Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/524ba5-096d-47ff-a8f4-dc8a2d9ec6f3/1/ZXLuBw2wGrLkHYLdjKjZc0tXxYg.roa
File:                     ZXLuBw2wGrLkHYLdjKjZc0tXxYg.roa (raw, json)
Hash identifier:          eh2SqXzTCmUDUuxWiZZF9b1c4zjrYtgJtrn+V+AbCW4=
Subject key identifier:   65:72:EE:07:0D:B0:1A:B2:E4:1D:82:DD:8C:A8:D9:73:4B:57:C5:88
Certificate issuer:       /CN=85c3f6a9e8550c090bc3b257f72b8f65b69a9f61
Certificate serial:       01856E0B10ED32F0E2BE57621F76EBB5ED54
Authority key identifier: 85:C3:F6:A9:E8:55:0C:09:0B:C3:B2:57:F7:2B:8F:65:B6:9A:9F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hcP2qehVDAkLw7JX9yuPZbaan2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/524ba5-096d-47ff-a8f4-dc8a2d9ec6f3/1/ZXLuBw2wGrLkHYLdjKjZc0tXxYg.roa
Signing time:             Sun 01 Jan 2023 15:54:56 +0000
ROA not before:           Sun 01 Jan 2023 15:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     400039
IP address blocks:        185.212.119.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:0b:10:ed:32:f0:e2:be:57:62:1f:76:eb:b5:ed:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85c3f6a9e8550c090bc3b257f72b8f65b69a9f61
        Validity
            Not Before: Jan  1 15:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6572ee070db01ab2e41d82dd8ca8d9734b57c588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9a:3a:6f:c9:a0:31:c8:7c:c9:04:5c:c1:f1:
                    dc:28:4d:be:67:31:f1:7f:87:24:46:a0:2b:31:02:
                    be:7b:6d:5b:a1:92:5c:97:21:09:46:63:61:d2:f3:
                    c3:50:98:51:c6:67:52:51:19:05:56:26:68:97:f7:
                    04:62:2a:6c:75:6c:28:ac:f7:5f:57:73:3d:55:f7:
                    5d:1c:b0:2a:29:15:d0:9a:ed:d0:23:cf:33:f0:ec:
                    8a:a2:d7:f2:40:b3:e8:94:66:29:b1:34:71:0b:58:
                    2c:59:cf:4b:d1:a1:0d:b4:f2:05:3f:96:b0:1d:0e:
                    93:97:df:41:01:28:55:2f:89:44:5e:9a:88:5e:c8:
                    cb:7e:e2:c4:4f:a6:42:4f:2b:2b:c0:68:18:51:7b:
                    54:35:72:68:27:37:59:4b:62:bd:61:5f:47:52:70:
                    2e:63:f1:a6:35:f0:c0:6f:eb:b0:0a:bb:a7:e9:8a:
                    a4:67:b2:5b:23:bc:27:a6:dd:e8:92:18:43:d1:15:
                    64:29:81:67:7a:48:3f:8c:1e:a2:46:80:2d:d9:f2:
                    f3:85:1a:34:b5:fd:fa:5a:86:51:4a:cb:00:3b:be:
                    ad:47:31:a6:22:86:fe:74:5a:d9:17:b7:d8:4a:cc:
                    fd:c2:de:9d:20:b1:a3:74:80:a9:9a:b2:6d:ea:c2:
                    91:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:72:EE:07:0D:B0:1A:B2:E4:1D:82:DD:8C:A8:D9:73:4B:57:C5:88
            X509v3 Authority Key Identifier:
                keyid:85:C3:F6:A9:E8:55:0C:09:0B:C3:B2:57:F7:2B:8F:65:B6:9A:9F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcP2qehVDAkLw7JX9yuPZbaan2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/524ba5-096d-47ff-a8f4-dc8a2d9ec6f3/1/ZXLuBw2wGrLkHYLdjKjZc0tXxYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/524ba5-096d-47ff-a8f4-dc8a2d9ec6f3/1/hcP2qehVDAkLw7JX9yuPZbaan2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:b9:23:71:94:c5:cd:bb:68:1f:93:e1:a1:fb:3c:a9:8b:06:
         1a:9f:b8:ed:d3:f0:77:64:05:69:44:2b:54:1a:c8:7a:84:2c:
         4f:bd:6d:80:65:06:9f:ea:e4:b7:f0:c0:38:64:62:63:d8:f8:
         f7:3f:fd:15:8b:d6:fe:b2:39:a9:16:08:eb:2d:20:f4:da:f2:
         16:4b:cb:73:e9:cb:be:5f:c8:c6:30:2f:5c:a1:99:07:c9:d7:
         10:5c:36:a0:9a:22:0c:e3:a8:97:76:4f:a0:dc:c2:43:04:bd:
         86:61:8b:8e:5b:41:4d:e1:b0:72:25:16:0b:37:69:a0:54:ef:
         d4:76:54:39:2f:ff:54:c3:7c:ca:20:25:b2:9d:7d:27:97:68:
         98:08:32:04:bd:ee:20:e7:8e:59:4d:a5:b8:6f:fd:19:a8:e0:
         ee:f5:d1:dd:3a:06:1d:44:d4:4d:ac:bf:d8:bf:4f:bb:63:18:
         e3:14:b9:61:3f:b9:b2:a8:b8:d6:a7:50:2c:08:39:e7:a5:f3:
         1f:d2:af:ee:a2:95:6d:28:e8:9d:53:22:62:24:93:87:d7:f9:
         24:9a:63:1a:66:e8:2c:46:1c:a8:04:81:85:72:f2:20:cb:4c:
         de:91:db:dd:ab:b7:dc:40:02:10:0d:0f:a0:14:48:58:aa:13:
         78:0e:bb:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuCxDtMvDivldiH3brte1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzNmNmE5ZTg1NTBjMDkwYmMzYjI1N2Y3MmI4ZjY1YjY5
YTlmNjEwHhcNMjMwMTAxMTU1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTcyZWUwNzBkYjAxYWIyZTQxZDgyZGQ4Y2E4ZDk3MzRiNTdjNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5o6b8mgMch8yQRcwfHcKE2+ZzHx
f4ckRqArMQK+e21boZJclyEJRmNh0vPDUJhRxmdSURkFViZol/cEYipsdWworPdf
V3M9VfddHLAqKRXQmu3QI88z8OyKotfyQLPolGYpsTRxC1gsWc9L0aENtPIFP5aw
HQ6Tl99BAShVL4lEXpqIXsjLfuLET6ZCTysrwGgYUXtUNXJoJzdZS2K9YV9HUnAu
Y/GmNfDAb+uwCrun6YqkZ7JbI7wnpt3okhhD0RVkKYFnekg/jB6iRoAt2fLzhRo0
tf36WoZRSssAO76tRzGmIob+dFrZF7fYSsz9wt6dILGjdICpmrJt6sKREQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVy7gcNsBqy5B2C3Yyo2XNLV8WIMB8GA1UdIwQY
MBaAFIXD9qnoVQwJC8OyV/crj2W2mp9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNQMnFlaFZEQWtMdzdKWDl5dVBaYmFhbjJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS81MjRiYTUtMDk2ZC00N2ZmLWE4ZjQt
ZGM4YTJkOWVjNmYzLzEvWlhMdUJ3MndHckxrSFlMZGpLalpjMHRYeFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS81MjRiYTUtMDk2ZC00N2ZmLWE4ZjQtZGM4YTJkOWVjNmYz
LzEvaGNQMnFlaFZEQWtMdzdKWDl5dVBaYmFhbjJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudR3MA0G
CSqGSIb3DQEBCwUAA4IBAQAnuSNxlMXNu2gfk+Gh+zypiwYan7jt0/B3ZAVpRCtU
Gsh6hCxPvW2AZQaf6uS38MA4ZGJj2Pj3P/0Vi9b+sjmpFgjrLSD02vIWS8tz6cu+
X8jGMC9coZkHydcQXDagmiIM46iXdk+g3MJDBL2GYYuOW0FN4bByJRYLN2mgVO/U
dlQ5L/9Uw3zKICWynX0nl2iYCDIEve4g545ZTaW4b/0ZqODu9dHdOgYdRNRNrL/Y
v0+7YxjjFLlhP7myqLjWp1AsCDnnpfMf0q/uopVtKOidUyJiJJOH1/kkmmMaZugs
RhyoBIGFcvIgy0zekdvdq7fcQAIQDQ+gFEhYqhN4Drs1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:24 2024 by rpki-client on console-ams.rpki-client.org