Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/xFh2LkOMFveWfom8hzBgs1_u9Y0.roa
File:                     xFh2LkOMFveWfom8hzBgs1_u9Y0.roa (raw, json)
Hash identifier:          sAIZxbCWZ627yVleGlLas7E+j58E889d2ZlwuL1gK8w=
Subject key identifier:   C4:58:76:2E:43:8C:16:F7:96:7E:89:BC:87:30:60:B3:5F:EE:F5:8D
Certificate issuer:       /CN=a1234bb888ec5734f579747455363171eefb1a43
Certificate serial:       01856DDD3B62D304135DEA5D5F6E4E7CAC29
Authority key identifier: A1:23:4B:B8:88:EC:57:34:F5:79:74:74:55:36:31:71:EE:FB:1A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSNLuIjsVzT1eXR0VTYxce77GkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/xFh2LkOMFveWfom8hzBgs1_u9Y0.roa
Signing time:             Sun 01 Jan 2023 15:04:53 +0000
ROA not before:           Sun 01 Jan 2023 15:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     400039
IP address blocks:        146.19.237.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:dd:3b:62:d3:04:13:5d:ea:5d:5f:6e:4e:7c:ac:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1234bb888ec5734f579747455363171eefb1a43
        Validity
            Not Before: Jan  1 15:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c458762e438c16f7967e89bc873060b35feef58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:38:c9:3f:bc:a2:20:ce:ce:8f:8c:03:57:44:
                    c1:29:7f:81:11:b0:bd:d1:cf:22:82:fe:b2:39:23:
                    af:ee:e8:00:73:fa:70:98:85:9e:e5:91:44:d4:1b:
                    04:63:4b:70:82:65:93:c8:b4:31:69:cd:91:88:4b:
                    60:aa:01:4c:29:2e:34:8d:b5:12:41:82:ae:34:85:
                    c9:17:fd:a1:11:61:e0:b8:e0:d7:33:73:69:de:6e:
                    c0:1c:60:c3:7a:f6:d8:86:e5:e9:e9:b2:55:4d:5b:
                    24:0c:be:ff:60:d7:3e:ed:af:73:9f:d7:53:75:4a:
                    88:93:96:60:8c:27:1b:74:87:42:ac:67:d5:45:ec:
                    0d:87:cb:40:bc:6b:7e:ca:44:c5:79:84:fe:49:dd:
                    4b:5e:8f:cc:02:f4:ef:3a:41:42:21:12:90:82:21:
                    68:cf:f1:01:3e:5d:a8:1f:4c:8c:9f:0d:34:e0:dc:
                    da:96:0f:84:47:61:17:b9:19:e3:03:3d:c8:52:92:
                    d3:2e:9c:bb:0f:b4:5c:c7:e0:15:6c:8d:75:d5:f2:
                    bb:be:4a:be:99:65:f3:aa:22:48:d1:21:0a:35:07:
                    4f:e4:8f:60:6b:ce:8a:25:53:16:b1:63:f8:9e:37:
                    5a:c5:3a:40:4e:6c:a3:77:63:e2:61:0f:40:2b:94:
                    b8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:58:76:2E:43:8C:16:F7:96:7E:89:BC:87:30:60:B3:5F:EE:F5:8D
            X509v3 Authority Key Identifier:
                keyid:A1:23:4B:B8:88:EC:57:34:F5:79:74:74:55:36:31:71:EE:FB:1A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSNLuIjsVzT1eXR0VTYxce77GkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/xFh2LkOMFveWfom8hzBgs1_u9Y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/501ada-7c30-4501-8111-9ceb070c7e05/1/oSNLuIjsVzT1eXR0VTYxce77GkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:7e:ce:5d:97:bd:90:0a:1b:8c:86:5a:d4:36:90:05:42:55:
         40:cb:f8:d5:ad:80:36:6f:6f:8d:11:7b:96:75:d4:0a:fe:aa:
         3c:17:7b:9c:ea:6a:be:dd:6b:fb:a0:b5:81:24:05:ba:92:6c:
         c9:22:34:90:90:dd:07:cc:a1:6d:3e:ee:f4:b8:07:a6:09:98:
         c0:ef:74:39:fa:a0:68:53:f0:b0:61:36:24:09:6c:f1:bf:b0:
         76:39:60:b5:f2:4c:80:06:d4:ce:55:1a:0e:15:62:6b:cd:79:
         e3:5e:b0:b0:52:c1:93:7c:cd:99:4e:a3:70:0a:9d:d7:bc:32:
         77:45:bc:1f:ed:45:04:c1:cd:75:cc:e9:01:3c:52:8f:37:04:
         d2:1d:31:df:3d:80:5b:f1:38:3a:70:8a:06:a5:52:17:51:a6:
         41:06:1d:5a:03:aa:2d:f6:7e:54:70:5f:59:4b:58:74:da:26:
         31:29:44:10:6f:3d:58:3b:d3:01:d7:fa:30:ae:51:b8:29:8d:
         27:a1:0b:a0:e8:80:09:c6:04:12:dc:57:32:c7:ab:57:3e:cd:
         c8:39:97:cb:cc:dd:f6:54:d2:71:19:ad:ee:cf:05:f2:91:7f:
         71:3c:e9:2f:41:59:b9:56:3d:f0:95:42:87:bd:af:50:31:3b:
         95:91:02:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVt3Tti0wQTXepdX25OfKwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjM0YmI4ODhlYzU3MzRmNTc5NzQ3NDU1MzYzMTcxZWVm
YjFhNDMwHhcNMjMwMTAxMTUwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDU4NzYyZTQzOGMxNmY3OTY3ZTg5YmM4NzMwNjBiMzVmZWVmNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDjJP7yiIM7Oj4wDV0TBKX+BEbC9
0c8igv6yOSOv7ugAc/pwmIWe5ZFE1BsEY0twgmWTyLQxac2RiEtgqgFMKS40jbUS
QYKuNIXJF/2hEWHguODXM3Np3m7AHGDDevbYhuXp6bJVTVskDL7/YNc+7a9zn9dT
dUqIk5ZgjCcbdIdCrGfVRewNh8tAvGt+ykTFeYT+Sd1LXo/MAvTvOkFCIRKQgiFo
z/EBPl2oH0yMnw004Nzalg+ER2EXuRnjAz3IUpLTLpy7D7Rcx+AVbI111fK7vkq+
mWXzqiJI0SEKNQdP5I9ga86KJVMWsWP4njdaxTpATmyjd2PiYQ9AK5S4NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRYdi5DjBb3ln6JvIcwYLNf7vWNMB8GA1UdIwQY
MBaAFKEjS7iI7Fc09Xl0dFU2MXHu+xpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NOTHVJanNWelQxZVhSMFZUWXhjZTc3R2tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81MDFhZGEtN2MzMC00NTAxLTgxMTEt
OWNlYjA3MGM3ZTA1LzEveEZoMkxrT01GdmVXZm9tOGh6QmdzMV91OVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81MDFhZGEtN2MzMC00NTAxLTgxMTEtOWNlYjA3MGM3ZTA1
LzEvb1NOTHVJanNWelQxZVhSMFZUWXhjZTc3R2tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPtMA0G
CSqGSIb3DQEBCwUAA4IBAQBBfs5dl72QChuMhlrUNpAFQlVAy/jVrYA2b2+NEXuW
ddQK/qo8F3uc6mq+3Wv7oLWBJAW6kmzJIjSQkN0HzKFtPu70uAemCZjA73Q5+qBo
U/CwYTYkCWzxv7B2OWC18kyABtTOVRoOFWJrzXnjXrCwUsGTfM2ZTqNwCp3XvDJ3
Rbwf7UUEwc11zOkBPFKPNwTSHTHfPYBb8Tg6cIoGpVIXUaZBBh1aA6ot9n5UcF9Z
S1h02iYxKUQQbz1YO9MB1/owrlG4KY0noQug6IAJxgQS3Fcyx6tXPs3IOZfLzN32
VNJxGa3uzwXykX9xPOkvQVm5Vj3wlUKHva9QMTuVkQIU
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:47 2024 by rpki-client on console-ams.rpki-client.org