Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/930882-44b4-42e3-924f-f71c43daa59b/1/OZm9I35T8-bTS-3VpDcf57CWUo8.roa
File:                     OZm9I35T8-bTS-3VpDcf57CWUo8.roa (raw, json)
Hash identifier:          VocyfAkBTN1bez+t1CaS3fbS5+OJZ50lknSUI6xs/k4=
Subject key identifier:   39:99:BD:23:7E:53:F3:E6:D3:4B:ED:D5:A4:37:1F:E7:B0:96:52:8F
Certificate issuer:       /CN=4b7d2c9ad36d9f881fa81fd475387fb870b5b4fb
Certificate serial:       01857095043CF878BC72D399ED2991C45206
Authority key identifier: 4B:7D:2C:9A:D3:6D:9F:88:1F:A8:1F:D4:75:38:7F:B8:70:B5:B4:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S30smtNtn4gfqB_UdTh_uHC1tPs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/930882-44b4-42e3-924f-f71c43daa59b/1/OZm9I35T8-bTS-3VpDcf57CWUo8.roa
Signing time:             Mon 02 Jan 2023 03:44:52 +0000
ROA not before:           Mon 02 Jan 2023 03:44:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213296
IP address blocks:        194.28.156.0/24 maxlen: 25
                          194.28.158.0/24 maxlen: 25
                          194.104.4.0/24 maxlen: 24
                          212.69.132.0/24 maxlen: 24
                          194.104.5.0/24 maxlen: 25
                          194.104.6.0/24 maxlen: 25
                          212.69.134.0/24 maxlen: 24
                          212.69.133.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:95:04:3c:f8:78:bc:72:d3:99:ed:29:91:c4:52:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b7d2c9ad36d9f881fa81fd475387fb870b5b4fb
        Validity
            Not Before: Jan  2 03:44:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3999bd237e53f3e6d34bedd5a4371fe7b096528f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2a:1b:05:c7:ca:35:c7:4c:5e:2d:bd:08:b5:
                    0b:55:ed:61:71:5a:51:e2:39:d1:69:1e:e6:2c:1c:
                    87:b6:a7:3e:8f:b5:ee:af:da:2a:89:d7:b0:a8:ca:
                    4c:d9:b4:6f:7a:90:bb:e7:ab:bc:d1:74:f4:40:d9:
                    64:f3:1a:5c:e0:7f:41:04:92:db:20:30:99:53:3b:
                    06:44:ec:a0:49:bc:e0:cf:49:49:bd:8f:c8:7e:af:
                    53:16:10:ab:3a:15:7d:e9:d5:22:05:45:95:c0:d1:
                    de:8b:14:10:62:8b:1f:77:de:4c:a3:bd:f4:33:dc:
                    fc:11:1c:63:87:75:4b:a7:b0:71:e6:24:ec:cf:96:
                    12:92:bd:1f:5c:33:6e:a6:0d:87:2c:80:25:ca:7a:
                    33:af:08:17:40:09:b8:99:e4:c8:d0:25:e9:58:42:
                    8a:29:64:91:b3:41:d2:32:54:2e:98:17:f4:06:19:
                    46:f9:ab:bf:5e:8b:94:b8:c3:62:ff:9d:8f:09:7b:
                    4f:5e:06:82:e5:bd:e6:d5:e6:d6:85:1f:1d:ba:f0:
                    93:cb:69:3f:8c:8e:bd:2d:79:b3:1e:ea:27:ac:4b:
                    4b:30:b2:22:88:b7:3b:3f:6a:55:e7:39:5e:48:62:
                    fc:4b:87:1c:3a:04:0a:2a:9a:aa:63:0d:13:f4:db:
                    b4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:99:BD:23:7E:53:F3:E6:D3:4B:ED:D5:A4:37:1F:E7:B0:96:52:8F
            X509v3 Authority Key Identifier:
                keyid:4B:7D:2C:9A:D3:6D:9F:88:1F:A8:1F:D4:75:38:7F:B8:70:B5:B4:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S30smtNtn4gfqB_UdTh_uHC1tPs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/930882-44b4-42e3-924f-f71c43daa59b/1/OZm9I35T8-bTS-3VpDcf57CWUo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/930882-44b4-42e3-924f-f71c43daa59b/1/S30smtNtn4gfqB_UdTh_uHC1tPs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.156.0/24
                  194.28.158.0/24
                  194.104.4.0-194.104.6.255
                  212.69.132.0-212.69.134.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:ee:ad:d5:40:75:be:48:6b:8a:43:fb:cc:e5:09:93:9d:fb:
         3b:9b:11:95:c6:6e:1e:fc:ee:cf:63:85:41:eb:7a:60:df:40:
         a5:b8:e6:49:75:86:ed:1d:e8:d8:ba:13:fb:22:ac:3b:99:5f:
         cf:54:c7:a4:13:de:72:52:30:68:e7:fa:8d:8f:e4:e4:53:40:
         93:c6:4a:ae:de:2d:6f:93:a6:e3:12:23:2c:e5:2b:a6:92:c3:
         db:3c:f4:fc:34:ff:c2:59:34:fd:5b:03:74:48:f1:f6:6b:e5:
         0a:12:db:c7:fa:ce:bf:1e:ef:38:21:6a:ec:80:72:9e:af:2f:
         6e:40:a2:77:bb:45:ba:29:50:7f:6c:9f:22:9f:24:76:70:28:
         e0:ac:07:3c:d7:fe:32:ee:7f:f6:b7:7b:96:68:0e:7f:40:f9:
         5e:cb:f4:29:11:a0:29:8e:9d:42:dc:46:78:09:02:4b:e0:fe:
         cb:3e:a5:db:bb:99:c3:17:d0:a3:23:8b:cd:6e:f0:81:f3:28:
         3b:3d:19:94:65:ea:74:91:b5:93:b0:0e:ea:76:1d:0c:5f:88:
         28:de:25:fb:46:25:ae:5c:99:16:c7:87:28:e2:0b:71:c3:01:
         8c:cd:81:b4:4a:50:2a:7d:cf:64:ef:72:65:47:da:fd:ff:2c:
         54:16:6b:c3
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYVwlQQ8+Hi8ctOZ7SmRxFIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiN2QyYzlhZDM2ZDlmODgxZmE4MWZkNDc1Mzg3ZmI4NzBi
NWI0ZmIwHhcNMjMwMTAyMDM0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTk5YmQyMzdlNTNmM2U2ZDM0YmVkZDVhNDM3MWZlN2IwOTY1MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCobBcfKNcdMXi29CLULVe1hcVpR
4jnRaR7mLByHtqc+j7Xur9oqidewqMpM2bRvepC756u80XT0QNlk8xpc4H9BBJLb
IDCZUzsGROygSbzgz0lJvY/Ifq9TFhCrOhV96dUiBUWVwNHeixQQYosfd95Mo730
M9z8ERxjh3VLp7Bx5iTsz5YSkr0fXDNupg2HLIAlynozrwgXQAm4meTI0CXpWEKK
KWSRs0HSMlQumBf0BhlG+au/XouUuMNi/52PCXtPXgaC5b3m1ebWhR8duvCTy2k/
jI69LXmzHuonrEtLMLIiiLc7P2pV5zleSGL8S4ccOgQKKpqqYw0T9Nu0jQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDmZvSN+U/Pm00vt1aQ3H+ewllKPMB8GA1UdIwQY
MBaAFEt9LJrTbZ+IH6gf1HU4f7hwtbT7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzMwc210TnRuNGdmcUJfVWRUaF91SEMxdFBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC85MzA4ODItNDRiNC00MmUzLTkyNGYt
ZjcxYzQzZGFhNTliLzEvT1ptOUkzNVQ4LWJUUy0zVnBEY2Y1N0NXVW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC85MzA4ODItNDRiNC00MmUzLTkyNGYtZjcxYzQzZGFhNTli
LzEvUzMwc210TnRuNGdmcUJfVWRUaF91SEMxdFBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQAwhycAwQA
whyeMAwDBALCaAQDBADCaAYwDAMEAtRFhAMEANRFhjANBgkqhkiG9w0BAQsFAAOC
AQEAS+6t1UB1vkhrikP7zOUJk537O5sRlcZuHvzuz2OFQet6YN9ApbjmSXWG7R3o
2LoT+yKsO5lfz1THpBPeclIwaOf6jY/k5FNAk8ZKrt4tb5Om4xIjLOUrppLD2zz0
/DT/wlk0/VsDdEjx9mvlChLbx/rOvx7vOCFq7IBynq8vbkCid7tFuilQf2yfIp8k
dnAo4KwHPNf+Mu5/9rd7lmgOf0D5Xsv0KRGgKY6dQtxGeAkCS+D+yz6l27uZwxfQ
oyOLzW7wgfMoOz0ZlGXqdJG1k7AO6nYdDF+IKN4l+0YlrlyZFseHKOILccMBjM2B
tEpQKn3PZO9yZUfa/f8sVBZrww==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:19 2024 by rpki-client on console-fra.rpki-client.org