Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/KOBkoNB0DGOilSY_kD0PxVa59WM.roa
File:                     KOBkoNB0DGOilSY_kD0PxVa59WM.roa (raw, json)
Hash identifier:          L0bHQDNP/QrsoIBBsOZahVproiUPJbUV2jp7lwS+qFA=
Subject key identifier:   28:E0:64:A0:D0:74:0C:63:A2:95:26:3F:90:3D:0F:C5:56:B9:F5:63
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01938BF712D205C29D8773EE0CACABB1376A
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/KOBkoNB0DGOilSY_kD0PxVa59WM.roa
Signing time:             Tue 03 Dec 2024 10:00:45 +0000
ROA not before:           Tue 03 Dec 2024 10:00:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        139.28.48.0/23 maxlen: 23
                          139.28.50.0/23 maxlen: 23
                          193.32.204.0/23 maxlen: 23
                          193.32.206.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:8b:f7:12:d2:05:c2:9d:87:73:ee:0c:ac:ab:b1:37:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Dec  3 10:00:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28e064a0d0740c63a295263f903d0fc556b9f563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a2:58:8f:01:22:23:b3:cc:2f:27:56:c0:e2:
                    a9:60:b1:9b:c8:41:6c:16:79:38:eb:ac:1f:b9:db:
                    07:09:af:79:72:d5:7f:c0:47:b8:ae:08:89:cc:9c:
                    2a:8e:8b:59:2c:90:cf:67:21:87:42:0a:e6:77:54:
                    00:42:95:e2:25:60:c7:5f:91:08:6b:a9:6f:99:77:
                    92:1d:f4:98:53:67:ae:99:c4:c9:c0:bb:41:c2:85:
                    20:76:16:c8:5a:63:25:cd:c6:78:26:f4:2c:36:43:
                    10:33:7a:80:73:2d:68:0e:a9:e8:a8:5d:4a:b9:3b:
                    a2:56:e5:38:d7:f1:b1:ee:2a:cc:90:59:68:a6:0c:
                    2f:32:a7:35:4b:ec:2f:ad:f4:81:28:7e:24:15:81:
                    09:53:fd:2b:ea:09:70:b2:43:75:de:c6:de:e9:e2:
                    b3:b1:0f:eb:9a:f3:dd:65:40:03:74:47:96:5e:3e:
                    a4:c6:f5:ad:c1:4b:b7:9d:53:be:10:ce:a1:5a:36:
                    a7:7d:f4:81:39:ce:95:e0:f8:9e:0c:f4:c1:e4:86:
                    09:59:65:92:f2:91:31:51:32:c9:ca:26:ad:67:29:
                    37:39:43:bf:52:1a:2a:92:89:cb:88:50:39:19:2d:
                    80:d1:64:2d:1b:fd:4f:dd:19:2c:56:77:df:d3:c5:
                    d5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E0:64:A0:D0:74:0C:63:A2:95:26:3F:90:3D:0F:C5:56:B9:F5:63
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/KOBkoNB0DGOilSY_kD0PxVa59WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.48.0/22
                  193.32.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:82:07:7d:7e:63:11:9e:56:86:1f:46:44:d5:1c:87:e6:d7:
         af:d4:a4:33:98:19:b2:4d:31:34:5c:be:ba:0d:65:6d:b2:db:
         5a:fa:95:43:2a:53:10:64:45:10:cd:8b:e2:20:d6:49:9b:c3:
         06:f8:f9:61:77:cb:92:a4:a2:1d:50:4b:85:37:43:f8:23:73:
         ab:7e:07:d4:e7:eb:ce:98:32:99:8c:93:eb:2c:14:e3:06:eb:
         64:29:1a:dc:b2:77:77:a1:0e:41:3d:5e:ac:92:ac:b1:f1:11:
         7f:53:ad:60:d2:8b:98:16:22:45:db:fe:56:f8:4e:8f:6c:05:
         c0:00:96:35:36:62:62:f9:7c:fd:89:a5:b4:da:72:33:03:d7:
         4e:63:6c:50:03:7b:47:a7:3d:f0:33:fd:65:5a:bc:54:e4:69:
         fd:99:32:06:71:a9:cc:f8:3c:a1:36:ce:c4:62:bf:2c:7b:52:
         f5:88:99:6e:72:65:fe:84:9f:59:19:ec:e4:d8:cf:76:2a:65:
         88:68:10:08:b5:e8:1a:6b:e6:43:17:f1:1b:b1:33:7d:e5:a2:
         8d:13:a5:9f:7d:04:2f:5f:86:6e:65:c3:be:b8:a0:18:25:9e:
         7b:7f:f5:d3:ed:71:71:77:f5:0a:be:78:de:5d:ea:9d:32:3e:
         c0:22:dc:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOL9xLSBcKdh3PuDKyrsTdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQxMjAzMTAwMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGUwNjRhMGQwNzQwYzYzYTI5NTI2M2Y5MDNkMGZjNTU2YjlmNTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aJYjwEiI7PMLydWwOKpYLGbyEFs
Fnk466wfudsHCa95ctV/wEe4rgiJzJwqjotZLJDPZyGHQgrmd1QAQpXiJWDHX5EI
a6lvmXeSHfSYU2eumcTJwLtBwoUgdhbIWmMlzcZ4JvQsNkMQM3qAcy1oDqnoqF1K
uTuiVuU41/Gx7irMkFlopgwvMqc1S+wvrfSBKH4kFYEJU/0r6glwskN13sbe6eKz
sQ/rmvPdZUADdEeWXj6kxvWtwUu3nVO+EM6hWjanffSBOc6V4PieDPTB5IYJWWWS
8pExUTLJyiatZyk3OUO/UhoqkonLiFA5GS2A0WQtG/1P3RksVnff08XVIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjgZKDQdAxjopUmP5A9D8VWufVjMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvS09Ca29OQjBER09pbFNZX2tEMFB4VmE1OVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCixwwAwQC
wSDMMA0GCSqGSIb3DQEBCwUAA4IBAQA/ggd9fmMRnlaGH0ZE1RyH5tev1KQzmBmy
TTE0XL66DWVtstta+pVDKlMQZEUQzYviINZJm8MG+Plhd8uSpKIdUEuFN0P4I3Or
fgfU5+vOmDKZjJPrLBTjButkKRrcsnd3oQ5BPV6skqyx8RF/U61g0ouYFiJF2/5W
+E6PbAXAAJY1NmJi+Xz9iaW02nIzA9dOY2xQA3tHpz3wM/1lWrxU5Gn9mTIGcanM
+DyhNs7EYr8se1L1iJlucmX+hJ9ZGezk2M92KmWIaBAItegaa+ZDF/EbsTN95aKN
E6WffQQvX4ZuZcO+uKAYJZ57f/XT7XFxd/UKvnjeXeqdMj7AItyZ
-----END CERTIFICATE-----
Generated at Wed Dec 25 21:25:56 2024 by rpki-client on console.sobornost.net