Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/b8aef7-5be9-4db0-bffc-f467d5a0bafa/1/HwQX6SNhJD0JaiEQztNrIuvkwkc.roa
File:                     HwQX6SNhJD0JaiEQztNrIuvkwkc.roa (raw, json)
Hash identifier:          9LM+jG6isrYUxqFCOO2Vio2WnajqnfozUf0x+b5mhGo=
Subject key identifier:   1F:04:17:E9:23:61:24:3D:09:6A:21:10:CE:D3:6B:22:EB:E4:C2:47
Certificate issuer:       /CN=986b772dc18934e51f27b52cbe65b3241261bf65
Certificate serial:       8431DD
Authority key identifier: 98:6B:77:2D:C1:89:34:E5:1F:27:B5:2C:BE:65:B3:24:12:61:BF:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGt3LcGJNOUfJ7UsvmWzJBJhv2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/b8aef7-5be9-4db0-bffc-f467d5a0bafa/1/HwQX6SNhJD0JaiEQztNrIuvkwkc.roa
Signing time:             Sat 01 Jan 2022 03:54:48 +0000
ROA not before:           Sat 01 Jan 2022 03:54:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7029
IP address blocks:        195.96.131.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8663517 (0x8431dd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=986b772dc18934e51f27b52cbe65b3241261bf65
        Validity
            Not Before: Jan  1 03:54:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f0417e92361243d096a2110ced36b22ebe4c247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ad:ef:24:19:1a:66:5f:6b:b1:a6:01:2f:b4:
                    10:cc:6e:ae:41:f7:18:06:58:37:cd:6e:e4:c5:53:
                    62:19:d3:81:d2:2e:8b:7f:26:3c:bc:1c:2c:b0:39:
                    c4:66:ec:2b:88:37:be:41:75:0e:40:71:3d:73:27:
                    5c:0c:b1:62:7e:c3:65:d6:68:eb:d3:43:fd:4d:e3:
                    af:a0:22:43:25:64:af:ca:bd:79:3b:a6:fc:9d:29:
                    cf:1c:16:db:af:a0:c5:a4:01:c2:14:93:7b:34:c6:
                    35:b5:36:41:b4:ff:a3:1f:78:bf:f0:48:87:5a:8f:
                    84:20:61:6e:da:6a:ac:97:67:a3:76:c5:1e:79:23:
                    3e:3f:c7:f1:7f:b4:f4:d9:19:59:68:c0:f4:0a:86:
                    6c:10:a7:6c:ad:a6:9f:6f:da:90:78:09:5a:4d:21:
                    b2:86:8b:08:91:47:16:9c:5b:b3:37:00:9c:2c:07:
                    2c:a7:1c:ae:05:5d:b6:a5:a7:30:fe:9d:bf:a7:8e:
                    ca:92:b8:be:2d:27:e6:bd:00:5d:bd:c9:c0:76:9a:
                    49:87:be:77:7b:31:db:a5:69:98:6f:04:6a:3a:30:
                    ae:81:b4:93:c3:2b:89:ba:ca:24:1d:6b:bd:c4:90:
                    74:e2:4c:f7:df:bb:9a:de:d3:6b:29:bd:33:7b:ca:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:04:17:E9:23:61:24:3D:09:6A:21:10:CE:D3:6B:22:EB:E4:C2:47
            X509v3 Authority Key Identifier:
                keyid:98:6B:77:2D:C1:89:34:E5:1F:27:B5:2C:BE:65:B3:24:12:61:BF:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGt3LcGJNOUfJ7UsvmWzJBJhv2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/b8aef7-5be9-4db0-bffc-f467d5a0bafa/1/HwQX6SNhJD0JaiEQztNrIuvkwkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/b8aef7-5be9-4db0-bffc-f467d5a0bafa/1/mGt3LcGJNOUfJ7UsvmWzJBJhv2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:30:0c:08:d0:3f:66:33:44:02:3f:25:84:fa:a7:4b:43:bb:
         b5:a0:50:48:54:58:34:7e:ca:98:9a:a4:73:fd:d9:1f:35:f1:
         b4:cd:d3:ea:b2:ab:41:ac:94:4c:44:ee:63:e9:e2:ae:98:92:
         40:5a:82:73:33:b9:54:06:74:11:99:b8:10:8e:18:c9:d5:3b:
         23:49:b5:7b:f6:bc:bb:2a:20:b2:49:84:5e:24:d4:eb:0a:85:
         86:74:62:28:e8:3b:35:de:ee:ec:71:87:c0:db:e6:42:2b:06:
         6f:6d:f9:0e:ea:b2:6d:7e:af:0e:c3:41:26:74:82:6a:36:e4:
         9a:e7:db:8b:9b:19:33:d5:c1:0d:b7:f2:2f:2c:b8:18:e2:4b:
         8f:02:59:a1:f9:00:7e:a0:8a:63:4b:95:2c:60:84:90:1e:c2:
         17:33:cf:ad:ec:94:08:a1:71:fc:c5:99:13:75:fd:b3:dc:60:
         a2:30:27:92:15:83:9f:c2:8d:2d:ed:f3:30:31:13:01:64:2c:
         86:7c:0e:38:66:b3:b2:2c:8c:26:b1:d7:e6:e6:5a:c6:94:aa:
         9a:5c:5b:33:dd:02:c6:71:cc:56:33:db:3e:20:7a:ed:04:1e:
         94:ac:c2:32:b2:c8:26:6c:81:b1:84:4d:8d:4e:dd:df:63:84:
         35:1b:72:74
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAIQx3TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ODZiNzcyZGMxODkzNGU1MWYyN2I1MmNiZTY1YjMyNDEyNjFiZjY1MB4XDTIyMDEw
MTAzNTQ0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWYwNDE3ZTkyMzYx
MjQzZDA5NmEyMTEwY2VkMzZiMjJlYmU0YzI0NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqt7yQZGmZfa7GmAS+0EMxurkH3GAZYN81u5MVTYhnTgdIu
i38mPLwcLLA5xGbsK4g3vkF1DkBxPXMnXAyxYn7DZdZo69ND/U3jr6AiQyVkr8q9
eTum/J0pzxwW26+gxaQBwhSTezTGNbU2QbT/ox94v/BIh1qPhCBhbtpqrJdno3bF
HnkjPj/H8X+09NkZWWjA9AqGbBCnbK2mn2/akHgJWk0hsoaLCJFHFpxbszcAnCwH
LKccrgVdtqWnMP6dv6eOypK4vi0n5r0AXb3JwHaaSYe+d3sx26VpmG8EajowroG0
k8MribrKJB1rvcSQdOJM99+7mt7Taym9M3vKTwUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQfBBfpI2EkPQlqIRDO02si6+TCRzAfBgNVHSMEGDAWgBSYa3ctwYk05R8n
tSy+ZbMkEmG/ZTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21HdDNMY0dKTk9VZko3VXN2bVd6SkJKaHYyVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWQvYjhhZWY3LTViZTktNGRiMC1iZmZjLWY0NjdkNWEwYmFmYS8x
L0h3UVg2U05oSkQwSmFpRVF6dE5ySXV2a3drYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQv
YjhhZWY3LTViZTktNGRiMC1iZmZjLWY0NjdkNWEwYmFmYS8xL21HdDNMY0dKTk9V
Zko3VXN2bVd6SkJKaHYyVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNggzANBgkqhkiG9w0BAQsFAAOC
AQEAxTAMCNA/ZjNEAj8lhPqnS0O7taBQSFRYNH7KmJqkc/3ZHzXxtM3T6rKrQayU
TETuY+nirpiSQFqCczO5VAZ0EZm4EI4YydU7I0m1e/a8uyogskmEXiTU6wqFhnRi
KOg7Nd7u7HGHwNvmQisGb235DuqybX6vDsNBJnSCajbkmufbi5sZM9XBDbfyLyy4
GOJLjwJZofkAfqCKY0uVLGCEkB7CFzPPreyUCKFx/MWZE3X9s9xgojAnkhWDn8KN
Le3zMDETAWQshnwOOGazsiyMJrHX5uZaxpSqmlxbM90CxnHMVjPbPiB67QQelKzC
MrLIJmyBsYRNjU7d32OENRtydA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:20 2024 by rpki-client on console-ams.rpki-client.org