Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/7f631d-d0a1-4e23-96f8-1b2b2faf1cac/1/8zcV_CLLTu7ZWr1yucFqhhWB-Q0.roa
File:                     8zcV_CLLTu7ZWr1yucFqhhWB-Q0.roa (raw, json)
Hash identifier:          cntu8jKv+eDndUxgLPqqq+Jh/rPH8v7sARa+hIAFhcs=
Subject key identifier:   F3:37:15:FC:22:CB:4E:EE:D9:5A:BD:72:B9:C1:6A:86:15:81:F9:0D
Certificate issuer:       /CN=68a839cc8159fc5d3d75dedf62aadb81c40eabed
Certificate serial:       01856D0ABAC85E500BD42C68AA1CE7E61A11
Authority key identifier: 68:A8:39:CC:81:59:FC:5D:3D:75:DE:DF:62:AA:DB:81:C4:0E:AB:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aKg5zIFZ_F09dd7fYqrbgcQOq-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/7f631d-d0a1-4e23-96f8-1b2b2faf1cac/1/8zcV_CLLTu7ZWr1yucFqhhWB-Q0.roa
Signing time:             Sun 01 Jan 2023 11:14:57 +0000
ROA not before:           Sun 01 Jan 2023 11:14:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        217.28.129.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:0a:ba:c8:5e:50:0b:d4:2c:68:aa:1c:e7:e6:1a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68a839cc8159fc5d3d75dedf62aadb81c40eabed
        Validity
            Not Before: Jan  1 11:14:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f33715fc22cb4eeed95abd72b9c16a861581f90d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:53:b3:f6:22:72:e8:ef:44:c5:65:de:a7:2b:
                    f1:07:d8:a6:96:12:2c:5f:13:cb:42:1b:22:ae:d5:
                    15:c4:c0:db:ca:40:6b:3d:c6:e5:d1:12:10:69:22:
                    02:13:df:df:44:9e:7a:f8:fe:85:af:9b:57:71:46:
                    87:c4:5a:04:3e:f4:20:0b:2d:63:5c:77:10:a6:e6:
                    57:a3:bd:6e:c7:54:01:22:83:6e:23:33:04:d0:70:
                    9b:98:a7:e4:de:1c:05:dc:e8:d7:0e:89:e4:fc:50:
                    f7:93:ef:f2:dc:87:6e:fc:08:2d:71:64:0f:b9:11:
                    6c:13:1e:b4:d1:16:54:97:fa:e3:2e:cf:70:ce:72:
                    31:76:af:b2:f7:62:63:cb:e6:fc:a1:93:9a:d1:bb:
                    15:fb:25:1f:26:34:b7:03:a7:4d:68:8e:45:f9:ff:
                    7e:b4:49:f3:34:65:bf:42:62:0d:b2:76:f8:de:a3:
                    c6:62:87:e6:58:9d:39:ba:7a:ff:27:97:9b:d8:72:
                    6e:e3:4b:84:f6:4d:30:c0:f7:c5:1b:d8:90:e6:79:
                    e9:87:b6:51:23:2b:c4:09:f0:d4:18:31:b4:8c:58:
                    0e:e7:a9:44:1f:cc:cb:74:bb:87:8d:f0:d2:60:87:
                    ab:59:a1:b2:f5:e9:d8:ad:e2:4b:bc:dc:72:b2:d7:
                    31:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:37:15:FC:22:CB:4E:EE:D9:5A:BD:72:B9:C1:6A:86:15:81:F9:0D
            X509v3 Authority Key Identifier:
                keyid:68:A8:39:CC:81:59:FC:5D:3D:75:DE:DF:62:AA:DB:81:C4:0E:AB:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKg5zIFZ_F09dd7fYqrbgcQOq-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/7f631d-d0a1-4e23-96f8-1b2b2faf1cac/1/8zcV_CLLTu7ZWr1yucFqhhWB-Q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/7f631d-d0a1-4e23-96f8-1b2b2faf1cac/1/aKg5zIFZ_F09dd7fYqrbgcQOq-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:18:1d:02:4f:00:d6:45:7f:90:73:a9:5a:7a:96:a1:65:9b:
         6f:02:0f:b1:44:08:e6:66:54:c7:a9:07:7b:72:fe:e0:62:a8:
         b8:45:a5:17:80:1d:1a:81:bb:2f:4a:c0:af:8d:b1:fa:e2:69:
         eb:1d:40:08:eb:52:c6:e6:07:3a:5a:b5:1e:33:0c:a6:e4:57:
         e6:d2:d8:c9:53:f7:48:1e:93:c8:d3:46:86:2f:97:29:42:3a:
         b6:df:39:4d:73:ff:98:63:a6:dc:9f:bf:02:16:b8:38:cd:2f:
         0a:bc:d2:90:8f:b7:9d:df:15:3d:1f:c3:f3:28:2c:e9:46:b6:
         01:ea:91:d9:6d:bd:50:c1:7f:45:65:de:ed:19:1d:96:3e:a9:
         92:be:45:f3:dd:dd:74:92:c6:a0:92:ac:a4:12:45:fc:97:91:
         2b:9b:9b:ca:11:23:ac:7f:f4:54:2a:1d:e0:3f:74:59:f8:9d:
         bb:0a:48:93:df:f0:d8:36:92:0a:ad:c5:6f:62:f7:60:75:14:
         99:0d:9a:63:7b:e3:f8:3a:de:d9:05:68:4a:ca:7d:47:ef:e2:
         21:b6:be:ef:1a:ae:98:e0:bb:16:ea:87:1e:dc:a5:6c:3b:72:
         36:90:a6:72:53:48:2e:3b:5c:c7:11:89:37:89:9b:40:11:f8:
         d2:2c:25:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtCrrIXlAL1Cxoqhzn5hoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YTgzOWNjODE1OWZjNWQzZDc1ZGVkZjYyYWFkYjgxYzQw
ZWFiZWQwHhcNMjMwMTAxMTExNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzM3MTVmYzIyY2I0ZWVlZDk1YWJkNzJiOWMxNmE4NjE1ODFmOTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilOz9iJy6O9ExWXepyvxB9imlhIs
XxPLQhsirtUVxMDbykBrPcbl0RIQaSICE9/fRJ56+P6Fr5tXcUaHxFoEPvQgCy1j
XHcQpuZXo71ux1QBIoNuIzME0HCbmKfk3hwF3OjXDonk/FD3k+/y3Idu/AgtcWQP
uRFsEx600RZUl/rjLs9wznIxdq+y92Jjy+b8oZOa0bsV+yUfJjS3A6dNaI5F+f9+
tEnzNGW/QmINsnb43qPGYofmWJ05unr/J5eb2HJu40uE9k0wwPfFG9iQ5nnph7ZR
IyvECfDUGDG0jFgO56lEH8zLdLuHjfDSYIerWaGy9enYreJLvNxystcxrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPM3Ffwiy07u2Vq9crnBaoYVgfkNMB8GA1UdIwQY
MBaAFGioOcyBWfxdPXXe32Kq24HEDqvtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtnNXpJRlpfRjA5ZGQ3ZllxcmJnY1FPcS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy83ZjYzMWQtZDBhMS00ZTIzLTk2Zjgt
MWIyYjJmYWYxY2FjLzEvOHpjVl9DTExUdTdaV3IxeXVjRnFoaFdCLVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy83ZjYzMWQtZDBhMS00ZTIzLTk2ZjgtMWIyYjJmYWYxY2Fj
LzEvYUtnNXpJRlpfRjA5ZGQ3ZllxcmJnY1FPcS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyBMA0G
CSqGSIb3DQEBCwUAA4IBAQBUGB0CTwDWRX+Qc6laepahZZtvAg+xRAjmZlTHqQd7
cv7gYqi4RaUXgB0agbsvSsCvjbH64mnrHUAI61LG5gc6WrUeMwym5Ffm0tjJU/dI
HpPI00aGL5cpQjq23zlNc/+YY6bcn78CFrg4zS8KvNKQj7ed3xU9H8PzKCzpRrYB
6pHZbb1QwX9FZd7tGR2WPqmSvkXz3d10ksagkqykEkX8l5Erm5vKESOsf/RUKh3g
P3RZ+J27CkiT3/DYNpIKrcVvYvdgdRSZDZpje+P4Ot7ZBWhKyn1H7+Ihtr7vGq6Y
4LsW6oce3KVsO3I2kKZyU0guO1zHEYk3iZtAEfjSLCWd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:18 2024 by rpki-client on console-ams.rpki-client.org