Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/8dbf34-d49a-4e5c-80cd-6acdf4751a48/1/lXfWM0PV0d6QPd7VQ8u8s85HOPc.roa
File:                     lXfWM0PV0d6QPd7VQ8u8s85HOPc.roa (raw, json)
Hash identifier:          YEZyQ5xy+JS9OBjBwX7XbqEYKf0wnucQlYVf05sAevI=
Subject key identifier:   95:77:D6:33:43:D5:D1:DE:90:3D:DE:D5:43:CB:BC:B3:CE:47:38:F7
Certificate issuer:       /CN=a7a96242b4919622bf29949d27138f6412a36f17
Certificate serial:       01856CAF1A69BDD047A47747AF23EA95A0DD
Authority key identifier: A7:A9:62:42:B4:91:96:22:BF:29:94:9D:27:13:8F:64:12:A3:6F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6liQrSRliK_KZSdJxOPZBKjbxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/8dbf34-d49a-4e5c-80cd-6acdf4751a48/1/lXfWM0PV0d6QPd7VQ8u8s85HOPc.roa
Signing time:             Sun 01 Jan 2023 09:34:52 +0000
ROA not before:           Sun 01 Jan 2023 09:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     24940
IP address blocks:        185.36.144.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:1a:69:bd:d0:47:a4:77:47:af:23:ea:95:a0:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a96242b4919622bf29949d27138f6412a36f17
        Validity
            Not Before: Jan  1 09:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9577d63343d5d1de903dded543cbbcb3ce4738f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ac:3f:76:30:bd:3b:c6:1b:5a:d4:a1:a7:ee:
                    96:de:58:2e:35:40:8e:80:70:41:3a:e6:7a:38:34:
                    8f:e1:d5:38:46:9d:01:3e:29:76:75:5d:1e:ee:96:
                    2b:87:6e:89:90:44:91:dc:bc:e2:10:39:ea:d1:2e:
                    81:66:d6:40:be:1b:71:19:74:d9:b1:3d:4c:61:5a:
                    1d:19:7a:96:36:97:3f:80:85:e9:d2:0c:cd:44:62:
                    67:b5:e2:4f:32:5c:8d:00:b7:93:61:5c:6f:f9:18:
                    c4:fa:cb:a7:a1:91:17:f4:44:fa:6d:54:cc:8e:13:
                    26:01:f6:9f:21:6f:41:45:ce:59:ae:1f:32:67:36:
                    17:d7:58:1a:68:ed:8c:f2:85:5d:56:28:14:51:38:
                    29:1d:d9:cb:ab:1c:89:88:d0:17:4b:15:6c:20:43:
                    4e:e9:2c:b5:1a:25:9f:22:e6:49:88:a8:ce:08:12:
                    55:d4:24:85:e3:a8:7c:9f:a8:65:22:e2:ff:1f:bc:
                    79:23:d9:5f:87:4f:30:06:c1:fc:84:86:5c:fe:65:
                    54:bb:f6:25:6a:91:5e:e5:7f:84:60:d6:ea:1b:6f:
                    48:c7:32:85:fb:0b:6f:06:a3:b9:ff:ae:2c:bc:0d:
                    0a:da:d6:58:97:6c:a5:dd:bd:7c:6a:c2:af:08:ec:
                    3e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:77:D6:33:43:D5:D1:DE:90:3D:DE:D5:43:CB:BC:B3:CE:47:38:F7
            X509v3 Authority Key Identifier:
                keyid:A7:A9:62:42:B4:91:96:22:BF:29:94:9D:27:13:8F:64:12:A3:6F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6liQrSRliK_KZSdJxOPZBKjbxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/8dbf34-d49a-4e5c-80cd-6acdf4751a48/1/lXfWM0PV0d6QPd7VQ8u8s85HOPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/8dbf34-d49a-4e5c-80cd-6acdf4751a48/1/p6liQrSRliK_KZSdJxOPZBKjbxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:d0:fc:da:97:a0:8a:bc:98:af:7e:0f:dc:ff:1a:38:44:8b:
         e3:f1:12:c9:10:6c:0d:af:71:c9:d2:2b:2b:41:07:b4:b3:4a:
         b9:9f:0c:bb:31:f8:b9:dd:c5:25:e8:e0:97:d3:e5:da:d9:e7:
         91:67:4d:de:8f:3f:ea:b2:59:99:d5:5e:bd:d8:69:10:13:82:
         4a:28:60:18:5a:13:90:04:0c:4f:c4:e5:e3:37:03:f4:87:44:
         d6:ee:30:4f:ee:b6:f5:5e:21:d6:15:89:07:8f:1b:2a:53:26:
         53:1f:0d:1b:64:e7:73:5c:69:2c:95:48:66:bb:48:8d:8b:71:
         11:85:16:a3:f0:17:ba:95:2d:88:24:6b:0d:47:ed:fe:6c:a0:
         c9:1f:1f:fe:28:bf:48:0d:68:60:4a:cb:f8:0f:b5:51:a3:4c:
         f2:23:9b:c8:0b:bf:d4:a4:99:d3:42:62:61:11:9c:c9:fb:81:
         77:ce:22:fc:d6:9f:0d:6e:5e:d4:a3:51:d3:4c:fb:7d:bd:68:
         69:b3:17:94:2d:29:24:95:39:4c:65:21:45:e8:8b:45:e2:d9:
         ec:6e:f8:ac:3c:4b:ea:12:62:4c:a0:e9:09:54:f7:11:f9:c3:
         66:55:94:27:b5:7f:9e:96:f3:41:ad:10:d2:a5:12:aa:77:1a:
         3f:54:2b:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsrxppvdBHpHdHryPqlaDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTk2MjQyYjQ5MTk2MjJiZjI5OTQ5ZDI3MTM4ZjY0MTJh
MzZmMTcwHhcNMjMwMTAxMDkzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTc3ZDYzMzQzZDVkMWRlOTAzZGRlZDU0M2NiYmNiM2NlNDczOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaw/djC9O8YbWtShp+6W3lguNUCO
gHBBOuZ6ODSP4dU4Rp0BPil2dV0e7pYrh26JkESR3LziEDnq0S6BZtZAvhtxGXTZ
sT1MYVodGXqWNpc/gIXp0gzNRGJnteJPMlyNALeTYVxv+RjE+sunoZEX9ET6bVTM
jhMmAfafIW9BRc5Zrh8yZzYX11gaaO2M8oVdVigUUTgpHdnLqxyJiNAXSxVsIENO
6Sy1GiWfIuZJiKjOCBJV1CSF46h8n6hlIuL/H7x5I9lfh08wBsH8hIZc/mVUu/Yl
apFe5X+EYNbqG29IxzKF+wtvBqO5/64svA0K2tZYl2yl3b18asKvCOw+rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJV31jND1dHekD3e1UPLvLPORzj3MB8GA1UdIwQY
MBaAFKepYkK0kZYivymUnScTj2QSo28XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZsaVFyU1JsaUtfS1pTZEp4T1BaQktqYnhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni84ZGJmMzQtZDQ5YS00ZTVjLTgwY2Qt
NmFjZGY0NzUxYTQ4LzEvbFhmV00wUFYwZDZRUGQ3VlE4dThzODVIT1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni84ZGJmMzQtZDQ5YS00ZTVjLTgwY2QtNmFjZGY0NzUxYTQ4
LzEvcDZsaVFyU1JsaUtfS1pTZEp4T1BaQktqYnhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSSQMA0G
CSqGSIb3DQEBCwUAA4IBAQAE0Pzal6CKvJivfg/c/xo4RIvj8RLJEGwNr3HJ0isr
QQe0s0q5nwy7Mfi53cUl6OCX0+Xa2eeRZ03ejz/qslmZ1V692GkQE4JKKGAYWhOQ
BAxPxOXjNwP0h0TW7jBP7rb1XiHWFYkHjxsqUyZTHw0bZOdzXGkslUhmu0iNi3ER
hRaj8Be6lS2IJGsNR+3+bKDJHx/+KL9IDWhgSsv4D7VRo0zyI5vIC7/UpJnTQmJh
EZzJ+4F3ziL81p8Nbl7Uo1HTTPt9vWhpsxeULSkklTlMZSFF6ItF4tnsbvisPEvq
EmJMoOkJVPcR+cNmVZQntX+elvNBrRDSpRKqdxo/VCsz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:45 2024 by rpki-client on console-ams.rpki-client.org