Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/977fa3-3f65-4f40-9105-8603cdecf9a2/1/KU3iw4iqWx-ZLSz_KJjpNnf-YCU.roa
File:                     KU3iw4iqWx-ZLSz_KJjpNnf-YCU.roa (raw, json)
Hash identifier:          N3eE+ucp9bfw5aCtHxMQQ08lLS1UP5ospnMJlSST2NI=
Subject key identifier:   29:4D:E2:C3:88:AA:5B:1F:99:2D:2C:FF:28:98:E9:36:77:FE:60:25
Certificate issuer:       /CN=8fb1a18133bf384e7099e5985c40fe281e2da755
Certificate serial:       970FFB
Authority key identifier: 8F:B1:A1:81:33:BF:38:4E:70:99:E5:98:5C:40:FE:28:1E:2D:A7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j7GhgTO_OE5wmeWYXED-KB4tp1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/977fa3-3f65-4f40-9105-8603cdecf9a2/1/KU3iw4iqWx-ZLSz_KJjpNnf-YCU.roa
Signing time:             Sat 01 Jan 2022 00:55:47 +0000
ROA not before:           Sat 01 Jan 2022 00:55:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        176.126.126.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9900027 (0x970ffb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fb1a18133bf384e7099e5985c40fe281e2da755
        Validity
            Not Before: Jan  1 00:55:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=294de2c388aa5b1f992d2cff2898e93677fe6025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3a:0c:3d:a6:b9:16:da:9d:c4:0c:35:f1:17:
                    70:e6:b3:84:1e:a0:b1:63:2d:2f:6a:c1:d3:51:db:
                    9b:1d:f8:86:4d:6f:7d:ea:c1:73:a7:44:26:ee:29:
                    00:20:63:ed:5c:98:82:4a:07:58:01:e7:77:c0:40:
                    e6:b0:eb:86:f1:b2:bc:c0:39:19:98:e1:71:58:a7:
                    03:25:3d:db:80:dc:24:4f:3f:9d:1d:1d:e3:9b:29:
                    3f:cc:c6:64:89:a5:4d:5a:28:23:00:02:6d:3d:10:
                    70:cc:e3:ee:4c:5a:72:be:ff:ce:66:c9:0c:0d:ed:
                    48:d4:7c:87:af:30:77:ad:00:ca:62:1e:f1:7c:0e:
                    a7:4c:a2:55:b0:29:2e:d4:a9:e2:c3:b4:dc:82:11:
                    08:40:18:3e:08:68:27:74:84:3b:ba:28:69:23:27:
                    33:5a:c5:f1:34:7e:ec:6f:8d:76:17:64:3a:ea:72:
                    ba:b4:fd:78:78:93:da:5e:f1:f4:67:61:80:e6:d6:
                    2e:bb:9a:5e:9d:50:d9:65:d0:2b:42:17:74:ef:f1:
                    6e:10:77:fe:ea:c7:73:00:40:f4:d5:bf:ce:62:66:
                    95:99:d2:88:36:b3:8e:dc:59:e8:29:e9:91:3c:16:
                    1f:44:ba:16:c2:bb:21:aa:4e:59:c6:55:8a:7b:65:
                    40:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4D:E2:C3:88:AA:5B:1F:99:2D:2C:FF:28:98:E9:36:77:FE:60:25
            X509v3 Authority Key Identifier:
                keyid:8F:B1:A1:81:33:BF:38:4E:70:99:E5:98:5C:40:FE:28:1E:2D:A7:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j7GhgTO_OE5wmeWYXED-KB4tp1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/977fa3-3f65-4f40-9105-8603cdecf9a2/1/KU3iw4iqWx-ZLSz_KJjpNnf-YCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/977fa3-3f65-4f40-9105-8603cdecf9a2/1/j7GhgTO_OE5wmeWYXED-KB4tp1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b8:53:17:e2:9b:f4:80:79:95:8b:41:f4:49:64:21:14:1d:
         af:5f:57:38:e8:4a:1e:99:d1:5a:f9:fd:3f:bf:de:04:70:08:
         2b:2c:9b:e1:e8:5c:29:74:00:85:df:7f:d7:81:d3:df:07:34:
         3c:e4:e5:fc:1d:21:fe:0a:00:81:d6:cb:88:ad:98:e1:37:92:
         3e:b4:69:55:0f:2b:07:2d:9a:a1:dd:10:be:ea:99:16:e0:b9:
         ca:f6:ae:76:11:24:79:d3:e4:a9:c5:85:44:a1:01:65:84:00:
         82:c9:38:8e:85:be:3f:fb:52:80:b2:d9:16:db:a5:33:24:87:
         f5:66:73:4c:b9:eb:de:2c:c4:36:69:99:43:a4:1f:98:8e:df:
         c0:2b:d8:c2:83:e4:8b:08:53:27:e5:21:a3:d2:3d:c8:57:09:
         ec:d9:9c:8a:5d:35:a2:c9:f6:07:1a:b1:b8:58:50:06:0b:d3:
         2c:65:13:0b:7a:e9:77:ac:53:71:65:d9:14:c3:50:b4:e6:c7:
         a9:e9:f3:4a:23:37:d0:1c:4a:31:b4:8b:e7:c6:49:c8:e5:5e:
         64:c5:63:e1:40:e0:f3:ac:88:46:66:ae:93:d5:22:80:27:82:
         48:8f:7b:0f:2b:87:7e:45:2f:80:08:4b:a0:93:0c:23:9f:61:
         dd:97:82:9f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAJcP+zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZmIxYTE4MTMzYmYzODRlNzA5OWU1OTg1YzQwZmUyODFlMmRhNzU1MB4XDTIyMDEw
MTAwNTU0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjk0ZGUyYzM4OGFh
NWIxZjk5MmQyY2ZmMjg5OGU5MzY3N2ZlNjAyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOE6DD2muRbancQMNfEXcOazhB6gsWMtL2rB01Hbmx34hk1v
ferBc6dEJu4pACBj7VyYgkoHWAHnd8BA5rDrhvGyvMA5GZjhcVinAyU924DcJE8/
nR0d45spP8zGZImlTVooIwACbT0QcMzj7kxacr7/zmbJDA3tSNR8h68wd60AymIe
8XwOp0yiVbApLtSp4sO03IIRCEAYPghoJ3SEO7ooaSMnM1rF8TR+7G+NdhdkOupy
urT9eHiT2l7x9GdhgObWLruaXp1Q2WXQK0IXdO/xbhB3/urHcwBA9NW/zmJmlZnS
iDazjtxZ6CnpkTwWH0S6FsK7IapOWcZVintlQI8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQpTeLDiKpbH5ktLP8omOk2d/5gJTAfBgNVHSMEGDAWgBSPsaGBM784TnCZ
5ZhcQP4oHi2nVTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2o3R2hnVE9fT0U1d21lV1lYRUQtS0I0dHAxVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvOTc3ZmEzLTNmNjUtNGY0MC05MTA1LTg2MDNjZGVjZjlhMi8x
L0tVM2l3NGlxV3gtWkxTel9LSmpwTm5mLVlDVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
OTc3ZmEzLTNmNjUtNGY0MC05MTA1LTg2MDNjZGVjZjlhMi8xL2o3R2hnVE9fT0U1
d21lV1lYRUQtS0I0dHAxVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALB+fjANBgkqhkiG9w0BAQsFAAOC
AQEAWbhTF+Kb9IB5lYtB9ElkIRQdr19XOOhKHpnRWvn9P7/eBHAIKyyb4ehcKXQA
hd9/14HT3wc0POTl/B0h/goAgdbLiK2Y4TeSPrRpVQ8rBy2aod0QvuqZFuC5yvau
dhEkedPkqcWFRKEBZYQAgsk4joW+P/tSgLLZFtulMySH9WZzTLnr3izENmmZQ6Qf
mI7fwCvYwoPkiwhTJ+Uho9I9yFcJ7Nmcil01osn2BxqxuFhQBgvTLGUTC3rpd6xT
cWXZFMNQtObHqenzSiM30BxKMbSL58ZJyOVeZMVj4UDg86yIRmauk9UigCeCSI97
DyuHfkUvgAhLoJMMI59h3ZeCnw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:30 2024 by rpki-client on console-ams.rpki-client.org