Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/HL_APDH430A_KmA4pNmg78QkeD4.roa
File:                     HL_APDH430A_KmA4pNmg78QkeD4.roa (raw, json)
Hash identifier:          Vgmibnj7yAlBoYk3P2Uq26tgDI08R8JoB3JPf2bZR+Q=
Subject key identifier:   1C:BF:C0:3C:31:F8:DF:40:3F:2A:60:38:A4:D9:A0:EF:C4:24:78:3E
Certificate issuer:       /CN=a1234bb888ec5734f579747455363171eefb1a43
Certificate serial:       0183323C3DBEB05F46E07295E2A7179B913B
Authority key identifier: A1:23:4B:B8:88:EC:57:34:F5:79:74:74:55:36:31:71:EE:FB:1A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSNLuIjsVzT1eXR0VTYxce77GkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/HL_APDH430A_KmA4pNmg78QkeD4.roa
Signing time:             Mon 12 Sep 2022 15:05:52 +0000
ROA not before:           Mon 12 Sep 2022 15:05:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        146.19.237.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:32:3c:3d:be:b0:5f:46:e0:72:95:e2:a7:17:9b:91:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1234bb888ec5734f579747455363171eefb1a43
        Validity
            Not Before: Sep 12 15:05:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1cbfc03c31f8df403f2a6038a4d9a0efc424783e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8a:47:94:82:8d:a6:c7:b9:98:0e:b3:bc:db:
                    ef:6a:5e:18:02:5a:56:65:91:e6:78:31:99:e0:8b:
                    8a:9f:67:cd:9c:56:c7:9e:f7:f9:a0:56:24:94:28:
                    d7:c4:a1:f7:c5:36:62:c1:b4:d5:06:27:60:14:2d:
                    0d:4b:70:1f:71:83:10:01:74:f5:14:f7:25:73:1b:
                    31:5d:18:cc:73:a7:66:a9:9b:66:c5:50:18:9e:05:
                    7b:c6:ac:6d:ef:14:70:d5:e2:28:0f:d2:40:bf:5f:
                    bc:c5:8c:bd:98:b0:42:20:e2:ab:df:e4:f0:bd:c8:
                    b8:31:f6:8d:07:c0:24:cd:f4:e5:07:05:c2:12:67:
                    77:f2:d7:80:36:1d:0c:e8:60:27:75:78:86:cb:fa:
                    0e:9d:19:2e:b6:12:04:6d:b2:c8:28:e5:5f:0f:9e:
                    72:ca:a3:2a:76:c1:c4:a8:ad:e8:4d:8b:bf:9b:e5:
                    29:24:70:81:6f:3c:ec:da:75:75:bd:bb:94:76:0d:
                    15:46:d7:77:39:b4:96:fe:bb:35:d4:f2:a2:69:8f:
                    68:8d:e2:59:dd:bd:55:21:f3:c4:d8:d2:5d:c8:d8:
                    6b:a9:47:24:96:c1:53:b0:94:9e:72:38:da:66:86:
                    eb:0e:22:d1:37:40:71:2b:50:8f:da:ee:36:45:02:
                    09:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BF:C0:3C:31:F8:DF:40:3F:2A:60:38:A4:D9:A0:EF:C4:24:78:3E
            X509v3 Authority Key Identifier:
                keyid:A1:23:4B:B8:88:EC:57:34:F5:79:74:74:55:36:31:71:EE:FB:1A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSNLuIjsVzT1eXR0VTYxce77GkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/HL_APDH430A_KmA4pNmg78QkeD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/oSNLuIjsVzT1eXR0VTYxce77GkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:30:f6:80:0b:a5:90:b4:a3:bf:09:13:17:24:86:fe:e6:f6:
         ca:35:5b:fb:f7:fe:26:d6:82:7a:d8:ac:9e:ac:47:c9:00:20:
         bd:25:83:b2:85:c4:61:a9:4e:21:ab:9a:07:1b:ed:a7:7f:9a:
         d5:75:82:9a:c3:b6:13:63:ab:a6:f1:b7:d7:5e:0f:44:92:83:
         3a:72:4a:5b:07:23:a7:0a:71:e9:1e:94:45:df:f9:9e:5f:f6:
         b8:7a:32:2c:a4:3d:58:26:db:1d:8a:42:3d:bc:0c:50:a0:fc:
         c7:c5:59:86:6f:72:1a:55:9b:42:1d:95:e5:dd:10:3c:40:cf:
         39:74:dd:c1:dc:f4:4c:d9:e7:2a:9a:bf:22:05:f1:db:95:13:
         42:68:04:f5:3a:a3:ec:ad:9e:1e:ab:2b:88:29:95:9e:c7:83:
         61:1a:91:29:94:2d:b5:cc:f8:44:3c:5c:22:98:86:c0:80:57:
         97:f0:41:b2:e4:df:66:72:05:3b:e5:36:3e:ba:07:05:6c:bd:
         dc:34:1d:37:78:6b:0a:b0:69:18:d6:0f:de:b3:91:9a:a8:da:
         9d:8a:dc:48:26:67:43:42:25:7f:b3:f4:c4:d8:a7:86:0f:0f:
         07:06:43:6f:a8:a6:ec:9b:19:e6:4a:68:e3:50:e8:78:89:22:
         2b:f4:36:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYMyPD2+sF9G4HKV4qcXm5E7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjM0YmI4ODhlYzU3MzRmNTc5NzQ3NDU1MzYzMTcxZWVm
YjFhNDMwHhcNMjIwOTEyMTUwNTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JmYzAzYzMxZjhkZjQwM2YyYTYwMzhhNGQ5YTBlZmM0MjQ3ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqopHlIKNpse5mA6zvNvval4YAlpW
ZZHmeDGZ4IuKn2fNnFbHnvf5oFYklCjXxKH3xTZiwbTVBidgFC0NS3AfcYMQAXT1
FPclcxsxXRjMc6dmqZtmxVAYngV7xqxt7xRw1eIoD9JAv1+8xYy9mLBCIOKr3+Tw
vci4MfaNB8AkzfTlBwXCEmd38teANh0M6GAndXiGy/oOnRkuthIEbbLIKOVfD55y
yqMqdsHEqK3oTYu/m+UpJHCBbzzs2nV1vbuUdg0VRtd3ObSW/rs11PKiaY9ojeJZ
3b1VIfPE2NJdyNhrqUcklsFTsJSecjjaZobrDiLRN0BxK1CP2u42RQIJHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBy/wDwx+N9APypgOKTZoO/EJHg+MB8GA1UdIwQY
MBaAFKEjS7iI7Fc09Xl0dFU2MXHu+xpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NOTHVJanNWelQxZVhSMFZUWXhjZTc3R2tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81MDFhZGEtN2MzMC00NTAxLTgxMTEt
OWNlYjA3MGM3ZTA1LzEvSExfQVBESDQzMEFfS21BNHBObWc3OFFrZUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81MDFhZGEtN2MzMC00NTAxLTgxMTEtOWNlYjA3MGM3ZTA1
LzEvb1NOTHVJanNWelQxZVhSMFZUWXhjZTc3R2tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPtMA0G
CSqGSIb3DQEBCwUAA4IBAQBKMPaAC6WQtKO/CRMXJIb+5vbKNVv79/4m1oJ62Kye
rEfJACC9JYOyhcRhqU4hq5oHG+2nf5rVdYKaw7YTY6um8bfXXg9EkoM6ckpbByOn
CnHpHpRF3/meX/a4ejIspD1YJtsdikI9vAxQoPzHxVmGb3IaVZtCHZXl3RA8QM85
dN3B3PRM2ecqmr8iBfHblRNCaAT1OqPsrZ4eqyuIKZWex4NhGpEplC21zPhEPFwi
mIbAgFeX8EGy5N9mcgU75TY+ugcFbL3cNB03eGsKsGkY1g/es5GaqNqditxIJmdD
QiV/s/TE2KeGDw8HBkNvqKbsmxnmSmjjUOh4iSIr9DYI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:36 2024 by rpki-client on console-fra.rpki-client.org