Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a936c-d6e2-4cc1-9e4b-d237a9e6ab14/1/oGZYuI4EZmiHe2gLEAff6GSdF80.roa
File:                     oGZYuI4EZmiHe2gLEAff6GSdF80.roa (raw, json)
Hash identifier:          Zaujg6uB9UUwAPorirKzsPt1k2ZfeeQG1N0NiWbimQI=
Subject key identifier:   A0:66:58:B8:8E:04:66:68:87:7B:68:0B:10:07:DF:E8:64:9D:17:CD
Certificate issuer:       /CN=caf2488824b714a1f30c2c809fbdb68575652b4a
Certificate serial:       01857139EF2840BEC22924571A6384E88C3A
Authority key identifier: CA:F2:48:88:24:B7:14:A1:F3:0C:2C:80:9F:BD:B6:85:75:65:2B:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yvJIiCS3FKHzDCyAn722hXVlK0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/7a936c-d6e2-4cc1-9e4b-d237a9e6ab14/1/oGZYuI4EZmiHe2gLEAff6GSdF80.roa
Signing time:             Mon 02 Jan 2023 06:45:00 +0000
ROA not before:           Mon 02 Jan 2023 06:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210920
IP address blocks:        74.220.24.0/21 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:39:ef:28:40:be:c2:29:24:57:1a:63:84:e8:8c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caf2488824b714a1f30c2c809fbdb68575652b4a
        Validity
            Not Before: Jan  2 06:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a06658b88e046668877b680b1007dfe8649d17cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:78:34:8d:1a:f2:22:b9:58:17:b0:b3:28:ea:
                    3a:ea:c9:0b:6a:86:05:f3:9e:b5:2a:57:fc:46:bd:
                    cd:60:d5:62:e5:e9:93:93:7a:bf:bc:1f:e8:bd:67:
                    f6:d8:87:9c:66:46:71:e6:74:31:7b:ff:44:12:24:
                    29:ab:67:81:09:ca:f3:2f:57:cd:06:d2:2f:01:ef:
                    8f:df:49:b8:30:59:30:db:7d:f0:de:bf:e2:c5:eb:
                    95:4a:a3:be:87:35:38:bb:0e:3d:ec:b6:52:44:ad:
                    05:f8:74:de:1b:64:a2:4f:2d:fe:17:9b:09:78:73:
                    87:9e:60:98:6e:1d:dd:ac:43:1f:3b:ab:1a:d6:b4:
                    3a:b8:21:0b:43:0f:c8:dd:87:89:f0:9e:ff:7d:37:
                    b1:eb:ee:ff:19:1f:64:f3:3f:2b:fa:14:51:b0:4b:
                    90:af:cf:33:19:48:4c:d9:a0:74:17:8f:75:14:de:
                    f5:cd:5b:0b:bb:f6:37:51:d7:0a:64:e3:b9:62:73:
                    a2:99:bb:8d:c5:0d:6d:5b:67:b6:a1:c5:bd:b3:e6:
                    74:7a:c9:c7:46:56:2d:ee:b3:eb:b0:c9:ee:48:86:
                    d2:2f:36:1a:48:a4:9b:c3:81:5d:2f:17:f4:55:d5:
                    e7:65:20:c7:6b:05:98:c3:1a:9b:d5:f7:43:a1:27:
                    86:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:66:58:B8:8E:04:66:68:87:7B:68:0B:10:07:DF:E8:64:9D:17:CD
            X509v3 Authority Key Identifier:
                keyid:CA:F2:48:88:24:B7:14:A1:F3:0C:2C:80:9F:BD:B6:85:75:65:2B:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yvJIiCS3FKHzDCyAn722hXVlK0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a936c-d6e2-4cc1-9e4b-d237a9e6ab14/1/oGZYuI4EZmiHe2gLEAff6GSdF80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a936c-d6e2-4cc1-9e4b-d237a9e6ab14/1/yvJIiCS3FKHzDCyAn722hXVlK0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.220.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4f:9e:b8:79:bc:2a:e3:b3:c6:9f:cf:66:97:0b:10:e8:34:eb:
         e3:49:54:40:68:43:ac:23:c8:96:0d:84:f7:5e:da:7c:13:e1:
         27:6f:b7:ab:85:f0:d9:34:cc:0f:ab:e9:aa:fd:87:2f:0c:ed:
         3c:72:77:f3:ce:3a:1b:ee:cf:59:18:cf:ed:fe:4b:1f:30:26:
         f3:53:24:9d:12:e2:73:cf:f7:75:ec:95:87:4e:32:8b:36:ee:
         d5:41:57:33:bb:9d:d4:48:01:c7:f4:4f:4e:ef:17:1b:e3:14:
         75:90:e3:db:2b:06:23:f6:b9:4d:d7:8c:8a:dc:36:1f:3a:1c:
         2b:35:a4:90:a5:9c:13:6c:a9:1b:fb:b3:a1:3b:18:46:ed:b7:
         a0:9d:c7:f3:7e:8b:0e:1f:c9:19:5a:ef:cf:91:6c:71:ef:1e:
         bc:e5:ef:f1:c3:4e:68:c0:8e:b3:aa:0e:35:d1:a9:c0:22:d3:
         dd:29:67:f0:72:85:54:8e:28:b0:ff:a9:d7:f8:08:98:d5:0d:
         a1:ba:99:25:0c:e6:8e:04:de:05:07:d1:d9:75:7d:84:11:27:
         04:e5:87:7a:39:5d:93:cd:0a:f6:f5:5e:9b:b2:8b:dd:b0:55:
         e4:1e:90:1e:4f:a4:de:5e:79:af:03:af:c2:a4:e0:bd:22:ac:
         d2:b7:1c:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxOe8oQL7CKSRXGmOE6Iw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZjI0ODg4MjRiNzE0YTFmMzBjMmM4MDlmYmRiNjg1NzU2
NTJiNGEwHhcNMjMwMTAyMDY0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDY2NThiODhlMDQ2NjY4ODc3YjY4MGIxMDA3ZGZlODY0OWQxN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHg0jRryIrlYF7CzKOo66skLaoYF
8561Klf8Rr3NYNVi5emTk3q/vB/ovWf22IecZkZx5nQxe/9EEiQpq2eBCcrzL1fN
BtIvAe+P30m4MFkw233w3r/ixeuVSqO+hzU4uw497LZSRK0F+HTeG2SiTy3+F5sJ
eHOHnmCYbh3drEMfO6sa1rQ6uCELQw/I3YeJ8J7/fTex6+7/GR9k8z8r+hRRsEuQ
r88zGUhM2aB0F491FN71zVsLu/Y3UdcKZOO5YnOimbuNxQ1tW2e2ocW9s+Z0esnH
RlYt7rPrsMnuSIbSLzYaSKSbw4FdLxf0VdXnZSDHawWYwxqb1fdDoSeGFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBmWLiOBGZoh3toCxAH3+hknRfNMB8GA1UdIwQY
MBaAFMrySIgktxSh8wwsgJ+9toV1ZStKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXZKSWlDUzNGS0h6REN5QW43MjJoWFZsSzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS83YTkzNmMtZDZlMi00Y2MxLTllNGIt
ZDIzN2E5ZTZhYjE0LzEvb0daWXVJNEVabWlIZTJnTEVBZmY2R1NkRjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS83YTkzNmMtZDZlMi00Y2MxLTllNGItZDIzN2E5ZTZhYjE0
LzEveXZKSWlDUzNGS0h6REN5QW43MjJoWFZsSzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDStwYMA0G
CSqGSIb3DQEBCwUAA4IBAQBPnrh5vCrjs8afz2aXCxDoNOvjSVRAaEOsI8iWDYT3
Xtp8E+Enb7erhfDZNMwPq+mq/YcvDO08cnfzzjob7s9ZGM/t/ksfMCbzUySdEuJz
z/d17JWHTjKLNu7VQVczu53USAHH9E9O7xcb4xR1kOPbKwYj9rlN14yK3DYfOhwr
NaSQpZwTbKkb+7OhOxhG7begncfzfosOH8kZWu/PkWxx7x685e/xw05owI6zqg41
0anAItPdKWfwcoVUjiiw/6nX+AiY1Q2hupklDOaOBN4FB9HZdX2EEScE5Yd6OV2T
zQr29V6bsovdsFXkHpAeT6TeXnmvA6/CpOC9IqzStxz0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:49 2024 by rpki-client on console-fra.rpki-client.org