Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/759ca5-0d99-428e-85ad-f8872bbdd186/1/7NwAJ0PE6VOj-V9dKqE-Ie1mbqg.roa
File:                     7NwAJ0PE6VOj-V9dKqE-Ie1mbqg.roa (raw, json)
Hash identifier:          ZNSVsJSC1ewsWyBDw8JZQqgTtYdd3xS8eQpjIXErVOU=
Subject key identifier:   EC:DC:00:27:43:C4:E9:53:A3:F9:5F:5D:2A:A1:3E:21:ED:66:6E:A8
Certificate issuer:       /CN=2f32b5d5f1b98e085eea3a016e080c859b417583
Certificate serial:       6D26C2
Authority key identifier: 2F:32:B5:D5:F1:B9:8E:08:5E:EA:3A:01:6E:08:0C:85:9B:41:75:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LzK11fG5jghe6joBbggMhZtBdYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/759ca5-0d99-428e-85ad-f8872bbdd186/1/7NwAJ0PE6VOj-V9dKqE-Ie1mbqg.roa
Signing time:             Sat 01 Jan 2022 03:01:43 +0000
ROA not before:           Sat 01 Jan 2022 03:01:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212667
IP address blocks:        146.19.150.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7153346 (0x6d26c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f32b5d5f1b98e085eea3a016e080c859b417583
        Validity
            Not Before: Jan  1 03:01:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ecdc002743c4e953a3f95f5d2aa13e21ed666ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:33:6b:11:7d:63:47:b4:41:3d:21:f8:65:
                    58:04:3c:b7:d7:2b:e0:f9:f6:c3:db:09:f6:c0:89:
                    89:3b:30:96:ae:97:66:89:1d:cf:91:5b:5c:03:b8:
                    c0:32:7f:49:8d:f8:a9:5a:9f:05:4b:81:a3:57:76:
                    4c:12:94:54:a0:ed:15:be:07:42:9e:f0:e6:bb:11:
                    6c:84:a2:40:80:56:42:1f:26:12:19:54:18:80:f4:
                    9e:bb:64:bc:23:ba:f4:1c:29:d1:c2:17:de:87:f0:
                    87:d8:be:57:ab:27:bf:d8:d5:db:9f:ac:91:cf:4a:
                    e2:e5:9d:92:f8:c9:18:bc:99:ae:7b:7b:af:6c:18:
                    8c:74:24:15:72:9e:20:3e:a7:e0:05:6f:44:03:67:
                    b3:45:f9:7f:15:de:06:da:f7:f8:69:13:12:b9:7f:
                    36:51:ef:47:39:96:d5:df:10:8b:8f:da:8b:cc:c1:
                    65:ff:4a:63:59:f5:6d:6c:aa:8d:79:99:91:b1:6f:
                    32:3c:cd:9a:96:d1:f8:fd:a8:75:0e:8d:14:65:b9:
                    7b:b8:7c:72:58:a2:fc:94:16:99:69:55:38:a0:da:
                    98:e0:d9:2d:a3:b1:34:98:18:65:55:1c:c5:ca:90:
                    0c:ed:fe:bb:04:32:6c:6a:56:be:4d:dc:60:de:de:
                    6d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DC:00:27:43:C4:E9:53:A3:F9:5F:5D:2A:A1:3E:21:ED:66:6E:A8
            X509v3 Authority Key Identifier:
                keyid:2F:32:B5:D5:F1:B9:8E:08:5E:EA:3A:01:6E:08:0C:85:9B:41:75:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzK11fG5jghe6joBbggMhZtBdYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/759ca5-0d99-428e-85ad-f8872bbdd186/1/7NwAJ0PE6VOj-V9dKqE-Ie1mbqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/759ca5-0d99-428e-85ad-f8872bbdd186/1/LzK11fG5jghe6joBbggMhZtBdYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:95:3f:00:c8:94:93:39:df:ac:ab:98:0f:a7:b7:9a:c1:a9:
         82:0b:f2:a1:cb:07:c4:67:a0:8a:40:d9:bc:5c:63:9d:41:bd:
         00:c9:07:91:87:bf:f9:57:6d:9f:f3:24:73:08:52:54:d4:77:
         7d:32:ad:17:95:16:d8:48:7b:a7:47:21:10:1e:3c:66:12:9c:
         46:2e:62:e6:82:48:19:c9:a7:17:0d:32:27:91:88:7e:86:ad:
         ce:c7:68:9b:c4:d5:d8:e5:17:b2:ce:84:89:44:17:38:19:fb:
         30:7a:13:bf:6d:94:82:48:f5:fe:47:b4:18:2b:a5:58:85:54:
         2a:f8:7b:ef:82:d9:f1:1f:9c:d0:13:0b:4a:fe:4a:69:92:f7:
         fa:20:b3:22:1a:ac:d7:f4:4e:e0:94:c1:7e:10:39:bb:f6:6d:
         0a:ff:6e:cf:2c:77:18:51:d2:ff:b2:b5:26:51:24:be:70:e5:
         24:95:d9:64:28:a4:b8:b1:ab:30:8c:e1:3e:11:56:8e:15:c8:
         72:93:9d:97:02:5b:21:ab:db:55:25:c8:f6:32:fe:5b:3d:f2:
         cf:9b:0b:de:ce:bf:87:e3:62:af:7e:e1:00:65:89:85:c1:4c:
         8d:5d:14:5f:80:da:31:d8:b2:31:a6:6d:d3:92:c1:aa:73:88:
         97:d4:bc:da
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDbSbCMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDJm
MzJiNWQ1ZjFiOThlMDg1ZWVhM2EwMTZlMDgwYzg1OWI0MTc1ODMwHhcNMjIwMTAx
MDMwMTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlY2RjMDAyNzQzYzRl
OTUzYTNmOTVmNWQyYWExM2UyMWVkNjY2ZWE4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuUQzaxF9Y0e0QT0h+GVYBDy31yvg+fbD2wn2wImJOzCWrpdm
iR3PkVtcA7jAMn9JjfipWp8FS4GjV3ZMEpRUoO0VvgdCnvDmuxFshKJAgFZCHyYS
GVQYgPSeu2S8I7r0HCnRwhfeh/CH2L5Xqye/2NXbn6yRz0ri5Z2S+MkYvJmue3uv
bBiMdCQVcp4gPqfgBW9EA2ezRfl/Fd4G2vf4aRMSuX82Ue9HOZbV3xCLj9qLzMFl
/0pjWfVtbKqNeZmRsW8yPM2altH4/ah1Do0UZbl7uHxyWKL8lBaZaVU4oNqY4Nkt
o7E0mBhlVRzFypAM7f67BDJsala+Tdxg3t5tewIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFOzcACdDxOlTo/lfXSqhPiHtZm6oMB8GA1UdIwQYMBaAFC8ytdXxuY4IXuo6
AW4IDIWbQXWDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
THpLMTFmRzVqZ2hlNmpvQmJnZ01oWnRCZFlNLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC85Ni83NTljYTUtMGQ5OS00MjhlLTg1YWQtZjg4NzJiYmRkMTg2LzEv
N053QUowUEU2Vk9qLVY5ZEtxRS1JZTFtYnFnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83
NTljYTUtMGQ5OS00MjhlLTg1YWQtZjg4NzJiYmRkMTg2LzEvTHpLMTFmRzVqZ2hl
NmpvQmJnZ01oWnRCZFlNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOWMA0GCSqGSIb3DQEBCwUAA4IB
AQB1lT8AyJSTOd+sq5gPp7eawamCC/KhywfEZ6CKQNm8XGOdQb0AyQeRh7/5V22f
8yRzCFJU1Hd9Mq0XlRbYSHunRyEQHjxmEpxGLmLmgkgZyacXDTInkYh+hq3Ox2ib
xNXY5ReyzoSJRBc4GfswehO/bZSCSPX+R7QYK6VYhVQq+HvvgtnxH5zQEwtK/kpp
kvf6ILMiGqzX9E7glMF+EDm79m0K/27PLHcYUdL/srUmUSS+cOUkldlkKKS4sasw
jOE+EVaOFchyk52XAlshq9tVJcj2Mv5bPfLPmwvezr+H42KvfuEAZYmFwUyNXRRf
gNox2LIxpm3TksGqc4iX1Lza
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:55 2024 by rpki-client on console-fra.rpki-client.org