Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/aXCDv4XpOMyXdoU58FfTkPGVdxY.roa
File:                     aXCDv4XpOMyXdoU58FfTkPGVdxY.roa (raw, json)
Hash identifier:          tZSUN5LhRUb0fIExDKNDEyaY/nu8QTvh2Xbbd+e/1wo=
Subject key identifier:   69:70:83:BF:85:E9:38:CC:97:76:85:39:F0:57:D3:90:F1:95:77:16
Certificate issuer:       /CN=b3efea3a72faf0df4322cdaab9a136d79de8a3ef
Certificate serial:       018571B0DE08873CE4815D192BD79433E1CC
Authority key identifier: B3:EF:EA:3A:72:FA:F0:DF:43:22:CD:AA:B9:A1:36:D7:9D:E8:A3:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s-_qOnL68N9DIs2quaE2153oo-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/aXCDv4XpOMyXdoU58FfTkPGVdxY.roa
Signing time:             Mon 02 Jan 2023 08:54:54 +0000
ROA not before:           Mon 02 Jan 2023 08:54:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1299
IP address blocks:        194.26.215.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b0:de:08:87:3c:e4:81:5d:19:2b:d7:94:33:e1:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3efea3a72faf0df4322cdaab9a136d79de8a3ef
        Validity
            Not Before: Jan  2 08:54:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=697083bf85e938cc97768539f057d390f1957716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e6:a1:07:46:a6:0e:0e:8a:d7:61:90:90:9f:
                    d2:19:55:98:05:3d:56:d5:6b:b4:f1:60:f3:15:0a:
                    12:b9:cd:70:7a:0f:ef:07:32:06:b6:1f:1f:7f:1c:
                    3f:7b:18:88:d4:02:1c:24:82:73:9d:2a:da:d0:6a:
                    e0:fb:75:93:63:a3:7e:c0:41:3a:42:a1:c5:ce:46:
                    83:6f:41:e9:15:32:9e:77:37:02:51:0d:ef:f5:4e:
                    d6:50:cb:dd:82:4d:b3:53:13:b9:13:f0:18:df:c5:
                    76:6c:f1:a9:0d:1f:74:76:dd:d3:c5:b2:75:24:88:
                    73:f3:ea:3d:1a:86:fa:be:d1:2f:6e:e6:eb:e7:9b:
                    d3:9e:9d:a2:08:50:65:0b:b2:69:e3:13:0e:ad:fc:
                    e8:83:c3:18:ed:fd:aa:8c:e6:92:97:22:09:cd:b6:
                    8f:68:53:30:7f:a8:56:73:f7:ce:b2:b1:3b:bd:7f:
                    74:36:4b:92:9e:b2:bd:65:40:cf:2d:db:be:9f:c8:
                    77:6f:ce:e7:35:40:1c:d0:b4:cc:c8:44:24:1c:4d:
                    bc:d3:93:0d:d6:8b:64:9a:ed:6d:7d:46:8a:8d:ec:
                    b5:95:dc:5c:49:48:4b:6f:72:f1:a9:fa:bf:b3:1b:
                    95:07:c8:e0:52:60:a5:ee:c7:d0:5f:01:30:f5:3e:
                    47:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:70:83:BF:85:E9:38:CC:97:76:85:39:F0:57:D3:90:F1:95:77:16
            X509v3 Authority Key Identifier:
                keyid:B3:EF:EA:3A:72:FA:F0:DF:43:22:CD:AA:B9:A1:36:D7:9D:E8:A3:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s-_qOnL68N9DIs2quaE2153oo-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/aXCDv4XpOMyXdoU58FfTkPGVdxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/s-_qOnL68N9DIs2quaE2153oo-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:3f:e3:57:3e:13:c4:ff:6d:1f:15:d5:b1:3b:fb:ce:bf:bc:
         02:97:c5:9e:c1:e8:a8:62:ab:3f:65:fc:f4:e3:fd:2a:b4:da:
         de:81:2c:0a:a1:d9:a5:56:15:83:1e:8d:b3:73:f9:05:ec:00:
         db:d3:d5:ce:2b:6c:c4:74:87:96:d3:fb:e4:c4:9b:44:77:df:
         3b:0e:e6:b9:b4:60:a1:fd:be:27:c2:08:50:38:f8:9b:02:bb:
         7f:7f:53:c6:fe:b2:2f:18:18:ab:84:eb:ca:46:93:97:7f:66:
         1b:b5:6c:e7:a0:85:2f:e1:ab:96:3d:e8:0b:11:48:2c:cb:40:
         b0:05:54:23:fd:70:0e:42:f9:1b:01:84:24:fd:75:c1:92:c7:
         bb:81:4d:ad:e5:82:69:2a:0c:51:11:f2:61:51:c0:0f:c8:75:
         1b:47:d6:8f:9b:64:31:a4:dd:93:7e:61:9b:5f:3d:c5:4a:54:
         80:66:e2:80:32:23:c8:80:5e:fd:b6:39:32:7e:3b:07:bf:d9:
         98:d3:f7:8d:4a:e4:d4:eb:15:29:43:72:5c:f3:a1:72:51:d2:
         20:bb:30:1a:5c:3b:ea:61:35:73:a7:62:27:29:b5:c5:83:a0:
         36:ba:3f:8c:6f:4c:6b:1e:f8:e9:ac:03:03:b7:f9:d2:58:5c:
         ed:85:75:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxsN4IhzzkgV0ZK9eUM+HMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZWZlYTNhNzJmYWYwZGY0MzIyY2RhYWI5YTEzNmQ3OWRl
OGEzZWYwHhcNMjMwMTAyMDg1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTcwODNiZjg1ZTkzOGNjOTc3Njg1MzlmMDU3ZDM5MGYxOTU3NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeahB0amDg6K12GQkJ/SGVWYBT1W
1Wu08WDzFQoSuc1weg/vBzIGth8ffxw/exiI1AIcJIJznSra0Grg+3WTY6N+wEE6
QqHFzkaDb0HpFTKedzcCUQ3v9U7WUMvdgk2zUxO5E/AY38V2bPGpDR90dt3TxbJ1
JIhz8+o9Gob6vtEvbubr55vTnp2iCFBlC7Jp4xMOrfzog8MY7f2qjOaSlyIJzbaP
aFMwf6hWc/fOsrE7vX90NkuSnrK9ZUDPLdu+n8h3b87nNUAc0LTMyEQkHE2805MN
1otkmu1tfUaKjey1ldxcSUhLb3Lxqfq/sxuVB8jgUmCl7sfQXwEw9T5HUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlwg7+F6TjMl3aFOfBX05DxlXcWMB8GA1UdIwQY
MBaAFLPv6jpy+vDfQyLNqrmhNted6KPvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcy1fcU9uTDY4TjlESXMycXVhRTIxNTNvby04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jZDk0ZjItM2IxOS00ODI2LWEwZWIt
YmZlMjIxNTUzZjA3LzEvYVhDRHY0WHBPTXlYZG9VNThGZlRrUEdWZHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jZDk0ZjItM2IxOS00ODI2LWEwZWItYmZlMjIxNTUzZjA3
LzEvcy1fcU9uTDY4TjlESXMycXVhRTIxNTNvby04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrXMA0G
CSqGSIb3DQEBCwUAA4IBAQAcP+NXPhPE/20fFdWxO/vOv7wCl8WeweioYqs/Zfz0
4/0qtNregSwKodmlVhWDHo2zc/kF7ADb09XOK2zEdIeW0/vkxJtEd987Dua5tGCh
/b4nwghQOPibArt/f1PG/rIvGBirhOvKRpOXf2YbtWznoIUv4auWPegLEUgsy0Cw
BVQj/XAOQvkbAYQk/XXBkse7gU2t5YJpKgxREfJhUcAPyHUbR9aPm2QxpN2TfmGb
Xz3FSlSAZuKAMiPIgF79tjkyfjsHv9mY0/eNSuTU6xUpQ3Jc86FyUdIguzAaXDvq
YTVzp2InKbXFg6A2uj+Mb0xrHvjprAMDt/nSWFzthXV9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:54 2024 by rpki-client on console-ams.rpki-client.org