Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/974238-01fa-4c15-b942-52d50b75d70c/1/hv_hOspZD-qp__KIzrOjJqf3ev8.roa
File:                     hv_hOspZD-qp__KIzrOjJqf3ev8.roa (raw, json)
Hash identifier:          Ds4zxnzpMIE+p7GVFkVG0GZAi8cNrqS3aFEGIaYq2xM=
Subject key identifier:   86:FF:E1:3A:CA:59:0F:EA:A9:FF:F2:88:CE:B3:A3:26:A7:F7:7A:FF
Certificate issuer:       /CN=5e2f2e4b664d3edba236a8768dc9541e7d9d529c
Certificate serial:       01001ACA
Authority key identifier: 5E:2F:2E:4B:66:4D:3E:DB:A2:36:A8:76:8D:C9:54:1E:7D:9D:52:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xi8uS2ZNPtuiNqh2jclUHn2dUpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/974238-01fa-4c15-b942-52d50b75d70c/1/hv_hOspZD-qp__KIzrOjJqf3ev8.roa
Signing time:             Thu 24 Mar 2022 11:27:13 +0000
ROA not before:           Thu 24 Mar 2022 11:27:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8100
IP address blocks:        195.96.132.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16784074 (0x1001aca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e2f2e4b664d3edba236a8768dc9541e7d9d529c
        Validity
            Not Before: Mar 24 11:27:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=86ffe13aca590feaa9fff288ceb3a326a7f77aff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:df:9d:57:4d:ec:28:4a:16:93:be:f5:f3:7e:
                    af:76:3f:e8:02:72:77:7f:b7:5f:26:9e:64:19:ff:
                    fa:d8:3a:90:22:bd:f6:86:81:d6:56:49:ac:5b:ed:
                    6d:11:29:fc:9e:54:bb:04:54:31:22:62:c0:17:8d:
                    1d:c7:69:ce:34:cb:a6:2d:b2:04:18:2b:ec:1a:f0:
                    34:1e:2a:ab:a9:e2:75:ae:f9:96:49:3f:36:15:40:
                    3a:a4:8b:3a:e5:47:f0:1c:72:d2:cb:2e:bc:38:91:
                    b3:a1:20:0a:a7:85:ab:2d:6a:b2:c2:9d:1f:58:b3:
                    59:1d:3b:59:39:76:73:6c:e3:20:18:6f:a6:69:9c:
                    3b:15:de:76:03:82:bb:6f:9d:e2:ab:39:ae:5f:82:
                    b2:e5:a9:0d:ac:34:10:06:0f:95:cd:dc:24:b7:d0:
                    7b:89:5e:0a:a6:b2:10:ee:aa:a8:e4:fe:05:3e:f3:
                    2f:f0:32:14:2d:a8:56:aa:6d:9b:93:32:33:29:26:
                    a3:36:a1:db:bc:69:8e:b7:59:34:93:1f:34:d4:b1:
                    34:7e:b4:7f:58:90:77:3f:20:5e:86:43:03:0f:85:
                    99:1d:76:1b:f3:fc:78:63:cd:28:c7:a3:8b:1c:7f:
                    c0:27:70:23:58:d4:c5:75:e1:3d:a3:42:05:20:f8:
                    9b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FF:E1:3A:CA:59:0F:EA:A9:FF:F2:88:CE:B3:A3:26:A7:F7:7A:FF
            X509v3 Authority Key Identifier:
                keyid:5E:2F:2E:4B:66:4D:3E:DB:A2:36:A8:76:8D:C9:54:1E:7D:9D:52:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xi8uS2ZNPtuiNqh2jclUHn2dUpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/974238-01fa-4c15-b942-52d50b75d70c/1/hv_hOspZD-qp__KIzrOjJqf3ev8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/974238-01fa-4c15-b942-52d50b75d70c/1/Xi8uS2ZNPtuiNqh2jclUHn2dUpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:bd:f1:dd:e5:6e:61:22:c8:48:d6:d1:a1:96:2f:3e:a0:1b:
         d0:96:2b:b6:39:07:ff:8c:64:47:17:84:82:51:2e:91:31:83:
         70:c9:0f:96:8e:31:ea:d1:ce:6a:14:8d:29:76:55:d4:4d:89:
         f6:44:ee:0d:87:e5:dc:c6:87:a2:62:ef:45:e0:b8:a3:bf:56:
         df:73:a6:7f:65:b9:d1:6a:9a:d5:be:4f:9d:02:f7:68:6b:17:
         72:f7:45:6b:ea:6a:14:cf:ed:27:b6:1d:d2:40:75:89:6c:4e:
         a3:f5:fc:a3:96:14:87:6d:42:1e:f2:01:03:35:ff:fb:f9:9e:
         0e:40:aa:f6:62:34:49:7b:9e:33:55:86:d4:cf:36:da:5f:59:
         b4:10:c3:45:20:44:05:75:ec:e5:4f:5c:74:4a:9b:31:3c:ef:
         1b:ad:4c:1f:20:21:68:36:de:cf:bf:73:64:c7:5a:53:7f:22:
         56:4c:52:35:16:63:f7:61:79:4e:bf:27:fa:0e:01:7c:5d:80:
         48:cd:4f:70:bd:31:21:0e:b4:2c:8e:df:6d:d2:28:4f:2d:ea:
         e9:7b:4b:5a:90:8b:77:7b:8d:80:37:92:67:21:c4:99:e5:ec:
         31:51:43:c1:9f:4a:92:8f:7a:68:20:d4:20:54:ad:c6:75:9b:
         c0:6a:1b:aa
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAQAayjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZTJmMmU0YjY2NGQzZWRiYTIzNmE4NzY4ZGM5NTQxZTdkOWQ1MjljMB4XDTIyMDMy
NDExMjcxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODZmZmUxM2FjYTU5
MGZlYWE5ZmZmMjg4Y2ViM2EzMjZhN2Y3N2FmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALPfnVdN7ChKFpO+9fN+r3Y/6AJyd3+3XyaeZBn/+tg6kCK9
9oaB1lZJrFvtbREp/J5UuwRUMSJiwBeNHcdpzjTLpi2yBBgr7BrwNB4qq6nida75
lkk/NhVAOqSLOuVH8Bxy0ssuvDiRs6EgCqeFqy1qssKdH1izWR07WTl2c2zjIBhv
pmmcOxXedgOCu2+d4qs5rl+CsuWpDaw0EAYPlc3cJLfQe4leCqayEO6qqOT+BT7z
L/AyFC2oVqptm5MyMykmozah27xpjrdZNJMfNNSxNH60f1iQdz8gXoZDAw+FmR12
G/P8eGPNKMejixx/wCdwI1jUxXXhPaNCBSD4m0sCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSG/+E6ylkP6qn/8ojOs6Mmp/d6/zAfBgNVHSMEGDAWgBReLy5LZk0+26I2
qHaNyVQefZ1SnDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hpOHVTMlpOUHR1aU5xaDJqY2xVSG4yZFVwdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjYvOTc0MjM4LTAxZmEtNGMxNS1iOTQyLTUyZDUwYjc1ZDcwYy8x
L2h2X2hPc3BaRC1xcF9fS0l6ck9qSnFmM2V2OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjYv
OTc0MjM4LTAxZmEtNGMxNS1iOTQyLTUyZDUwYjc1ZDcwYy8xL1hpOHVTMlpOUHR1
aU5xaDJqY2xVSG4yZFVwdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNghDANBgkqhkiG9w0BAQsFAAOC
AQEAkr3x3eVuYSLISNbRoZYvPqAb0JYrtjkH/4xkRxeEglEukTGDcMkPlo4x6tHO
ahSNKXZV1E2J9kTuDYfl3MaHomLvReC4o79W33Omf2W50Wqa1b5PnQL3aGsXcvdF
a+pqFM/tJ7Yd0kB1iWxOo/X8o5YUh21CHvIBAzX/+/meDkCq9mI0SXueM1WG1M82
2l9ZtBDDRSBEBXXs5U9cdEqbMTzvG61MHyAhaDbez79zZMdaU38iVkxSNRZj92F5
Tr8n+g4BfF2ASM1PcL0xIQ60LI7fbdIoTy3q6XtLWpCLd3uNgDeSZyHEmeXsMVFD
wZ9Kko96aCDUIFStxnWbwGobqg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:58 2024 by rpki-client on console-fra.rpki-client.org