Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/d342b8-f64d-43f3-875c-1d64b21d3c74/1/2-HbLd3pHey3EVDVbG6uacZBpl0.roa
File:                     2-HbLd3pHey3EVDVbG6uacZBpl0.roa (raw, json)
Hash identifier:          RkPdce4+gFqfYliUaP/vLtvJbIGxQYKlh+uLy66yRtQ=
Subject key identifier:   DB:E1:DB:2D:DD:E9:1D:EC:B7:11:50:D5:6C:6E:AE:69:C6:41:A6:5D
Certificate issuer:       /CN=3ea3f5f665bb54bd5efce90a25656109863f8786
Certificate serial:       01856F39176BFF676B72E19475A5F64E5D84
Authority key identifier: 3E:A3:F5:F6:65:BB:54:BD:5E:FC:E9:0A:25:65:61:09:86:3F:87:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PqP19mW7VL1e_OkKJWVhCYY_h4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/d342b8-f64d-43f3-875c-1d64b21d3c74/1/2-HbLd3pHey3EVDVbG6uacZBpl0.roa
Signing time:             Sun 01 Jan 2023 21:24:50 +0000
ROA not before:           Sun 01 Jan 2023 21:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        212.18.116.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:39:17:6b:ff:67:6b:72:e1:94:75:a5:f6:4e:5d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ea3f5f665bb54bd5efce90a25656109863f8786
        Validity
            Not Before: Jan  1 21:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbe1db2ddde91decb71150d56c6eae69c641a65d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:58:e8:b8:46:53:e2:f2:ae:83:de:60:1a:54:
                    b1:19:4e:2b:bd:93:39:42:cd:d6:cd:73:21:8a:9c:
                    f3:7c:35:94:20:1d:85:8b:c1:d4:f3:7f:82:b3:1c:
                    67:7d:44:d7:28:b2:e3:87:d0:71:9a:84:46:43:ef:
                    25:6f:e2:84:fe:40:7f:25:25:7f:77:ef:91:98:7d:
                    6b:1d:e6:1c:5d:f9:35:76:23:32:1b:83:c1:64:5f:
                    52:96:cc:aa:87:bc:62:26:f8:ea:1b:09:6a:76:1a:
                    fd:11:ea:df:ae:c7:da:ea:bf:6e:9e:ff:1c:e2:9d:
                    75:b1:53:76:19:ac:31:2a:e5:93:07:49:3e:99:a7:
                    f5:ed:a4:87:97:0b:4b:cb:94:46:45:f3:e8:bb:40:
                    0c:a6:27:61:85:f5:3f:40:9c:61:8d:51:7c:e0:18:
                    b9:c2:82:f3:7e:22:fc:6e:57:8a:32:f6:fe:ed:52:
                    7a:c3:3f:99:3d:be:44:b5:ed:7a:e1:72:99:55:eb:
                    89:df:c1:b4:6a:17:42:fa:d7:ee:39:81:db:68:78:
                    4a:dc:fa:d3:d9:b3:65:ee:e2:ec:52:b6:38:5c:c0:
                    b1:7f:88:cb:e8:45:2e:44:ee:87:b2:24:e7:8b:37:
                    05:73:84:03:c2:c6:54:c5:b7:ea:d7:93:a3:df:f8:
                    c7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E1:DB:2D:DD:E9:1D:EC:B7:11:50:D5:6C:6E:AE:69:C6:41:A6:5D
            X509v3 Authority Key Identifier:
                keyid:3E:A3:F5:F6:65:BB:54:BD:5E:FC:E9:0A:25:65:61:09:86:3F:87:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PqP19mW7VL1e_OkKJWVhCYY_h4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/d342b8-f64d-43f3-875c-1d64b21d3c74/1/2-HbLd3pHey3EVDVbG6uacZBpl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/d342b8-f64d-43f3-875c-1d64b21d3c74/1/PqP19mW7VL1e_OkKJWVhCYY_h4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         eb:16:cb:b6:d7:37:a6:3b:83:8e:56:70:ec:83:a4:1d:8c:9a:
         71:58:da:38:23:16:15:fd:f5:d3:94:02:30:03:5e:81:ef:9e:
         2d:38:73:38:6f:75:f2:07:85:cf:5b:68:d3:e3:97:22:6c:8a:
         93:b0:48:ca:de:85:84:18:4f:86:cc:50:be:8b:1a:0e:f0:9d:
         f9:43:fc:99:2b:dd:87:ea:44:f3:d3:9d:0c:41:2d:1b:32:ca:
         b6:44:38:f1:42:4f:7c:70:a2:41:9d:1d:df:04:e5:60:b9:fa:
         75:65:5d:6b:68:4e:a0:f8:29:f5:d3:49:ba:27:c5:c6:bd:6e:
         7d:2d:2c:98:8b:cb:b5:dc:31:76:69:6a:3c:81:f0:40:f8:de:
         52:bd:af:c3:50:ee:ef:5a:9c:fa:0c:94:31:74:ed:59:43:3c:
         ae:d5:e2:25:f9:e5:db:90:c9:40:18:70:53:63:5c:eb:60:9f:
         21:20:5e:8d:35:f0:8a:af:48:a8:4e:76:0d:79:2c:9b:90:7a:
         f1:bc:7b:01:de:f4:69:5c:91:f6:8d:b8:87:11:0a:17:57:a0:
         0a:f0:1f:6c:e1:d3:61:ca:ae:88:e9:ee:b9:85:d3:99:d6:3d:
         1f:4b:c9:68:a9:de:15:86:8d:f3:9a:e2:c5:d8:d1:77:c1:96:
         3d:d2:73:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvORdr/2drcuGUdaX2Tl2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYTNmNWY2NjViYjU0YmQ1ZWZjZTkwYTI1NjU2MTA5ODYz
Zjg3ODYwHhcNMjMwMTAxMjEyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUxZGIyZGRkZTkxZGVjYjcxMTUwZDU2YzZlYWU2OWM2NDFhNjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFjouEZT4vKug95gGlSxGU4rvZM5
Qs3WzXMhipzzfDWUIB2Fi8HU83+CsxxnfUTXKLLjh9BxmoRGQ+8lb+KE/kB/JSV/
d++RmH1rHeYcXfk1diMyG4PBZF9Slsyqh7xiJvjqGwlqdhr9Eerfrsfa6r9unv8c
4p11sVN2GawxKuWTB0k+maf17aSHlwtLy5RGRfPou0AMpidhhfU/QJxhjVF84Bi5
woLzfiL8bleKMvb+7VJ6wz+ZPb5Ete164XKZVeuJ38G0ahdC+tfuOYHbaHhK3PrT
2bNl7uLsUrY4XMCxf4jL6EUuRO6HsiTnizcFc4QDwsZUxbfq15Oj3/jHUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvh2y3d6R3stxFQ1WxurmnGQaZdMB8GA1UdIwQY
MBaAFD6j9fZlu1S9XvzpCiVlYQmGP4eGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHFQMTltVzdWTDFlX09rS0pXVmhDWVlfaDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kMzQyYjgtZjY0ZC00M2YzLTg3NWMt
MWQ2NGIyMWQzYzc0LzEvMi1IYkxkM3BIZXkzRVZEVmJHNnVhY1pCcGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kMzQyYjgtZjY0ZC00M2YzLTg3NWMtMWQ2NGIyMWQzYzc0
LzEvUHFQMTltVzdWTDFlX09rS0pXVmhDWVlfaDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BJ0MA0G
CSqGSIb3DQEBCwUAA4IBAQDrFsu21zemO4OOVnDsg6QdjJpxWNo4IxYV/fXTlAIw
A16B754tOHM4b3XyB4XPW2jT45cibIqTsEjK3oWEGE+GzFC+ixoO8J35Q/yZK92H
6kTz050MQS0bMsq2RDjxQk98cKJBnR3fBOVgufp1ZV1raE6g+Cn100m6J8XGvW59
LSyYi8u13DF2aWo8gfBA+N5Sva/DUO7vWpz6DJQxdO1ZQzyu1eIl+eXbkMlAGHBT
Y1zrYJ8hIF6NNfCKr0ioTnYNeSybkHrxvHsB3vRpXJH2jbiHEQoXV6AK8B9s4dNh
yq6I6e65hdOZ1j0fS8loqd4Vho3zmuLF2NF3wZY90nNZ
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:54 2023 by rpki-client on console-fra.rpki-client.org