Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/GRAcCw7u7aFKixVetJ4_ry0M47U.roa
File:                     GRAcCw7u7aFKixVetJ4_ry0M47U.roa (raw, json)
Hash identifier:          BfidvZbBpkz+5E9XcvbDoH/8UzBxwTljoU29CRprfWI=
Subject key identifier:   19:10:1C:0B:0E:EE:ED:A1:4A:8B:15:5E:B4:9E:3F:AF:2D:0C:E3:B5
Certificate issuer:       /CN=07217c0634c102c71ba3e444f0688abdd1af4ce8
Certificate serial:       018CC64B50C70980AF5251576D532D113669
Authority key identifier: 07:21:7C:06:34:C1:02:C7:1B:A3:E4:44:F0:68:8A:BD:D1:AF:4C:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ByF8BjTBAscbo-RE8GiKvdGvTOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/GRAcCw7u7aFKixVetJ4_ry0M47U.roa
Signing time:             Mon 01 Jan 2024 18:31:13 +0000
ROA not before:           Mon 01 Jan 2024 18:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50319
IP address blocks:        185.84.196.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:50:c7:09:80:af:52:51:57:6d:53:2d:11:36:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07217c0634c102c71ba3e444f0688abdd1af4ce8
        Validity
            Not Before: Jan  1 18:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19101c0b0eeeeda14a8b155eb49e3faf2d0ce3b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5a:5a:44:34:93:e3:57:7a:75:43:b6:72:a1:
                    c2:2e:15:50:5a:ee:a4:b9:d2:6c:61:10:f5:e4:37:
                    8b:ad:0e:49:08:45:6b:ae:e3:cb:0b:e1:e9:c2:2a:
                    ba:de:0e:10:a3:60:a1:e4:fb:4c:36:5f:3d:91:98:
                    8d:8e:f4:99:99:2b:44:c8:f1:f1:87:2f:3b:50:5b:
                    a4:bb:d5:e6:58:a5:1c:ee:bf:13:e1:68:98:0f:b0:
                    de:b9:01:7d:a6:2b:0c:8a:4b:3c:a7:64:0d:38:cd:
                    26:5a:b9:62:aa:89:bf:b4:bf:34:35:96:14:bd:71:
                    7c:84:4a:2a:1a:9b:a7:e2:3b:8d:ef:ac:c6:0e:30:
                    89:ac:bb:51:ae:f7:38:55:a8:8e:75:a6:1d:47:46:
                    90:79:ed:d0:85:70:1e:ec:f9:c0:79:13:83:1d:69:
                    c7:00:de:a9:50:8c:34:b6:e4:7f:c5:4f:4f:8e:fd:
                    1e:9a:ba:f3:20:71:3b:20:3b:8d:ee:05:05:66:6c:
                    93:4d:b1:5e:6f:75:da:ae:c6:46:a7:5e:b5:0f:f4:
                    bb:31:6d:09:05:05:fa:56:89:5d:d9:a3:16:82:bf:
                    57:0c:ca:61:5b:e1:fe:90:f0:75:49:8a:46:ad:f0:
                    c9:da:06:3c:33:82:4a:ca:3b:50:d3:cd:da:3a:96:
                    74:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:10:1C:0B:0E:EE:ED:A1:4A:8B:15:5E:B4:9E:3F:AF:2D:0C:E3:B5
            X509v3 Authority Key Identifier:
                keyid:07:21:7C:06:34:C1:02:C7:1B:A3:E4:44:F0:68:8A:BD:D1:AF:4C:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ByF8BjTBAscbo-RE8GiKvdGvTOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/GRAcCw7u7aFKixVetJ4_ry0M47U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/ByF8BjTBAscbo-RE8GiKvdGvTOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:cf:60:81:8e:5b:a3:1f:4b:7b:6b:67:1f:82:a0:00:44:84:
         b8:c4:e0:88:86:3d:5c:c7:d8:72:33:66:02:10:f3:ad:ab:4e:
         d7:9e:0b:f7:06:69:44:11:90:45:ef:21:6d:5b:ee:68:20:99:
         d4:3e:be:f7:26:fd:15:57:6b:98:56:17:0a:64:e9:aa:a6:95:
         06:2e:76:01:82:4f:1a:2c:7c:f7:64:78:5c:b5:62:63:48:48:
         56:35:0f:13:f0:20:1f:86:87:a2:ae:c8:2d:ac:9b:32:29:62:
         29:5f:e3:cc:b8:40:21:59:b9:fa:7c:3d:39:a3:a5:28:d9:f3:
         a6:80:4a:d7:19:d8:4f:4e:d4:9e:18:a4:32:7b:07:f7:d3:2c:
         db:b3:50:8f:c8:1f:d3:0e:ec:bf:89:87:08:b1:ce:84:88:ab:
         71:d2:8f:e1:7a:8d:8a:01:38:e1:10:f7:0f:97:97:4d:aa:67:
         b8:21:91:ce:a8:a9:3a:59:77:cf:fd:3e:87:87:8d:41:d1:91:
         83:b9:27:77:a2:d0:35:9b:ae:91:f9:21:e4:79:77:bd:64:6a:
         c4:6e:21:cd:73:df:75:35:88:6d:91:ad:ce:3d:89:b1:cc:75:
         02:01:d1:fc:29:79:41:a6:8f:9a:09:4e:4b:6b:d4:94:4a:0a:
         47:0f:55:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1DHCYCvUlFXbVMtETZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MjE3YzA2MzRjMTAyYzcxYmEzZTQ0NGYwNjg4YWJkZDFh
ZjRjZTgwHhcNMjQwMTAxMTgzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTEwMWMwYjBlZWVlZGExNGE4YjE1NWViNDllM2ZhZjJkMGNlM2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFpaRDST41d6dUO2cqHCLhVQWu6k
udJsYRD15DeLrQ5JCEVrruPLC+Hpwiq63g4Qo2Ch5PtMNl89kZiNjvSZmStEyPHx
hy87UFuku9XmWKUc7r8T4WiYD7DeuQF9pisMiks8p2QNOM0mWrliqom/tL80NZYU
vXF8hEoqGpun4juN76zGDjCJrLtRrvc4VaiOdaYdR0aQee3QhXAe7PnAeRODHWnH
AN6pUIw0tuR/xU9Pjv0emrrzIHE7IDuN7gUFZmyTTbFeb3XarsZGp161D/S7MW0J
BQX6Vold2aMWgr9XDMphW+H+kPB1SYpGrfDJ2gY8M4JKyjtQ083aOpZ0QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkQHAsO7u2hSosVXrSeP68tDOO1MB8GA1UdIwQY
MBaAFAchfAY0wQLHG6PkRPBoir3Rr0zoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnlGOEJqVEJBc2Niby1SRThHaUt2ZEd2VE9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iNDFhZDQtODUwMC00ZjI2LTkwMTkt
MGYwYmM5ZjYyOWQzLzEvR1JBY0N3N3U3YUZLaXhWZXRKNF9yeTBNNDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iNDFhZDQtODUwMC00ZjI2LTkwMTktMGYwYmM5ZjYyOWQz
LzEvQnlGOEJqVEJBc2Niby1SRThHaUt2ZEd2VE9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVTEMA0G
CSqGSIb3DQEBCwUAA4IBAQBqz2CBjlujH0t7a2cfgqAARIS4xOCIhj1cx9hyM2YC
EPOtq07Xngv3BmlEEZBF7yFtW+5oIJnUPr73Jv0VV2uYVhcKZOmqppUGLnYBgk8a
LHz3ZHhctWJjSEhWNQ8T8CAfhoeirsgtrJsyKWIpX+PMuEAhWbn6fD05o6Uo2fOm
gErXGdhPTtSeGKQyewf30yzbs1CPyB/TDuy/iYcIsc6EiKtx0o/heo2KATjhEPcP
l5dNqme4IZHOqKk6WXfP/T6Hh41B0ZGDuSd3otA1m66R+SHkeXe9ZGrEbiHNc991
NYhtka3OPYmxzHUCAdH8KXlBpo+aCU5La9SUSgpHD1XR
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:40 2024 by rpki-client on console-fra.rpki-client.org