318559e65959cd5f28d159a0842d72a
        Validity
            Not Before: Feb  9 15:21:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=34f3b80d737e6ef5cc03fcf6539bf88df752f2e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d3:f2:bd:1f:3f:24:7f:df:f5:03:2e:70:1c:
                    28:ed:11:b2:41:ad:00:19:a0:eb:71:d6:0f:47:15:
                    41:9b:5e:d6:f8:88:af:35:f1:58:00:86:b8:6b:ec:
                    b8:06:e6:eb:c9:a3:f5:e2:01:b6:d1:17:7d:a8:1d:
                    89:22:17:7b:b2:ed:eb:cf:53:88:d1:85:f2:8b:5d:
                    98:b7:42:4d:01:38:8f:b1:46:23:7a:9c:8d:17:de:
                    d0:57:09:e2:bb:be:ed:0a:67:c9:de:95:ef:f9:05:
                    14:fa:2f:ef:41:e6:a3:68:50:b1:00:25:c5:1a:77:
                    88:37:74:a9:22:42:15:4a:9f:56:c5:50:b2:d7:2a:
                    64:47:68:65:e9:15:26:b0:91:2d:73:d0:6c:74:22:
                    9d:9c:4f:30:77:f4:5f:8d:a7:36:46:a9:0a:a9:d4:
                    7a:b8:d7:07:5a:05:73:74:b8:05:04:ee:4a:3b:1e:
                    37:6c:e4:39:d4:89:6f:9d:f6:be:77:9d:ba:59:f2:
                    b3:88:8d:40:0b:a7:43:00:67:f9:09:56:88:d7:83:
                    43:23:f8:ca:ab:bf:4e:08:e5:87:53:ff:a7:89:31:
                    da:68:4d:7a:4f:57:3a:45:ac:c4:d4:20:ec:f8:0a:
                    43:0e:b9:d2:dd:10:2c:04:7c:d7:e2:69:6b:7d:39:
                    2e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F3:B8:0D:73:7E:6E:F5:CC:03:FC:F6:53:9B:F8:8D:F7:52:F2:E0
            X509v3 Authority Key Identifier:
                keyid:D8:60:F6:F2:C3:18:55:9E:65:95:9C:D5:F2:8D:15:9A:08:42:D7:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2GD28sMYVZ5llZzV8o0VmghC1yo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76602c-c1ac-46a3-81bc-deeff3b2ae8a/1/NPO4DXN-bvXMA_z2U5v4jfdS8uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76602c-c1ac-46a3-81bc-deeff3b2ae8a/1/2GD28sMYVZ5llZzV8o0VmghC1yo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:01:ec:78:65:b8:37:82:98:64:42:ac:08:ff:af:2d:0d:8d:
         57:a7:a9:11:45:93:27:4c:e8:13:97:2c:31:40:0b:cf:0c:9c:
         5e:06:10:ad:90:1a:c7:2d:6f:e6:a4:00:94:2e:e4:67:1b:1c:
         81:dc:bc:c6:b1:00:f4:8d:bf:77:a3:be:cd:5e:d3:b5:d4:b5:
         b8:d0:50:35:73:ed:19:f3:40:ef:2a:3e:ff:4c:8a:4f:95:ea:
         3d:63:6d:f3:96:ca:7f:64:d7:41:15:37:e8:83:32:e6:fe:a3:
         d3:7c:37:8a:45:14:92:a0:09:e2:d7:25:5a:d1:b4:3c:e3:6c:
         57:e7:3b:4d:35:9b:a9:ca:e1:35:44:dd:cd:7c:b5:0f:f3:e1:
         8e:00:bd:2c:17:c7:81:76:b9:80:59:a0:5e:3a:59:48:7f:43:
         3e:ad:1b:a2:e8:5c:cc:b5:2f:8e:38:ca:d9:05:3d:f4:ae:fb:
         e3:4f:e4:80:07:75:f3:3b:9b:4f:45:1b:a0:c8:eb:ae:dc:35:
         2d:d2:be:f3:41:13:19:5d:a3:e5:bb:76:8a:b5:93:55:d9:8b:
         8a:6b:fd:72:13:5e:4f:b2:11:c6:2b:8d:17:85:ae:c6:92:f4:
         62:0c:95:d9:90:35:38:94:26:32:38:8a:68:af:f2:1d:4f:0f:
         83:2e:f3:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYY2xCCNiwCezZtGhsMxCE+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NjBmNmYyYzMxODU1OWU2NTk1OWNkNWYyOGQxNTlhMDg0
MmQ3MmEwHhcNMjMwMjA5MTUyMTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYzYjgwZDczN2U2ZWY1Y2MwM2ZjZjY1MzliZjg4ZGY3NTJmMmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNPyvR8/JH/f9QMucBwo7RGyQa0A
GaDrcdYPRxVBm17W+IivNfFYAIa4a+y4BubryaP14gG20Rd9qB2JIhd7su3rz1OI
0YXyi12Yt0JNATiPsUYjepyNF97QVwniu77tCmfJ3pXv+QUU+i/vQeajaFCxACXF
GneIN3SpIkIVSp9WxVCy1ypkR2hl6RUmsJEtc9BsdCKdnE8wd/Rfjac2RqkKqdR6
uNcHWgVzdLgFBO5KOx43bOQ51Ilvnfa+d526WfKziI1AC6dDAGf5CVaI14NDI/jK
q79OCOWHU/+niTHaaE16T1c6RazE1CDs+ApDDrnS3RAsBHzX4mlrfTku6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTzuA1zfm71zAP89lOb+I33UvLgMB8GA1UdIwQY
MBaAFNhg9vLDGFWeZZWc1fKNFZoIQtcqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdEMjhzTVlWWjVsbFp6VjhvMFZtZ2hDMXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NjYwMmMtYzFhYy00NmEzLTgxYmMt
ZGVlZmYzYjJhZThhLzEvTlBPNERYTi1idlhNQV96MlU1djRqZmRTOHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NjYwMmMtYzFhYy00NmEzLTgxYmMtZGVlZmYzYjJhZThh
LzEvMkdEMjhzTVlWWjVsbFp6VjhvMFZtZ2hDMXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoMMA0G
CSqGSIb3DQEBCwUAA4IBAQBfAex4Zbg3gphkQqwI/68tDY1Xp6kRRZMnTOgTlywx
QAvPDJxeBhCtkBrHLW/mpACULuRnGxyB3LzGsQD0jb93o77NXtO11LW40FA1c+0Z
80DvKj7/TIpPleo9Y23zlsp/ZNdBFTfogzLm/qPTfDeKRRSSoAni1yVa0bQ842xX
5ztNNZupyuE1RN3NfLUP8+GOAL0sF8eBdrmAWaBeOllIf0M+rRui6FzMtS+OOMrZ
BT30rvvjT+SAB3XzO5tPRRugyOuu3DUt0r7zQRMZXaPlu3aKtZNV2YuKa/1yE15P
shHGK40Xha7GkvRiDJXZkDU4lCYyOIpor/IdTw+DLvME
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:45 2024 by rpki-client on console-ams.rpki-client.org