Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/y-ak3HtLWJIlpqJxzE7TK1-R2fI.roa
File:                     y-ak3HtLWJIlpqJxzE7TK1-R2fI.roa (raw, json)
Hash identifier:          K3vhLPeDnhFTGKpZM3nMzdLoNlryMoQ53zaYLI0vqP8=
Subject key identifier:   CB:E6:A4:DC:7B:4B:58:92:25:A6:A2:71:CC:4E:D3:2B:5F:91:D9:F2
Certificate issuer:       /CN=b3efea3a72faf0df4322cdaab9a136d79de8a3ef
Certificate serial:       018571B0DD877720217B6BFC58BF0FB94E17
Authority key identifier: B3:EF:EA:3A:72:FA:F0:DF:43:22:CD:AA:B9:A1:36:D7:9D:E8:A3:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s-_qOnL68N9DIs2quaE2153oo-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/y-ak3HtLWJIlpqJxzE7TK1-R2fI.roa
Signing time:             Mon 02 Jan 2023 08:54:54 +0000
ROA not before:           Mon 02 Jan 2023 08:54:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        194.26.215.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b0:dd:87:77:20:21:7b:6b:fc:58:bf:0f:b9:4e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3efea3a72faf0df4322cdaab9a136d79de8a3ef
        Validity
            Not Before: Jan  2 08:54:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cbe6a4dc7b4b589225a6a271cc4ed32b5f91d9f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:23:5f:8a:c9:39:cf:fc:82:f1:86:a7:15:13:
                    2d:b1:b5:aa:46:57:22:a6:bb:03:fb:96:63:32:b8:
                    40:63:0d:4b:72:4e:d7:14:9e:19:54:09:07:5a:9a:
                    37:79:bd:d7:6d:37:9e:54:dc:f7:35:60:02:24:4b:
                    e2:39:59:b8:3f:bb:26:cf:f1:08:81:b8:bb:25:53:
                    fb:1f:2a:84:2b:2b:2a:dc:93:a4:53:ba:bc:c4:fe:
                    04:ab:27:14:c2:4d:62:f2:b7:7c:61:0d:83:e0:cf:
                    ad:2e:f9:d0:77:bf:fe:26:18:63:fa:52:d1:7f:2e:
                    52:30:ab:ed:a6:ec:cf:0e:23:7f:04:20:89:be:ea:
                    c9:c3:6a:68:60:ff:33:07:d2:3e:84:6d:3d:16:e6:
                    30:ac:6e:7a:09:26:3b:2c:a2:ed:63:73:13:3e:c2:
                    a0:8c:b2:59:4a:b9:f5:42:3b:bf:2b:25:b1:ec:1f:
                    6a:95:0c:cd:bd:07:59:7c:de:0c:72:9f:cf:80:19:
                    c3:53:38:f8:29:6b:d9:a3:42:87:d5:fe:87:7a:b6:
                    6a:2f:0a:1c:39:59:df:f9:f3:04:af:08:30:e1:23:
                    5e:d3:4e:6c:35:a4:7e:70:2e:f1:12:c6:b5:66:57:
                    db:d3:4b:47:b8:9d:81:60:cd:5e:69:dd:12:13:73:
                    34:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E6:A4:DC:7B:4B:58:92:25:A6:A2:71:CC:4E:D3:2B:5F:91:D9:F2
            X509v3 Authority Key Identifier:
                keyid:B3:EF:EA:3A:72:FA:F0:DF:43:22:CD:AA:B9:A1:36:D7:9D:E8:A3:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s-_qOnL68N9DIs2quaE2153oo-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/y-ak3HtLWJIlpqJxzE7TK1-R2fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cd94f2-3b19-4826-a0eb-bfe221553f07/1/s-_qOnL68N9DIs2quaE2153oo-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:fe:20:d2:41:e7:13:35:e5:11:57:ab:76:be:d5:16:a1:23:
         23:73:60:f7:14:b6:32:68:7a:b3:ab:5b:5f:4d:b5:38:ea:06:
         50:14:fe:3a:4a:fe:6f:d9:a0:64:7d:dc:47:4b:c0:35:dc:d4:
         02:ea:6c:ca:7c:5e:c6:1e:dd:4e:e0:a1:c1:0e:47:7b:1e:f2:
         42:7e:55:31:65:1e:8b:f3:d9:6d:2f:2f:49:06:44:6b:0f:1f:
         44:ca:d7:1d:70:35:e7:32:b7:4a:dd:bd:3f:23:b8:cd:64:df:
         25:13:88:e6:37:22:73:fb:db:59:38:a2:93:df:96:4c:03:50:
         da:73:18:f0:71:1e:2f:6e:b6:1f:d0:8f:e4:b3:1d:53:25:96:
         6f:a4:8e:17:8e:94:c2:aa:ab:0b:6c:21:28:a1:8e:82:f3:e6:
         92:29:28:c0:80:85:08:c8:7c:74:7b:f5:14:f1:0c:56:f5:a9:
         c8:7c:ff:60:0f:02:83:af:55:e5:28:ef:f0:78:f4:c6:b8:69:
         cd:8c:0b:be:86:e6:42:47:b1:98:b2:1f:a9:89:ba:ab:37:92:
         83:f1:48:f0:94:80:7e:07:d7:f1:5c:ea:96:0b:49:74:21:7f:
         7e:49:43:88:76:de:6c:ea:ec:4a:7b:84:00:b6:53:10:f5:8c:
         34:9d:87:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxsN2HdyAhe2v8WL8PuU4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZWZlYTNhNzJmYWYwZGY0MzIyY2RhYWI5YTEzNmQ3OWRl
OGEzZWYwHhcNMjMwMTAyMDg1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmU2YTRkYzdiNGI1ODkyMjVhNmEyNzFjYzRlZDMyYjVmOTFkOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiNfisk5z/yC8YanFRMtsbWqRlci
prsD+5ZjMrhAYw1Lck7XFJ4ZVAkHWpo3eb3XbTeeVNz3NWACJEviOVm4P7smz/EI
gbi7JVP7HyqEKysq3JOkU7q8xP4EqycUwk1i8rd8YQ2D4M+tLvnQd7/+Jhhj+lLR
fy5SMKvtpuzPDiN/BCCJvurJw2poYP8zB9I+hG09FuYwrG56CSY7LKLtY3MTPsKg
jLJZSrn1Qju/KyWx7B9qlQzNvQdZfN4Mcp/PgBnDUzj4KWvZo0KH1f6HerZqLwoc
OVnf+fMErwgw4SNe005sNaR+cC7xEsa1Zlfb00tHuJ2BYM1ead0SE3M0LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvmpNx7S1iSJaaiccxO0ytfkdnyMB8GA1UdIwQY
MBaAFLPv6jpy+vDfQyLNqrmhNted6KPvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcy1fcU9uTDY4TjlESXMycXVhRTIxNTNvby04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jZDk0ZjItM2IxOS00ODI2LWEwZWIt
YmZlMjIxNTUzZjA3LzEveS1hazNIdExXSklscHFKeHpFN1RLMS1SMmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jZDk0ZjItM2IxOS00ODI2LWEwZWItYmZlMjIxNTUzZjA3
LzEvcy1fcU9uTDY4TjlESXMycXVhRTIxNTNvby04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrXMA0G
CSqGSIb3DQEBCwUAA4IBAQAV/iDSQecTNeURV6t2vtUWoSMjc2D3FLYyaHqzq1tf
TbU46gZQFP46Sv5v2aBkfdxHS8A13NQC6mzKfF7GHt1O4KHBDkd7HvJCflUxZR6L
89ltLy9JBkRrDx9EytcdcDXnMrdK3b0/I7jNZN8lE4jmNyJz+9tZOKKT35ZMA1Da
cxjwcR4vbrYf0I/ksx1TJZZvpI4XjpTCqqsLbCEooY6C8+aSKSjAgIUIyHx0e/UU
8QxW9anIfP9gDwKDr1XlKO/wePTGuGnNjAu+huZCR7GYsh+pibqrN5KD8UjwlIB+
B9fxXOqWC0l0IX9+SUOIdt5s6uxKe4QAtlMQ9Yw0nYcM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:16 2024 by rpki-client on console-fra.rpki-client.org