Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/g4dC3Uz495X7eWLOiZ5-Szfd0is.roa
File:                     g4dC3Uz495X7eWLOiZ5-Szfd0is.roa (raw, json)
Hash identifier:          MSYPO7otprJ5DVpN44OLhKuGM1LDGC7ahacFh0CM1zw=
Subject key identifier:   83:87:42:DD:4C:F8:F7:95:FB:79:62:CE:89:9E:7E:4B:37:DD:D2:2B
Certificate issuer:       /CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
Certificate serial:       01856EC1F549FB061506D60CFF90411572FA
Authority key identifier: 60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/g4dC3Uz495X7eWLOiZ5-Szfd0is.roa
Signing time:             Sun 01 Jan 2023 19:14:42 +0000
ROA not before:           Sun 01 Jan 2023 19:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     149457
IP address blocks:        194.76.0.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:c1:f5:49:fb:06:15:06:d6:0c:ff:90:41:15:72:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
        Validity
            Not Before: Jan  1 19:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=838742dd4cf8f795fb7962ce899e7e4b37ddd22b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d5:b8:fb:b8:00:ec:26:fa:46:37:01:38:82:
                    36:e5:c9:6b:7e:ed:5d:3e:69:57:55:ce:0d:ee:9d:
                    39:a3:3f:2f:51:b2:e7:a7:05:5d:32:6e:d0:3d:24:
                    9e:f8:37:97:11:27:ed:07:d5:c9:79:ca:f6:17:e7:
                    48:c4:ff:80:5e:13:7d:dc:d0:e0:aa:ab:04:2c:b0:
                    7c:70:fe:2c:b8:13:40:1c:f2:0f:78:1e:12:78:3d:
                    b4:1a:b8:8b:58:c7:ec:f8:24:f3:37:96:f0:44:b6:
                    25:51:34:dd:ba:c4:78:2d:53:06:61:bc:2a:a8:43:
                    2c:a3:a6:06:cb:b3:b5:c3:49:21:16:5d:17:0a:b5:
                    3f:a5:fb:cc:54:3a:a1:49:94:18:45:c6:ae:74:40:
                    6f:bd:7f:19:cb:76:90:59:29:97:d9:9e:5e:e9:33:
                    e8:b2:8a:43:1f:8b:7f:b1:24:db:de:aa:3d:2f:d5:
                    af:63:01:51:15:87:a6:a0:76:04:16:eb:d3:30:b4:
                    42:0a:2b:0b:b6:44:fb:b8:4d:b4:04:3b:f2:85:f3:
                    d4:80:e7:4f:65:70:e6:96:93:49:bc:1f:7f:3c:e6:
                    da:61:f1:5d:ae:f5:30:ea:a0:62:d6:17:54:34:91:
                    30:7d:5e:a2:0a:ed:62:2b:39:21:d0:f2:07:0a:c7:
                    ec:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:87:42:DD:4C:F8:F7:95:FB:79:62:CE:89:9E:7E:4B:37:DD:D2:2B
            X509v3 Authority Key Identifier:
                keyid:60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/g4dC3Uz495X7eWLOiZ5-Szfd0is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/YMmqi3HlSL11ZbpmP6MvfRrsQas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:e6:bb:58:9a:c1:e6:02:97:31:08:f5:6c:32:81:d9:35:53:
         15:c6:65:78:8d:71:16:fb:14:2a:ea:9c:d2:3b:24:a4:a6:cd:
         12:ce:f4:6f:7e:3c:e8:4f:58:74:9a:95:b9:a9:57:38:c0:dd:
         dc:31:ff:54:1c:57:3b:aa:30:11:ec:7d:51:49:31:9f:1e:fe:
         a8:ea:80:b0:a0:4b:21:fd:e9:23:ed:e7:c5:78:36:d6:41:95:
         87:ba:b2:c5:5b:12:1e:dc:ac:7c:93:71:41:57:a6:84:09:01:
         4a:37:93:3d:f6:26:2b:64:f9:ce:1e:50:db:88:83:fc:fd:39:
         0b:17:83:1c:19:c0:ef:e8:8a:1e:3a:05:b8:b4:36:d4:e8:ef:
         cf:00:23:e8:d1:77:f1:ed:9c:d0:9f:84:8e:59:64:ac:12:c1:
         d2:d6:9a:38:af:61:cb:e7:80:b7:4f:dd:a7:fe:48:cf:dc:8c:
         c0:bd:35:fd:e0:fb:4a:37:84:b8:c2:27:1a:65:17:c4:2b:76:
         d9:c2:d6:75:bb:31:0c:80:d3:75:33:03:f8:7a:d2:f0:af:9a:
         0d:bd:a6:d4:1f:bd:92:c2:a3:02:98:ed:ed:fc:f2:91:4a:96:
         ef:20:76:8e:02:2e:20:10:f6:99:63:c8:03:b3:cd:7d:e4:d9:
         00:91:77:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuwfVJ+wYVBtYM/5BBFXL6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzlhYThiNzFlNTQ4YmQ3NTY1YmE2NjNmYTMyZjdkMWFl
YzQxYWIwHhcNMjMwMTAxMTkxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzg3NDJkZDRjZjhmNzk1ZmI3OTYyY2U4OTllN2U0YjM3ZGRkMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9W4+7gA7Cb6RjcBOII25clrfu1d
PmlXVc4N7p05oz8vUbLnpwVdMm7QPSSe+DeXESftB9XJecr2F+dIxP+AXhN93NDg
qqsELLB8cP4suBNAHPIPeB4SeD20GriLWMfs+CTzN5bwRLYlUTTdusR4LVMGYbwq
qEMso6YGy7O1w0khFl0XCrU/pfvMVDqhSZQYRcaudEBvvX8Zy3aQWSmX2Z5e6TPo
sopDH4t/sSTb3qo9L9WvYwFRFYemoHYEFuvTMLRCCisLtkT7uE20BDvyhfPUgOdP
ZXDmlpNJvB9/PObaYfFdrvUw6qBi1hdUNJEwfV6iCu1iKzkh0PIHCsfsdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOHQt1M+PeV+3lizomefks33dIrMB8GA1UdIwQY
MBaAFGDJqotx5Ui9dWW6Zj+jL30a7EGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTIt
YzhhY2NlMTU2ZjBkLzEvZzRkQzNVejQ5NVg3ZVdMT2laNS1TemZkMGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTItYzhhY2NlMTU2ZjBk
LzEvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkwAMA0G
CSqGSIb3DQEBCwUAA4IBAQDU5rtYmsHmApcxCPVsMoHZNVMVxmV4jXEW+xQq6pzS
OySkps0SzvRvfjzoT1h0mpW5qVc4wN3cMf9UHFc7qjAR7H1RSTGfHv6o6oCwoEsh
/ekj7efFeDbWQZWHurLFWxIe3Kx8k3FBV6aECQFKN5M99iYrZPnOHlDbiIP8/TkL
F4McGcDv6IoeOgW4tDbU6O/PACPo0Xfx7ZzQn4SOWWSsEsHS1po4r2HL54C3T92n
/kjP3IzAvTX94PtKN4S4wicaZRfEK3bZwtZ1uzEMgNN1MwP4etLwr5oNvabUH72S
wqMCmO3t/PKRSpbvIHaOAi4gEPaZY8gDs8195NkAkXfw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:37 2024 by rpki-client on console-ams.rpki-client.org