Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/8a149c-e7df-46e5-91a7-98e4e7afaabb/1/cZ6431lig6kGqhHnRXDGQQY0JuQ.roa
File:                     cZ6431lig6kGqhHnRXDGQQY0JuQ.roa (raw, json)
Hash identifier:          9IPFkcS2lE4ehueDvGS2O15hxnQtga6nAa+IP3zVQn8=
Subject key identifier:   71:9E:B8:DF:59:62:83:A9:06:AA:11:E7:45:70:C6:41:06:34:26:E4
Certificate issuer:       /CN=d0f38ffa201e952d65b65b68b2ddfaa278669fb8
Certificate serial:       014E673C
Authority key identifier: D0:F3:8F:FA:20:1E:95:2D:65:B6:5B:68:B2:DD:FA:A2:78:66:9F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0POP-iAelS1ltltost36onhmn7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/8a149c-e7df-46e5-91a7-98e4e7afaabb/1/cZ6431lig6kGqhHnRXDGQQY0JuQ.roa
Signing time:             Sat 01 Jan 2022 01:54:04 +0000
ROA not before:           Sat 01 Jan 2022 01:54:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49392
IP address blocks:        46.254.110.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21915452 (0x14e673c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f38ffa201e952d65b65b68b2ddfaa278669fb8
        Validity
            Not Before: Jan  1 01:54:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=719eb8df596283a906aa11e74570c641063426e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ce:bf:14:1c:d8:29:f5:c9:bd:67:97:39:c2:
                    94:cc:a3:d9:ff:a7:b1:e4:e9:f8:2f:ea:d6:cf:40:
                    07:03:c0:42:0c:7d:f1:ce:d1:bd:c9:9a:a8:c5:81:
                    0c:09:b3:f7:f9:01:72:8b:f8:61:2c:3c:a0:d0:e2:
                    3f:ab:d3:2d:85:22:74:e4:71:ed:1e:64:c2:70:18:
                    5c:7c:5b:27:2a:a7:2c:5a:05:14:53:5d:28:f2:21:
                    e2:ec:94:83:60:20:92:02:0e:82:aa:1a:7e:5c:72:
                    2c:10:ce:df:40:1f:1c:ec:4b:95:24:ef:fb:4c:44:
                    37:46:0d:01:a4:e2:8a:13:ba:d6:33:57:5f:72:71:
                    5f:55:4a:78:eb:91:1c:55:9d:f7:9d:66:e3:d7:63:
                    5d:3f:4e:d3:b3:45:3f:ea:ea:55:10:68:dc:7c:de:
                    99:e1:a0:88:e9:00:e9:8d:74:08:10:bd:e9:b4:05:
                    1a:5d:c5:28:93:5e:22:c3:52:30:21:c3:fc:6c:2d:
                    1b:ad:db:5b:dd:e7:4d:15:8c:31:48:09:db:23:33:
                    27:ba:ed:e7:e5:7f:88:7c:ca:35:88:42:e5:66:4c:
                    ee:d4:df:a7:f1:13:79:3b:eb:9f:46:fd:da:10:2c:
                    1f:f5:05:08:8c:9d:bb:21:12:0c:c2:d7:1e:97:8f:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9E:B8:DF:59:62:83:A9:06:AA:11:E7:45:70:C6:41:06:34:26:E4
            X509v3 Authority Key Identifier:
                keyid:D0:F3:8F:FA:20:1E:95:2D:65:B6:5B:68:B2:DD:FA:A2:78:66:9F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0POP-iAelS1ltltost36onhmn7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/8a149c-e7df-46e5-91a7-98e4e7afaabb/1/cZ6431lig6kGqhHnRXDGQQY0JuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/8a149c-e7df-46e5-91a7-98e4e7afaabb/1/0POP-iAelS1ltltost36onhmn7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:9f:be:5d:5e:a2:59:76:a3:c2:6f:1b:95:43:7d:9e:82:70:
         35:c7:b8:5a:54:6a:00:ed:fa:43:82:26:72:00:3e:04:d0:7f:
         dc:dc:16:39:3b:d2:a7:58:63:96:4c:c2:e4:5c:be:b2:8c:73:
         f7:e9:ab:25:03:28:d4:f3:9d:a1:ef:51:4f:a2:18:fb:e5:4d:
         d8:8d:18:be:1f:b6:ea:a8:24:cd:b4:7e:bb:75:1c:29:e4:26:
         b0:88:6c:81:78:9b:ea:b7:f6:f9:f6:33:5a:61:11:c9:8d:1f:
         53:77:ad:fb:12:d8:64:88:46:c1:c4:7c:28:54:3a:29:0a:db:
         8a:c3:4b:8b:20:41:65:63:46:88:d2:57:d4:98:d5:11:c8:a8:
         71:88:91:3c:81:25:84:44:88:da:f1:72:55:fd:11:bf:33:d9:
         bf:9d:75:ce:52:f7:98:89:33:bc:a8:57:fd:fe:a4:13:9c:b6:
         fe:7b:f4:d8:d0:8d:0b:c1:03:7a:65:b0:0f:67:fc:c6:b1:9e:
         4f:0e:e8:19:fc:d5:f1:81:fe:de:87:11:9e:3c:10:90:dc:a9:
         b4:8f:99:1f:b6:71:03:72:5b:e2:bb:20:81:7d:52:ad:40:76:
         7e:9e:bf:40:7f:a8:e6:8a:02:30:b7:83:86:6f:cc:65:4c:43:
         88:1d:88:6a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAU5nPDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MGYzOGZmYTIwMWU5NTJkNjViNjViNjhiMmRkZmFhMjc4NjY5ZmI4MB4XDTIyMDEw
MTAxNTQwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzE5ZWI4ZGY1OTYy
ODNhOTA2YWExMWU3NDU3MGM2NDEwNjM0MjZlNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJPOvxQc2Cn1yb1nlznClMyj2f+nseTp+C/q1s9ABwPAQgx9
8c7RvcmaqMWBDAmz9/kBcov4YSw8oNDiP6vTLYUidORx7R5kwnAYXHxbJyqnLFoF
FFNdKPIh4uyUg2AgkgIOgqoaflxyLBDO30AfHOxLlSTv+0xEN0YNAaTiihO61jNX
X3JxX1VKeOuRHFWd951m49djXT9O07NFP+rqVRBo3HzemeGgiOkA6Y10CBC96bQF
Gl3FKJNeIsNSMCHD/GwtG63bW93nTRWMMUgJ2yMzJ7rt5+V/iHzKNYhC5WZM7tTf
p/ETeTvrn0b92hAsH/UFCIyduyESDMLXHpePAtECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRxnrjfWWKDqQaqEedFcMZBBjQm5DAfBgNVHSMEGDAWgBTQ84/6IB6VLWW2
W2iy3fqieGafuDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBQT1AtaUFlbFMxbHRsdG9zdDM2b25obW43Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmYvOGExNDljLWU3ZGYtNDZlNS05MWE3LTk4ZTRlN2FmYWFiYi8x
L2NaNjQzMWxpZzZrR3FoSG5SWERHUVFZMEp1US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYv
OGExNDljLWU3ZGYtNDZlNS05MWE3LTk4ZTRlN2FmYWFiYi8xLzBQT1AtaUFlbFMx
bHRsdG9zdDM2b25obW43Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC7+bjANBgkqhkiG9w0BAQsFAAOC
AQEAEZ++XV6iWXajwm8blUN9noJwNce4WlRqAO36Q4ImcgA+BNB/3NwWOTvSp1hj
lkzC5Fy+soxz9+mrJQMo1POdoe9RT6IY++VN2I0Yvh+26qgkzbR+u3UcKeQmsIhs
gXib6rf2+fYzWmERyY0fU3et+xLYZIhGwcR8KFQ6KQrbisNLiyBBZWNGiNJX1JjV
EciocYiRPIElhESI2vFyVf0RvzPZv511zlL3mIkzvKhX/f6kE5y2/nv02NCNC8ED
emWwD2f8xrGeTw7oGfzV8YH+3ocRnjwQkNyptI+ZH7ZxA3Jb4rsggX1SrUB2fp6/
QH+o5ooCMLeDhm/MZUxDiB2Iag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:50 2024 by rpki-client on console-ams.rpki-client.org