Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/TcctGu4-qCJPYa9A6iFzJXvSzuA.roa
File:                     TcctGu4-qCJPYa9A6iFzJXvSzuA.roa (raw, json)
Hash identifier:          Z5VQ20/mONsqrMmxe5LYxGtCoGM7Ut8zflIDC/OxDtA=
Subject key identifier:   4D:C7:2D:1A:EE:3E:A8:22:4F:61:AF:40:EA:21:73:25:7B:D2:CE:E0
Certificate issuer:       /CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
Certificate serial:       018C860901248257F272FBFA23F3F42A9006
Authority key identifier: 60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/TcctGu4-qCJPYa9A6iFzJXvSzuA.roa
Signing time:             Wed 20 Dec 2023 07:03:06 +0000
ROA not before:           Wed 20 Dec 2023 07:03:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198652
IP address blocks:        194.120.144.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:86:09:01:24:82:57:f2:72:fb:fa:23:f3:f4:2a:90:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
        Validity
            Not Before: Dec 20 07:03:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4dc72d1aee3ea8224f61af40ea2173257bd2cee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b2:95:58:06:a0:88:2a:10:f0:ea:5a:5a:d8:
                    95:31:0d:1c:25:8c:93:cf:da:e1:dc:61:f5:e9:cc:
                    5d:d7:4f:cd:e0:9d:1e:cd:7c:c1:ee:06:78:0b:d0:
                    9c:4b:1c:52:47:7d:02:71:a5:ca:e2:af:50:13:a9:
                    0a:2e:40:43:a1:71:ca:b5:94:48:9e:b0:6d:fc:d1:
                    3e:16:78:e0:45:79:e7:37:8f:02:ba:1e:9d:57:82:
                    d3:3b:d6:f1:ee:29:d5:a1:5b:46:c4:11:30:ab:db:
                    43:d4:d9:33:22:d3:f1:27:e8:fd:60:5a:3d:63:3a:
                    6e:bd:a3:66:d9:02:38:ed:80:ce:36:dd:35:17:e5:
                    07:c8:28:5b:24:c0:41:ea:23:95:6c:54:7a:ec:ce:
                    79:6f:97:f1:c0:63:21:76:52:00:e1:25:55:86:08:
                    ac:25:0c:16:68:3d:ce:df:be:1a:bb:bd:ac:3e:04:
                    da:7a:cd:4f:2c:8c:8c:f4:10:23:4f:9a:16:77:c2:
                    17:a2:d0:37:b0:b2:f7:c8:4a:bd:cc:ef:3d:47:15:
                    3f:45:98:b3:4e:49:fd:4b:46:39:04:5b:05:15:d2:
                    04:0f:fb:c8:09:4f:ac:a4:0f:0f:a9:00:39:c7:5c:
                    ab:a3:a3:00:b1:85:82:95:cd:e1:15:7f:85:89:8d:
                    c1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C7:2D:1A:EE:3E:A8:22:4F:61:AF:40:EA:21:73:25:7B:D2:CE:E0
            X509v3 Authority Key Identifier:
                keyid:60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/TcctGu4-qCJPYa9A6iFzJXvSzuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/YMmqi3HlSL11ZbpmP6MvfRrsQas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:5e:bf:06:a9:9b:99:8a:f9:8d:c2:66:53:34:c2:d8:92:a9:
         a1:47:a5:76:b9:a1:58:b3:b4:ed:e1:a1:9c:41:73:7d:42:f3:
         c4:48:20:8e:65:1a:c7:76:27:75:1a:5c:8b:62:8a:be:43:85:
         37:d5:f6:b5:d7:65:80:38:98:ce:f9:e9:35:83:c8:3b:1f:52:
         2f:b7:43:d5:9b:56:62:8b:29:5b:52:70:12:69:2e:8b:ed:71:
         f1:2b:67:71:0d:0c:8d:90:2b:aa:f0:5d:9c:5c:bb:b1:d7:aa:
         19:98:dd:62:4c:e7:ca:13:63:83:19:d6:ac:99:85:35:53:48:
         18:71:10:c6:47:0b:8a:37:b8:c8:05:35:63:0e:54:7d:73:13:
         c0:a5:b5:a2:4e:1c:ed:ce:e0:44:fb:aa:ac:b6:f2:01:1e:ea:
         f3:4a:87:95:fa:f9:50:91:31:8c:c0:15:61:09:4b:a1:cd:8c:
         2d:97:9d:63:13:6f:ba:f2:bb:6b:04:1c:9e:10:9c:75:8c:07:
         3d:28:d6:23:4f:95:bf:98:19:7d:a4:9d:72:34:69:72:0d:4b:
         7c:4d:8e:54:6b:2b:07:28:83:13:0a:3f:70:f4:26:44:a2:cb:
         a0:90:97:a5:fe:c5:67:d9:03:8f:6c:f2:34:2b:2a:52:16:24:
         27:a0:55:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyGCQEkglfycvv6I/P0KpAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzlhYThiNzFlNTQ4YmQ3NTY1YmE2NjNmYTMyZjdkMWFl
YzQxYWIwHhcNMjMxMjIwMDcwMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM3MmQxYWVlM2VhODIyNGY2MWFmNDBlYTIxNzMyNTdiZDJjZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLKVWAagiCoQ8OpaWtiVMQ0cJYyT
z9rh3GH16cxd10/N4J0ezXzB7gZ4C9CcSxxSR30CcaXK4q9QE6kKLkBDoXHKtZRI
nrBt/NE+FnjgRXnnN48Cuh6dV4LTO9bx7inVoVtGxBEwq9tD1NkzItPxJ+j9YFo9
YzpuvaNm2QI47YDONt01F+UHyChbJMBB6iOVbFR67M55b5fxwGMhdlIA4SVVhgis
JQwWaD3O374au72sPgTaes1PLIyM9BAjT5oWd8IXotA3sLL3yEq9zO89RxU/RZiz
Tkn9S0Y5BFsFFdIED/vICU+spA8PqQA5x1yro6MAsYWClc3hFX+FiY3BnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3HLRruPqgiT2GvQOohcyV70s7gMB8GA1UdIwQY
MBaAFGDJqotx5Ui9dWW6Zj+jL30a7EGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTIt
YzhhY2NlMTU2ZjBkLzEvVGNjdEd1NC1xQ0pQWWE5QTZpRnpKWHZTenVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTItYzhhY2NlMTU2ZjBk
LzEvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwniQMA0G
CSqGSIb3DQEBCwUAA4IBAQC1Xr8GqZuZivmNwmZTNMLYkqmhR6V2uaFYs7Tt4aGc
QXN9QvPESCCOZRrHdid1GlyLYoq+Q4U31fa112WAOJjO+ek1g8g7H1Ivt0PVm1Zi
iylbUnASaS6L7XHxK2dxDQyNkCuq8F2cXLux16oZmN1iTOfKE2ODGdasmYU1U0gY
cRDGRwuKN7jIBTVjDlR9cxPApbWiThztzuBE+6qstvIBHurzSoeV+vlQkTGMwBVh
CUuhzYwtl51jE2+68rtrBByeEJx1jAc9KNYjT5W/mBl9pJ1yNGlyDUt8TY5UaysH
KIMTCj9w9CZEosugkJel/sVn2QOPbPI0KypSFiQnoFV2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:10 2024 by rpki-client on console-fra.rpki-client.org