Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Yh_KfED9phxhYNUyYZQnjJeXtFQ.roa
File:                     Yh_KfED9phxhYNUyYZQnjJeXtFQ.roa (raw, json)
Hash identifier:          Ynnu6E7GMgTkw56pY7BMiaSUB/J+yMj5qaDCpEpaYfA=
Subject key identifier:   62:1F:CA:7C:40:FD:A6:1C:61:60:D5:32:61:94:27:8C:97:97:B4:54
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369AA4BD80D972CA5A745DCA5642A7B
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Yh_KfED9phxhYNUyYZQnjJeXtFQ.roa
Signing time:             Wed 01 Jan 2025 19:48:34 +0000
ROA not before:           Wed 01 Jan 2025 19:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59784
IP address blocks:        86.106.78.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:aa:4b:d8:0d:97:2c:a5:a7:45:dc:a5:64:2a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=621fca7c40fda61c6160d5326194278c9797b454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:34:6c:f9:16:82:1e:e9:13:a1:bf:13:f8:b7:
                    68:13:af:3c:43:d0:b1:25:b2:fe:f9:2e:46:10:ff:
                    57:5b:0a:ff:27:77:a9:cd:3a:92:7a:06:d0:21:28:
                    42:ed:1d:8c:af:98:99:35:ca:91:c1:a9:2b:32:33:
                    f4:75:0a:bb:95:11:fe:e6:66:a1:a9:7f:87:13:ac:
                    7a:c8:3c:fb:4c:ef:63:b8:65:ae:77:64:7d:cc:45:
                    f3:e9:40:78:0a:53:d0:b8:6b:f5:b7:95:9e:4c:02:
                    9e:22:70:44:da:32:77:86:78:27:dc:ba:12:29:89:
                    d1:1c:a2:c0:08:77:4c:e5:10:f2:d6:dd:5d:33:02:
                    dc:e0:12:b2:cf:4a:2d:c7:47:46:52:cb:6d:44:f5:
                    24:44:9d:f2:51:d5:4f:80:6e:78:9e:3b:59:c4:0d:
                    c8:1d:fb:3e:97:15:a5:a8:20:f4:b4:2b:af:3d:0b:
                    b5:e4:12:70:92:a2:3f:4d:51:ad:b7:9b:52:c6:0f:
                    f4:c5:4f:16:09:d6:9d:02:b8:4e:5f:0a:47:73:8c:
                    39:b1:9c:1f:18:28:b7:96:1c:cc:86:30:1d:0b:eb:
                    c0:a9:4b:99:94:b6:ff:f3:34:3a:1f:a1:2b:ae:65:
                    b6:80:60:b0:09:98:b2:94:05:09:1e:99:87:3a:2e:
                    04:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1F:CA:7C:40:FD:A6:1C:61:60:D5:32:61:94:27:8C:97:97:B4:54
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Yh_KfED9phxhYNUyYZQnjJeXtFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:39:a6:1f:56:b9:42:d0:96:6b:e3:a8:8f:9e:e4:eb:22:23:
         da:f5:2a:6b:bb:cb:97:55:ac:be:64:e6:c2:78:c1:dc:5d:ed:
         1d:68:8f:52:be:b9:8b:2b:74:11:51:2e:8f:31:3e:1b:d3:8d:
         50:d6:73:66:b4:65:4d:6c:77:2c:8a:ed:5c:8e:5f:45:c6:8b:
         aa:69:8b:7c:31:32:13:2c:32:ff:7a:e2:fb:4e:e6:04:7a:9f:
         5f:3a:78:31:01:46:d5:d8:3c:c8:9b:0c:d1:97:27:fd:3d:6f:
         4e:96:56:bd:b1:9c:48:17:30:8a:e3:7d:6a:15:0c:e4:ef:67:
         fd:0d:e3:04:c9:aa:b7:f3:de:1a:46:b7:5d:33:ad:e7:51:2c:
         5a:4b:bb:9f:5b:d5:7b:2d:8b:02:a7:59:00:60:5a:bd:36:c5:
         c4:93:78:13:ac:42:23:19:68:7b:7b:78:0e:a8:52:1f:21:29:
         7a:4e:64:eb:52:18:c9:a4:b2:83:56:4d:ac:65:71:2d:37:20:
         78:d7:0f:1b:90:96:06:4b:6a:9c:c1:72:1c:b3:72:11:04:23:
         14:e0:6b:f8:91:2d:36:34:12:37:e5:66:d9:ce:4c:b2:c5:5e:
         f4:e6:d4:61:11:06:f3:40:c3:f2:b6:dd:fe:53:2b:4c:06:78:
         e5:68:2d:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaapL2A2XLKWnRdylZCp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFmY2E3YzQwZmRhNjFjNjE2MGQ1MzI2MTk0Mjc4Yzk3OTdiNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjRs+RaCHukTob8T+LdoE688Q9Cx
JbL++S5GEP9XWwr/J3epzTqSegbQIShC7R2Mr5iZNcqRwakrMjP0dQq7lRH+5mah
qX+HE6x6yDz7TO9juGWud2R9zEXz6UB4ClPQuGv1t5WeTAKeInBE2jJ3hngn3LoS
KYnRHKLACHdM5RDy1t1dMwLc4BKyz0otx0dGUsttRPUkRJ3yUdVPgG54njtZxA3I
Hfs+lxWlqCD0tCuvPQu15BJwkqI/TVGtt5tSxg/0xU8WCdadArhOXwpHc4w5sZwf
GCi3lhzMhjAdC+vAqUuZlLb/8zQ6H6ErrmW2gGCwCZiylAUJHpmHOi4EtwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGIfynxA/aYcYWDVMmGUJ4yXl7RUMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1loX0tmRUQ5cGh4aFlOVXlZWlFuakplWHRGUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWak4w
DQYJKoZIhvcNAQELBQADggEBALM5ph9WuULQlmvjqI+e5OsiI9r1Kmu7y5dVrL5k
5sJ4wdxd7R1oj1K+uYsrdBFRLo8xPhvTjVDWc2a0ZU1sdyyK7VyOX0XGi6ppi3wx
MhMsMv964vtO5gR6n186eDEBRtXYPMibDNGXJ/09b06WVr2xnEgXMIrjfWoVDOTv
Z/0N4wTJqrfz3hpGt10zredRLFpLu59b1XstiwKnWQBgWr02xcSTeBOsQiMZaHt7
eA6oUh8hKXpOZOtSGMmksoNWTaxlcS03IHjXDxuQlgZLapzBchyzchEEIxTga/iR
LTY0EjflZtnOTLLFXvTm1GERBvNAw/K23f5TK0wGeOVoLX0=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:44:13 2025 by rpki-client