Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/oq685bLMKvQhg75R4EcVDNsXm4U.roa
File:                     oq685bLMKvQhg75R4EcVDNsXm4U.roa (raw, json)
Hash identifier:          OR/IdOISWYE7dXlUaGRQlKNYW7/x6mXkllgdLxjCnVM=
Subject key identifier:   A2:AE:BC:E5:B2:CC:2A:F4:21:83:BE:51:E0:47:15:0C:DB:17:9B:85
Certificate issuer:       /CN=2b8966d0f14fd59993ca4878e774fa4779036694
Certificate serial:       018DE5ACDF8E9F807E0ACDC2EE7AE8D4A6BC
Authority key identifier: 2B:89:66:D0:F1:4F:D5:99:93:CA:48:78:E7:74:FA:47:79:03:66:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K4lm0PFP1ZmTykh453T6R3kDZpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/oq685bLMKvQhg75R4EcVDNsXm4U.roa
Signing time:             Mon 26 Feb 2024 13:48:48 +0000
ROA not before:           Mon 26 Feb 2024 13:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24935
IP address blocks:        37.235.92.0/24 maxlen: 24
                          37.235.93.0/24 maxlen: 24
                          46.29.122.0/24 maxlen: 24
                          46.29.123.0/24 maxlen: 24
                          185.161.45.0/24 maxlen: 24
                          185.161.47.0/24 maxlen: 24
                          185.252.156.0/24 maxlen: 24
                          185.252.157.0/24 maxlen: 24
                          185.252.158.0/24 maxlen: 24
                          185.252.159.0/24 maxlen: 24
                          194.213.30.0/24 maxlen: 24
                          195.74.80.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:ac:df:8e:9f:80:7e:0a:cd:c2:ee:7a:e8:d4:a6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b8966d0f14fd59993ca4878e774fa4779036694
        Validity
            Not Before: Feb 26 13:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2aebce5b2cc2af42183be51e047150cdb179b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0c:3e:54:25:a8:1d:d2:95:46:39:62:3e:ed:
                    66:a7:bb:99:7a:7c:38:31:d7:2e:86:47:de:35:d0:
                    cb:5b:af:b2:ea:46:ee:9f:05:d6:7d:e4:2e:db:db:
                    49:17:94:c6:64:76:3e:34:f0:10:f4:82:d9:75:cd:
                    e9:f4:dc:6c:28:a6:20:06:ea:ce:b0:97:39:bf:24:
                    61:53:f4:e5:70:51:e0:84:25:56:8c:09:15:16:d1:
                    9f:29:16:da:b7:44:5a:ff:58:af:95:bf:55:3b:11:
                    b4:ce:b7:bb:ef:12:91:dc:08:d1:29:7c:d5:dd:38:
                    3a:75:6f:31:40:60:62:5b:e1:18:4a:6e:de:02:1b:
                    77:f5:a9:16:fb:3d:89:64:b7:a4:8c:fa:2d:7a:b8:
                    38:77:6f:58:83:e1:dc:c9:e2:09:bd:8b:61:aa:03:
                    6a:58:67:0c:fa:e4:b9:84:3a:ce:6f:6a:18:5c:af:
                    5d:c7:bf:26:97:af:4a:c8:1e:99:68:d7:89:8d:f6:
                    9c:40:d4:df:91:b0:bf:b5:59:d2:a7:ff:c4:49:78:
                    ad:58:99:e8:a2:0b:5f:79:9a:27:13:57:20:af:9a:
                    d6:9c:db:b1:2d:2b:ca:43:e3:46:53:c4:91:6a:86:
                    65:6e:9d:49:e9:15:3b:d3:f4:b9:d2:b4:3a:0a:b6:
                    e9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AE:BC:E5:B2:CC:2A:F4:21:83:BE:51:E0:47:15:0C:DB:17:9B:85
            X509v3 Authority Key Identifier:
                keyid:2B:89:66:D0:F1:4F:D5:99:93:CA:48:78:E7:74:FA:47:79:03:66:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K4lm0PFP1ZmTykh453T6R3kDZpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/oq685bLMKvQhg75R4EcVDNsXm4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/K4lm0PFP1ZmTykh453T6R3kDZpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.92.0/23
                  46.29.122.0/23
                  185.161.45.0/24
                  185.161.47.0/24
                  185.252.156.0/22
                  194.213.30.0/24
                  195.74.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:2f:60:95:2d:38:8a:42:05:f1:9f:bb:93:7c:9e:f3:f9:fa:
         39:8d:76:4a:01:97:7c:37:7c:d3:25:df:a0:1d:65:40:34:2c:
         3c:db:04:57:bf:0d:8b:fb:aa:1b:3d:01:01:e8:15:b9:15:77:
         4a:57:9c:89:fc:a3:8c:1c:01:3c:66:bd:6b:3f:ba:31:f9:93:
         b0:c9:41:6b:4a:04:60:fd:8b:15:c7:1b:c3:17:4f:fd:6e:ee:
         06:76:27:d4:95:39:2f:2c:df:cf:64:bb:63:59:93:12:3f:69:
         74:dd:e9:bd:f7:33:4b:e9:4e:0c:ea:be:19:fe:e6:dd:e6:8a:
         7d:c2:06:5d:ca:67:07:12:16:91:f6:49:86:1d:c4:3c:46:f7:
         d4:3d:70:bd:8b:9c:ba:c8:74:d3:74:1e:e6:1a:35:ba:21:f7:
         53:9b:c8:e3:e6:29:eb:ab:95:ec:dd:f0:99:c9:54:3d:f7:cf:
         3c:60:42:c7:08:c9:1a:6a:46:65:22:e9:21:09:6b:c5:38:17:
         d6:36:07:b8:37:6b:9a:be:35:95:9f:67:41:4b:04:5b:c5:05:
         42:a8:17:9c:3d:3f:78:20:b5:41:2c:1e:ab:55:70:4f:5a:c3:
         af:f3:fa:d0:e7:80:d5:46:9c:d8:62:3d:03:52:cb:9a:11:6c:
         4d:3f:74:86
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY3lrN+On4B+Cs3C7nro1Ka8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiODk2NmQwZjE0ZmQ1OTk5M2NhNDg3OGU3NzRmYTQ3Nzkw
MzY2OTQwHhcNMjQwMjI2MTM0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFlYmNlNWIyY2MyYWY0MjE4M2JlNTFlMDQ3MTUwY2RiMTc5Yjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygw+VCWoHdKVRjliPu1mp7uZenw4
MdcuhkfeNdDLW6+y6kbunwXWfeQu29tJF5TGZHY+NPAQ9ILZdc3p9NxsKKYgBurO
sJc5vyRhU/TlcFHghCVWjAkVFtGfKRbat0Ra/1ivlb9VOxG0zre77xKR3AjRKXzV
3Tg6dW8xQGBiW+EYSm7eAht39akW+z2JZLekjPoterg4d29Yg+HcyeIJvYthqgNq
WGcM+uS5hDrOb2oYXK9dx78ml69KyB6ZaNeJjfacQNTfkbC/tVnSp//ESXitWJno
ogtfeZonE1cgr5rWnNuxLSvKQ+NGU8SRaoZlbp1J6RU70/S50rQ6CrbpRQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKKuvOWyzCr0IYO+UeBHFQzbF5uFMB8GA1UdIwQY
MBaAFCuJZtDxT9WZk8pIeOd0+kd5A2aUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzRsbTBQRlAxWm1UeWtoNDUzVDZSM2tEWnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvb3E2ODViTE1LdlFoZzc1UjRFY1ZETnNYbTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEvSzRsbTBQRlAxWm1UeWtoNDUzVDZSM2tEWnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBJetcAwQB
Lh16AwQAuaEtAwQAuaEvAwQCufycAwQAwtUeAwQAw0pQMA0GCSqGSIb3DQEBCwUA
A4IBAQBmL2CVLTiKQgXxn7uTfJ7z+fo5jXZKAZd8N3zTJd+gHWVANCw82wRXvw2L
+6obPQEB6BW5FXdKV5yJ/KOMHAE8Zr1rP7ox+ZOwyUFrSgRg/YsVxxvDF0/9bu4G
difUlTkvLN/PZLtjWZMSP2l03em99zNL6U4M6r4Z/ubd5op9wgZdymcHEhaR9kmG
HcQ8RvfUPXC9i5y6yHTTdB7mGjW6IfdTm8jj5inrq5Xs3fCZyVQ99888YELHCMka
akZlIukhCWvFOBfWNge4N2uavjWVn2dBSwRbxQVCqBecPT94ILVBLB6rVXBPWsOv
8/rQ54DVRpzYYj0DUsuaEWxNP3SG
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:13 2024 by rpki-client on console-ams.rpki-client.org