Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/490e01-caf9-4d44-8f57-a1d9d0f88629/1/yogAGFQKagSzGv3cSrNvu5qhIHs.roa
File:                     yogAGFQKagSzGv3cSrNvu5qhIHs.roa (raw, json)
Hash identifier:          ImBmt2InKMf20nEFyfWEunsvhTND0AZtR08SzQjww/s=
Subject key identifier:   CA:88:00:18:54:0A:6A:04:B3:1A:FD:DC:4A:B3:6F:BB:9A:A1:20:7B
Certificate issuer:       /CN=17be827a580de61538ddefa28239468c4e901b40
Certificate serial:       018CC349255EE3C0FB9316C766FAE410AB95
Authority key identifier: 17:BE:82:7A:58:0D:E6:15:38:DD:EF:A2:82:39:46:8C:4E:90:1B:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F76CelgN5hU43e-igjlGjE6QG0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/490e01-caf9-4d44-8f57-a1d9d0f88629/1/yogAGFQKagSzGv3cSrNvu5qhIHs.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212641
IP address blocks:        176.120.108.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:25:5e:e3:c0:fb:93:16:c7:66:fa:e4:10:ab:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17be827a580de61538ddefa28239468c4e901b40
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca880018540a6a04b31afddc4ab36fbb9aa1207b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2f:2f:a1:89:87:ab:e1:3d:f3:f9:82:ab:91:
                    8a:13:a3:61:b9:6f:d5:12:2e:6f:34:4e:8b:f6:16:
                    39:b3:27:2c:06:3b:8a:ce:7c:9c:e8:6c:00:cf:c8:
                    fb:8c:e9:1d:93:fb:99:ad:1e:39:b9:d0:bf:ee:69:
                    bc:d4:ae:8c:cf:0c:c0:75:8e:45:c8:d1:7f:45:ab:
                    f7:4c:bb:ff:d2:43:cf:1e:c6:65:23:2c:c7:d3:45:
                    ca:98:00:dc:2d:be:41:af:43:e4:15:2f:9e:23:b2:
                    59:dd:0f:77:20:95:06:86:08:72:a5:08:a3:0b:0a:
                    ef:27:0d:79:35:ef:a2:36:4e:f5:a6:96:37:fd:88:
                    84:de:15:bd:7d:c8:eb:fc:59:c9:33:cd:a3:93:0f:
                    ed:3d:3d:6f:2c:5e:8f:37:7d:a7:2c:57:67:ad:81:
                    00:73:17:77:cd:92:51:88:0b:eb:27:16:19:0f:41:
                    5d:dc:c3:18:bc:05:21:eb:9b:7d:78:41:89:6d:22:
                    dc:d1:e6:3b:fe:69:96:65:ee:58:48:b7:0c:e4:26:
                    ed:ae:48:38:bb:56:85:f1:cd:f0:70:81:70:87:b4:
                    b9:b8:96:55:0a:d1:e5:3b:1f:08:b3:cb:f3:ee:cd:
                    ea:19:b5:20:03:09:8b:b9:15:c9:2c:4c:a3:12:31:
                    d2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:88:00:18:54:0A:6A:04:B3:1A:FD:DC:4A:B3:6F:BB:9A:A1:20:7B
            X509v3 Authority Key Identifier:
                keyid:17:BE:82:7A:58:0D:E6:15:38:DD:EF:A2:82:39:46:8C:4E:90:1B:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F76CelgN5hU43e-igjlGjE6QG0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/490e01-caf9-4d44-8f57-a1d9d0f88629/1/yogAGFQKagSzGv3cSrNvu5qhIHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/490e01-caf9-4d44-8f57-a1d9d0f88629/1/F76CelgN5hU43e-igjlGjE6QG0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:70:97:99:9f:f3:08:29:25:e4:23:50:0e:2f:5b:6a:8d:cf:
         e3:1a:03:08:16:5e:4b:1b:8a:f5:a0:91:3d:5e:8e:f8:f3:fb:
         31:b6:bf:0a:78:16:e8:82:b5:d3:04:0e:9c:b0:40:f6:f5:5f:
         4b:c9:43:80:24:40:f4:5e:90:30:af:d5:f3:0a:0d:4d:aa:15:
         93:7d:74:d1:7b:e3:a2:4a:09:46:d7:ea:52:db:3c:2c:5c:92:
         b1:70:07:a2:f8:f1:88:54:a6:ca:d9:27:8a:c5:1c:cc:bc:21:
         d0:17:51:7b:eb:44:9a:0b:ba:0a:0e:f7:1f:fd:0d:7d:04:46:
         37:2c:c5:57:a5:48:69:12:f9:b4:1d:ca:be:83:4d:d9:90:32:
         6d:fc:6f:5a:88:6b:d1:8d:e9:c8:17:26:ed:94:e2:47:13:ca:
         51:ce:e8:10:7b:b2:fe:75:d0:47:1a:17:14:ad:17:9d:69:d9:
         c5:0a:43:61:14:37:7e:aa:2f:38:6e:56:b1:84:39:fa:0f:8c:
         4c:c9:1b:fd:a0:e7:c1:42:92:8a:17:fe:cf:59:f4:4f:21:ad:
         bb:b8:bb:1c:05:a8:42:24:7e:26:38:5f:77:9d:11:8a:5b:59:
         b5:e6:ea:82:f5:85:84:01:bf:3c:69:0c:d6:dc:0a:56:4f:fb:
         7b:ed:3f:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSVe48D7kxbHZvrkEKuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YmU4MjdhNTgwZGU2MTUzOGRkZWZhMjgyMzk0NjhjNGU5
MDFiNDAwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg4MDAxODU0MGE2YTA0YjMxYWZkZGM0YWIzNmZiYjlhYTEyMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS8voYmHq+E98/mCq5GKE6NhuW/V
Ei5vNE6L9hY5sycsBjuKznyc6GwAz8j7jOkdk/uZrR45udC/7mm81K6MzwzAdY5F
yNF/Rav3TLv/0kPPHsZlIyzH00XKmADcLb5Br0PkFS+eI7JZ3Q93IJUGhghypQij
CwrvJw15Ne+iNk71ppY3/YiE3hW9fcjr/FnJM82jkw/tPT1vLF6PN32nLFdnrYEA
cxd3zZJRiAvrJxYZD0Fd3MMYvAUh65t9eEGJbSLc0eY7/mmWZe5YSLcM5Cbtrkg4
u1aF8c3wcIFwh7S5uJZVCtHlOx8Is8vz7s3qGbUgAwmLuRXJLEyjEjHS2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqIABhUCmoEsxr93Eqzb7uaoSB7MB8GA1UdIwQY
MBaAFBe+gnpYDeYVON3vooI5RoxOkBtAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjc2Q2VsZ041aFU0M2UtaWdqbEdqRTZRRzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80OTBlMDEtY2FmOS00ZDQ0LThmNTct
YTFkOWQwZjg4NjI5LzEveW9nQUdGUUthZ1N6R3YzY1NyTnZ1NXFoSUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80OTBlMDEtY2FmOS00ZDQ0LThmNTctYTFkOWQwZjg4NjI5
LzEvRjc2Q2VsZ041aFU0M2UtaWdqbEdqRTZRRzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHhsMA0G
CSqGSIb3DQEBCwUAA4IBAQBncJeZn/MIKSXkI1AOL1tqjc/jGgMIFl5LG4r1oJE9
Xo748/sxtr8KeBbogrXTBA6csED29V9LyUOAJED0XpAwr9XzCg1NqhWTfXTRe+Oi
SglG1+pS2zwsXJKxcAei+PGIVKbK2SeKxRzMvCHQF1F760SaC7oKDvcf/Q19BEY3
LMVXpUhpEvm0Hcq+g03ZkDJt/G9aiGvRjenIFybtlOJHE8pRzugQe7L+ddBHGhcU
rRedadnFCkNhFDd+qi84blaxhDn6D4xMyRv9oOfBQpKKF/7PWfRPIa27uLscBahC
JH4mOF93nRGKW1m15uqC9YWEAb88aQzW3ApWT/t77T87
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:31 2024 by rpki-client on console-ams.rpki-client.org