Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/36e3d4-a717-4c0b-8f77-6d6d11114603/1/ynrBhD1HcqUUqSKuOF29QCO-xkA.roa
File:                     ynrBhD1HcqUUqSKuOF29QCO-xkA.roa (raw, json)
Hash identifier:          jU4f634QhLHjYvKRnPChIM1kCrKdf6mw/5VLZYCHL24=
Subject key identifier:   CA:7A:C1:84:3D:47:72:A5:14:A9:22:AE:38:5D:BD:40:23:BE:C6:40
Certificate issuer:       /CN=8dfea977db09f04a44399348e7b144f916b27f3f
Certificate serial:       63B5C4
Authority key identifier: 8D:FE:A9:77:DB:09:F0:4A:44:39:93:48:E7:B1:44:F9:16:B2:7F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jf6pd9sJ8EpEOZNI57FE-Rayfz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/36e3d4-a717-4c0b-8f77-6d6d11114603/1/ynrBhD1HcqUUqSKuOF29QCO-xkA.roa
Signing time:             Sat 01 Jan 2022 00:53:15 +0000
ROA not before:           Sat 01 Jan 2022 00:53:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212667
IP address blocks:        146.19.143.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6534596 (0x63b5c4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dfea977db09f04a44399348e7b144f916b27f3f
        Validity
            Not Before: Jan  1 00:53:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca7ac1843d4772a514a922ae385dbd4023bec640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b5:26:f7:45:e4:2f:39:c6:ab:bc:9c:46:a8:
                    06:bd:75:e6:82:34:1e:ae:65:19:3e:12:4d:57:95:
                    ba:bb:96:10:ff:8c:28:2e:28:df:41:00:fe:39:2f:
                    a5:ea:8e:40:38:e3:a6:30:26:e2:be:90:05:06:24:
                    61:a9:7c:3e:4e:2c:0b:ed:54:76:7a:6b:05:5b:25:
                    d8:a9:3d:25:75:91:9b:62:0e:52:e6:ab:89:13:34:
                    b5:e3:af:2c:05:96:fc:1c:a3:5d:47:e2:dc:ec:4f:
                    8a:a1:46:f2:64:a3:78:e6:ba:9f:90:29:69:6d:00:
                    c7:47:19:16:36:d5:cb:1a:92:22:c3:04:a7:98:cf:
                    08:80:0c:21:df:97:f6:95:ec:2b:0f:3a:aa:8c:86:
                    34:02:a9:9f:17:b6:37:07:07:f5:c1:3a:27:f3:45:
                    bc:ee:79:6a:12:ab:83:32:c8:86:61:3b:b4:1f:7f:
                    2e:30:13:5d:99:cb:ff:8e:f8:4f:ae:cd:30:fe:16:
                    6e:11:2f:d8:67:56:c9:00:13:c5:17:76:a2:76:0f:
                    03:e2:18:82:99:dd:b3:cc:05:96:68:ef:a0:66:67:
                    13:a7:14:60:2c:b2:37:c1:f4:1d:48:5a:5f:5e:cb:
                    d6:20:b9:e6:e5:4e:6b:39:bf:70:f1:7d:1d:5d:b8:
                    e1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7A:C1:84:3D:47:72:A5:14:A9:22:AE:38:5D:BD:40:23:BE:C6:40
            X509v3 Authority Key Identifier:
                keyid:8D:FE:A9:77:DB:09:F0:4A:44:39:93:48:E7:B1:44:F9:16:B2:7F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jf6pd9sJ8EpEOZNI57FE-Rayfz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/36e3d4-a717-4c0b-8f77-6d6d11114603/1/ynrBhD1HcqUUqSKuOF29QCO-xkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/36e3d4-a717-4c0b-8f77-6d6d11114603/1/jf6pd9sJ8EpEOZNI57FE-Rayfz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:55:ad:de:b4:f2:0b:30:26:e7:a6:1e:42:69:79:d1:28:e0:
         59:67:24:1f:8a:1a:51:fd:07:04:17:26:85:f2:f6:64:d5:99:
         4c:18:3f:bd:92:7f:d9:c5:8b:2d:3b:ef:65:98:fc:51:68:20:
         f2:fa:94:43:e7:53:a4:41:be:e9:d1:36:08:94:6c:19:c3:90:
         d6:30:49:72:fc:c8:ab:15:e7:3c:b6:2d:01:eb:45:49:4c:63:
         01:1f:eb:fb:ac:b8:1d:95:00:72:b1:6f:ca:37:32:f4:6c:6e:
         b1:96:e4:d5:7c:d9:96:9e:a2:4f:1a:0b:1f:4b:76:61:c9:26:
         4f:f8:98:85:71:ca:ed:b8:6f:9f:1b:08:ca:d7:ce:f9:98:b6:
         25:e7:91:71:a4:a1:74:16:a1:a8:2e:ee:91:89:9f:67:a2:0f:
         05:b1:36:44:48:61:9e:33:96:4d:a8:70:fc:a4:7f:09:32:2c:
         05:2a:fa:a4:fc:25:27:9d:1f:2a:76:0c:11:a5:af:b4:65:0f:
         cd:76:4b:b8:3a:f1:fa:3a:28:18:54:a5:4b:24:87:66:3a:e4:
         5e:57:6c:45:84:c5:f6:36:08:01:55:25:fc:9c:0d:50:b6:c9:
         a4:ba:60:cd:8b:41:70:27:59:92:b8:6b:76:b7:02:d3:cf:c1:
         f2:5a:e4:5d
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDY7XEMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhk
ZmVhOTc3ZGIwOWYwNGE0NDM5OTM0OGU3YjE0NGY5MTZiMjdmM2YwHhcNMjIwMTAx
MDA1MzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjYTdhYzE4NDNkNDc3
MmE1MTRhOTIyYWUzODVkYmQ0MDIzYmVjNjQwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArrUm90XkLznGq7ycRqgGvXXmgjQermUZPhJNV5W6u5YQ/4wo
LijfQQD+OS+l6o5AOOOmMCbivpAFBiRhqXw+TiwL7VR2emsFWyXYqT0ldZGbYg5S
5quJEzS1468sBZb8HKNdR+Lc7E+KoUbyZKN45rqfkClpbQDHRxkWNtXLGpIiwwSn
mM8IgAwh35f2lewrDzqqjIY0AqmfF7Y3Bwf1wTon80W87nlqEquDMsiGYTu0H38u
MBNdmcv/jvhPrs0w/hZuES/YZ1bJABPFF3aidg8D4hiCmd2zzAWWaO+gZmcTpxRg
LLI3wfQdSFpfXsvWILnm5U5rOb9w8X0dXbjhCQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFMp6wYQ9R3KlFKkirjhdvUAjvsZAMB8GA1UdIwQYMBaAFI3+qXfbCfBKRDmT
SOexRPkWsn8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
amY2cGQ5c0o4RXBFT1pOSTU3RkUtUmF5Zno4LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kYi8zNmUzZDQtYTcxNy00YzBiLThmNzctNmQ2ZDExMTE0NjAzLzEv
eW5yQmhEMUhjcVVVcVNLdU9GMjlRQ08teGtBLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8z
NmUzZDQtYTcxNy00YzBiLThmNzctNmQ2ZDExMTE0NjAzLzEvamY2cGQ5c0o4RXBF
T1pOSTU3RkUtUmF5Zno4LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOPMA0GCSqGSIb3DQEBCwUAA4IB
AQA2Va3etPILMCbnph5CaXnRKOBZZyQfihpR/QcEFyaF8vZk1ZlMGD+9kn/ZxYst
O+9lmPxRaCDy+pRD51OkQb7p0TYIlGwZw5DWMEly/MirFec8ti0B60VJTGMBH+v7
rLgdlQBysW/KNzL0bG6xluTVfNmWnqJPGgsfS3ZhySZP+JiFccrtuG+fGwjK1875
mLYl55FxpKF0FqGoLu6RiZ9nog8FsTZESGGeM5ZNqHD8pH8JMiwFKvqk/CUnnR8q
dgwRpa+0ZQ/Ndku4OvH6OigYVKVLJIdmOuReV2xFhMX2NggBVSX8nA1QtsmkumDN
i0FwJ1mSuGt2twLTz8HyWuRd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:08 2024 by rpki-client on console-fra.rpki-client.org