Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/1e1ca8-5ac4-44e6-8df9-d9fde6da633a/1/4kLfXQbTPY9Hnu6M50dymCHd5yA.roa
File:                     4kLfXQbTPY9Hnu6M50dymCHd5yA.roa (raw, json)
Hash identifier:          X+Kzp1dM/08GklcGH6C19oXWNBeqmqrKvCkW0rtNQlo=
Subject key identifier:   E2:42:DF:5D:06:D3:3D:8F:47:9E:EE:8C:E7:47:72:98:21:DD:E7:20
Certificate issuer:       /CN=411a41dcf4928ef5ef8e837daa9d5a9bf34152c9
Certificate serial:       F75C16
Authority key identifier: 41:1A:41:DC:F4:92:8E:F5:EF:8E:83:7D:AA:9D:5A:9B:F3:41:52:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRpB3PSSjvXvjoN9qp1am_NBUsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/1e1ca8-5ac4-44e6-8df9-d9fde6da633a/1/4kLfXQbTPY9Hnu6M50dymCHd5yA.roa
Signing time:             Sat 01 Jan 2022 09:02:38 +0000
ROA not before:           Sat 01 Jan 2022 09:02:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212667
IP address blocks:        188.64.140.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16210966 (0xf75c16)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a41dcf4928ef5ef8e837daa9d5a9bf34152c9
        Validity
            Not Before: Jan  1 09:02:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e242df5d06d33d8f479eee8ce747729821dde720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ec:dc:30:1f:31:66:e8:ea:9a:0e:60:eb:20:
                    44:9d:77:64:05:0a:f2:35:5f:00:b5:05:5e:ff:3e:
                    58:6d:eb:67:e6:d9:f2:2e:8c:fc:ef:8e:96:5f:72:
                    dd:50:9d:3f:ee:24:74:1e:c2:2e:b7:84:49:52:43:
                    61:f4:de:13:f0:18:ca:95:04:e3:56:27:5b:91:e0:
                    09:1b:9b:3e:57:2d:a1:80:5a:ce:01:93:5c:d9:91:
                    74:f5:93:83:a2:b5:12:93:67:e0:f1:46:c3:3f:ce:
                    32:6c:4c:6b:9a:09:53:52:b1:1b:0c:4a:2c:a3:76:
                    85:d8:4d:d3:b6:88:41:f0:31:f1:e3:dc:a8:c5:54:
                    ce:5a:af:3f:bc:f6:77:93:ad:24:69:d0:c8:d0:57:
                    38:1e:91:85:9d:60:fd:f5:c5:f3:8f:51:8a:27:3f:
                    70:e2:d7:ef:11:45:93:d9:68:be:4f:17:2e:b8:a7:
                    25:27:96:e9:f5:da:fe:4f:a3:a9:9c:8a:c9:b1:8b:
                    35:fe:84:aa:3e:d7:3b:bf:a5:04:18:cf:b0:0e:9f:
                    0d:fb:aa:7f:ff:ef:39:3a:97:aa:e3:49:91:93:60:
                    9f:01:d2:59:fb:30:28:3f:ad:91:c1:a2:e2:0b:28:
                    e3:0d:be:4d:2b:87:32:5e:72:0d:ba:ea:6d:dd:29:
                    94:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:42:DF:5D:06:D3:3D:8F:47:9E:EE:8C:E7:47:72:98:21:DD:E7:20
            X509v3 Authority Key Identifier:
                keyid:41:1A:41:DC:F4:92:8E:F5:EF:8E:83:7D:AA:9D:5A:9B:F3:41:52:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRpB3PSSjvXvjoN9qp1am_NBUsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/1e1ca8-5ac4-44e6-8df9-d9fde6da633a/1/4kLfXQbTPY9Hnu6M50dymCHd5yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/1e1ca8-5ac4-44e6-8df9-d9fde6da633a/1/QRpB3PSSjvXvjoN9qp1am_NBUsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d6:bd:7d:58:0e:af:f0:3a:cd:09:d4:27:cf:e7:17:0f:b3:
         de:45:d6:eb:14:80:1b:31:a5:d7:11:52:48:e4:8a:02:67:07:
         e3:94:c5:88:06:b3:01:3c:12:31:66:33:e7:05:60:c8:db:17:
         c0:0f:50:be:8c:d8:98:b0:68:54:5c:b8:c9:49:f0:2c:16:d6:
         83:7b:01:c5:56:32:ed:77:5e:e9:0f:4f:51:e1:84:ba:51:c0:
         cb:a5:7a:1e:b9:37:6c:da:4c:7c:b9:f0:27:7b:2a:4a:f8:92:
         16:ed:6d:ff:e8:02:f4:f7:2a:89:34:a3:f0:5a:7a:f4:da:a5:
         5e:6c:3a:98:0b:c1:2c:88:c1:36:e1:87:95:2c:64:16:be:ec:
         8a:16:bd:e9:eb:af:30:20:73:03:6f:40:ef:00:4c:9d:f9:27:
         7c:90:01:d2:5e:4e:5b:01:0e:44:c7:fb:6e:06:0c:eb:62:86:
         8f:79:ea:be:81:95:54:0e:36:ee:6f:6e:d5:58:7e:e3:f7:75:
         3b:2a:21:9a:28:ea:3d:b3:52:c5:59:73:d5:9e:90:c8:fd:14:
         75:c2:98:c8:ef:e7:35:68:82:01:75:63:0a:31:c0:75:89:99:
         cf:93:3a:d4:ba:55:57:e6:97:3c:9a:90:0b:08:6f:49:42:b1:
         a6:70:ac:89
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAPdcFjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MTFhNDFkY2Y0OTI4ZWY1ZWY4ZTgzN2RhYTlkNWE5YmYzNDE1MmM5MB4XDTIyMDEw
MTA5MDIzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTI0MmRmNWQwNmQz
M2Q4ZjQ3OWVlZThjZTc0NzcyOTgyMWRkZTcyMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKns3DAfMWbo6poOYOsgRJ13ZAUK8jVfALUFXv8+WG3rZ+bZ
8i6M/O+Oll9y3VCdP+4kdB7CLreESVJDYfTeE/AYypUE41YnW5HgCRubPlctoYBa
zgGTXNmRdPWTg6K1EpNn4PFGwz/OMmxMa5oJU1KxGwxKLKN2hdhN07aIQfAx8ePc
qMVUzlqvP7z2d5OtJGnQyNBXOB6RhZ1g/fXF849Riic/cOLX7xFFk9lovk8XLrin
JSeW6fXa/k+jqZyKybGLNf6Eqj7XO7+lBBjPsA6fDfuqf//vOTqXquNJkZNgnwHS
WfswKD+tkcGi4gso4w2+TSuHMl5yDbrqbd0plCcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTiQt9dBtM9j0ee7oznR3KYId3nIDAfBgNVHSMEGDAWgBRBGkHc9JKO9e+O
g32qnVqb80FSyTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FScEIzUFNTanZYdmpvTjlxcDFhbV9OQlVzay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTEvMWUxY2E4LTVhYzQtNDRlNi04ZGY5LWQ5ZmRlNmRhNjMzYS8x
LzRrTGZYUWJUUFk5SG51Nk01MGR5bUNIZDV5QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEv
MWUxY2E4LTVhYzQtNDRlNi04ZGY5LWQ5ZmRlNmRhNjMzYS8xL1FScEIzUFNTanZY
dmpvTjlxcDFhbV9OQlVzay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALxAjDANBgkqhkiG9w0BAQsFAAOC
AQEAcda9fVgOr/A6zQnUJ8/nFw+z3kXW6xSAGzGl1xFSSOSKAmcH45TFiAazATwS
MWYz5wVgyNsXwA9QvozYmLBoVFy4yUnwLBbWg3sBxVYy7Xde6Q9PUeGEulHAy6V6
Hrk3bNpMfLnwJ3sqSviSFu1t/+gC9PcqiTSj8Fp69NqlXmw6mAvBLIjBNuGHlSxk
Fr7siha96euvMCBzA29A7wBMnfknfJAB0l5OWwEORMf7bgYM62KGj3nqvoGVVA42
7m9u1Vh+4/d1OyohmijqPbNSxVlz1Z6QyP0UdcKYyO/nNWiCAXVjCjHAdYmZz5M6
1LpVV+aXPJqQCwhvSUKxpnCsiQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:56 2024 by rpki-client on console-ams.rpki-client.org