Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/1463db-c0fa-4449-aa1f-808d2a02edca/1/2_oYhrGa3i_RMcvQWJo95s9ksKk.roa
File:                     2_oYhrGa3i_RMcvQWJo95s9ksKk.roa (raw, json)
Hash identifier:          Kk0eWlcys2gs+oDD5MaKZBG5OWSKm34kqKLw1zsws6c=
Subject key identifier:   DB:FA:18:86:B1:9A:DE:2F:D1:31:CB:D0:58:9A:3D:E6:CF:64:B0:A9
Certificate issuer:       /CN=1aff4b20efa5be183d6835f3a7a89d51547e6df6
Certificate serial:       01856D13C6DFE34202F75FF63A13CB267BD7
Authority key identifier: 1A:FF:4B:20:EF:A5:BE:18:3D:68:35:F3:A7:A8:9D:51:54:7E:6D:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gv9LIO-lvhg9aDXzp6idUVR-bfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/1463db-c0fa-4449-aa1f-808d2a02edca/1/2_oYhrGa3i_RMcvQWJo95s9ksKk.roa
Signing time:             Sun 01 Jan 2023 11:24:50 +0000
ROA not before:           Sun 01 Jan 2023 11:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3326
IP address blocks:        193.151.244.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:13:c6:df:e3:42:02:f7:5f:f6:3a:13:cb:26:7b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aff4b20efa5be183d6835f3a7a89d51547e6df6
        Validity
            Not Before: Jan  1 11:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbfa1886b19ade2fd131cbd0589a3de6cf64b0a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7e:82:b1:81:ea:f6:45:65:0c:f8:b9:60:f2:
                    69:2d:ba:55:72:d7:d9:4d:1c:23:b7:1c:47:9f:db:
                    f2:d8:f0:a9:b7:ca:1e:41:91:1a:2d:c7:10:9c:ce:
                    e1:dc:3b:0e:e6:b7:5b:af:89:75:4f:63:4d:cf:7d:
                    e6:05:53:1d:11:ce:67:7a:93:40:47:cf:f6:87:71:
                    96:25:36:69:e6:6c:14:09:1c:5d:17:c6:bf:ac:50:
                    6d:53:ec:93:1b:3d:57:09:9b:13:18:e2:be:e2:36:
                    73:4e:d3:71:ac:8b:18:d5:dd:32:14:78:f0:d8:22:
                    88:45:60:46:b5:f9:8a:d1:d2:24:94:48:37:31:c6:
                    da:28:2a:0b:6f:d2:89:ef:17:34:3f:e1:33:6e:8d:
                    57:f4:43:2b:66:51:15:41:13:3d:3c:2f:43:ad:ef:
                    d5:1d:f0:81:33:c8:8d:ec:b2:b4:2f:4d:21:7d:a9:
                    43:81:3b:ec:76:e1:5a:5e:b8:ac:3f:ce:05:4e:19:
                    04:1e:31:c0:fa:5b:a9:07:32:b7:10:c5:80:00:62:
                    a3:06:f7:3d:88:72:37:35:4f:2d:1a:26:a5:74:c8:
                    6c:0e:05:29:62:44:de:a5:7c:83:34:f7:62:1b:76:
                    10:2c:dd:4f:3e:ed:b7:30:6f:bd:b5:54:3f:44:0b:
                    ff:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FA:18:86:B1:9A:DE:2F:D1:31:CB:D0:58:9A:3D:E6:CF:64:B0:A9
            X509v3 Authority Key Identifier:
                keyid:1A:FF:4B:20:EF:A5:BE:18:3D:68:35:F3:A7:A8:9D:51:54:7E:6D:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gv9LIO-lvhg9aDXzp6idUVR-bfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1463db-c0fa-4449-aa1f-808d2a02edca/1/2_oYhrGa3i_RMcvQWJo95s9ksKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1463db-c0fa-4449-aa1f-808d2a02edca/1/Gv9LIO-lvhg9aDXzp6idUVR-bfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:d9:d1:06:60:27:7c:07:d3:ef:fe:52:0c:08:f3:0b:50:59:
         49:3a:31:1a:86:4d:50:c6:32:6f:60:bb:4c:05:85:f7:3d:9e:
         03:5f:87:48:83:31:f8:b8:86:7e:ff:00:be:b8:b2:2e:f6:91:
         7e:46:39:ca:db:af:de:c9:60:d9:2b:b2:04:9d:a1:f8:4d:c8:
         19:cf:06:b0:85:55:5b:0a:52:a3:bd:ed:48:7c:b6:b8:47:70:
         ad:14:64:a1:b4:1b:f8:85:40:15:a3:49:38:96:d8:fa:33:58:
         72:58:6e:f6:5d:fd:b9:07:89:e2:1d:a2:cb:e1:87:27:91:85:
         6d:4e:93:aa:c7:ad:d7:a1:bc:0c:2c:a8:60:68:b6:e5:37:7d:
         a0:ca:ac:22:aa:a7:60:f3:d5:43:05:90:48:72:46:59:b7:48:
         ff:22:bd:19:8f:4d:d8:65:98:b3:2a:fd:84:ed:81:6c:4f:b2:
         f2:bd:d4:37:9c:54:58:4d:27:07:08:b4:ec:aa:71:27:aa:59:
         11:51:ab:59:99:ae:56:9a:f7:7e:52:82:e7:91:27:3a:b5:be:
         d0:d4:a8:9b:8b:1d:3c:e0:08:bf:be:b4:c2:97:3b:98:a7:03:
         c4:61:46:e9:7d:cb:28:2c:c1:40:ad:46:4d:c3:4c:4b:75:7e:
         cc:b0:3c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtE8bf40IC91/2OhPLJnvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZmY0YjIwZWZhNWJlMTgzZDY4MzVmM2E3YTg5ZDUxNTQ3
ZTZkZjYwHhcNMjMwMTAxMTEyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZhMTg4NmIxOWFkZTJmZDEzMWNiZDA1ODlhM2RlNmNmNjRiMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA036CsYHq9kVlDPi5YPJpLbpVctfZ
TRwjtxxHn9vy2PCpt8oeQZEaLccQnM7h3DsO5rdbr4l1T2NNz33mBVMdEc5nepNA
R8/2h3GWJTZp5mwUCRxdF8a/rFBtU+yTGz1XCZsTGOK+4jZzTtNxrIsY1d0yFHjw
2CKIRWBGtfmK0dIklEg3McbaKCoLb9KJ7xc0P+Ezbo1X9EMrZlEVQRM9PC9Dre/V
HfCBM8iN7LK0L00hfalDgTvsduFaXrisP84FThkEHjHA+lupBzK3EMWAAGKjBvc9
iHI3NU8tGialdMhsDgUpYkTepXyDNPdiG3YQLN1PPu23MG+9tVQ/RAv/6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv6GIaxmt4v0THL0FiaPebPZLCpMB8GA1UdIwQY
MBaAFBr/SyDvpb4YPWg186eonVFUfm32MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3Y5TElPLWx2aGc5YURYenA2aWRVVlItYmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xNDYzZGItYzBmYS00NDQ5LWFhMWYt
ODA4ZDJhMDJlZGNhLzEvMl9vWWhyR2EzaV9STWN2UVdKbzk1czlrc0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xNDYzZGItYzBmYS00NDQ5LWFhMWYtODA4ZDJhMDJlZGNh
LzEvR3Y5TElPLWx2aGc5YURYenA2aWRVVlItYmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZf0MA0G
CSqGSIb3DQEBCwUAA4IBAQAk2dEGYCd8B9Pv/lIMCPMLUFlJOjEahk1QxjJvYLtM
BYX3PZ4DX4dIgzH4uIZ+/wC+uLIu9pF+RjnK26/eyWDZK7IEnaH4TcgZzwawhVVb
ClKjve1IfLa4R3CtFGShtBv4hUAVo0k4ltj6M1hyWG72Xf25B4niHaLL4YcnkYVt
TpOqx63XobwMLKhgaLblN32gyqwiqqdg89VDBZBIckZZt0j/Ir0Zj03YZZizKv2E
7YFsT7LyvdQ3nFRYTScHCLTsqnEnqlkRUatZma5Wmvd+UoLnkSc6tb7Q1Kibix08
4Ai/vrTClzuYpwPEYUbpfcsoLMFArUZNw0xLdX7MsDx4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:08 2024 by rpki-client on console-ams.rpki-client.org