Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/hpchpAbqMgmlr_a-74b4rhSPBU4.roa
File:                     hpchpAbqMgmlr_a-74b4rhSPBU4.roa (raw, json)
Hash identifier:          UU5FDSJWN5RDkEExm9oYRgYti10UVBQmf3CxYGTTWK8=
Subject key identifier:   86:97:21:A4:06:EA:32:09:A5:AF:F6:BE:EF:86:F8:AE:14:8F:05:4E
Certificate issuer:       /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial:       018A57ED9C89EE7CDB782E8451C99F0A174E
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/hpchpAbqMgmlr_a-74b4rhSPBU4.roa
Signing time:             Sat 02 Sep 2023 22:05:04 +0000
ROA not before:           Sat 02 Sep 2023 22:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:18a:57ec:d35b/128 maxlen: 128

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:57:ed:9c:89:ee:7c:db:78:2e:84:51:c9:9f:0a:17:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
        Validity
            Not Before: Sep  2 22:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=869721a406ea3209a5aff6beef86f8ae148f054e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:77:43:47:62:cf:84:c4:a4:dd:75:10:61:f8:
                    6a:38:86:0e:91:f9:65:18:44:53:00:7d:ed:43:98:
                    e7:0b:1c:dd:06:af:1f:ba:ce:39:66:0b:63:31:e7:
                    66:77:b2:ea:68:24:d5:4e:94:e5:5f:23:18:ce:0b:
                    9d:d3:3f:c6:8e:5e:2a:86:09:2f:27:0c:b1:ef:6e:
                    9a:25:72:6b:2f:38:65:c4:0b:7f:e9:7d:7d:9f:25:
                    80:39:50:89:86:f0:af:4f:d4:9e:c2:53:ba:6a:24:
                    a5:1a:6b:c8:ff:20:3f:5c:2f:f1:5d:42:b2:97:04:
                    79:d5:fa:25:2e:cc:e5:de:b4:f3:16:a4:6b:43:87:
                    a1:27:35:94:8d:5c:d2:fa:b2:07:22:59:5a:4f:19:
                    d2:52:1f:1f:62:11:95:8b:51:7d:75:dc:1d:93:44:
                    57:e7:6f:c6:ee:c3:0e:2b:56:c2:32:e7:95:0a:1b:
                    ef:9f:6e:dd:56:64:74:cb:92:ba:87:e5:65:16:29:
                    c7:78:03:31:02:e6:1a:a0:e3:47:dd:25:40:9b:d4:
                    da:14:d6:06:21:f0:44:7e:51:81:5c:7c:a4:a9:a2:
                    66:ef:95:f7:1b:4f:b0:38:20:ad:38:ec:b4:6f:6a:
                    0e:8f:45:65:45:f5:9f:29:da:ea:48:2e:79:e3:d5:
                    e6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:97:21:A4:06:EA:32:09:A5:AF:F6:BE:EF:86:F8:AE:14:8F:05:4E
            X509v3 Authority Key Identifier:
                keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/hpchpAbqMgmlr_a-74b4rhSPBU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:a8:68:73:97:da:5d:eb:9c:c6:6e:42:93:7c:7f:bd:c9:5a:
         7a:f1:40:69:ad:72:07:36:b6:65:0a:4f:6a:5a:aa:18:2c:25:
         b8:50:e5:51:fb:b7:72:04:9a:8e:79:1f:5e:fb:4d:9b:0a:d5:
         11:b7:1d:35:77:28:5a:c2:03:69:f2:8e:64:6a:4f:11:cd:47:
         b6:f3:46:7e:a4:ff:62:e8:86:5b:cb:8a:95:a9:d7:ed:ad:7f:
         61:f8:9d:65:22:b2:e8:ee:b3:db:1a:02:98:8f:18:1c:1c:21:
         3c:77:e9:22:d8:89:fb:e1:d4:e4:c3:20:4b:cb:92:2c:bb:aa:
         26:25:2e:a2:8b:6b:d7:f0:3e:fc:81:1c:45:bf:d9:ec:d4:c7:
         da:bf:ec:65:f3:82:d9:39:69:d8:f4:05:cc:22:6d:51:3f:25:
         e9:e3:92:04:f1:fb:43:34:2a:e8:51:1d:03:71:2e:af:52:cd:
         a4:9d:c0:8f:43:e1:bc:d8:fc:e9:bc:21:47:d3:2d:34:3f:b3:
         7b:9c:53:a8:c3:50:ba:f7:8e:3d:77:99:d1:c0:f1:b9:bf:69:
         bd:b9:b7:c7:7a:ee:fc:d7:64:24:54:40:11:5c:7b:69:61:28:
         3a:89:6d:08:1a:8f:eb:d7:cf:f4:e3:f8:3e:08:99:35:8d:5f:
         0b:ce:e7:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYpX7ZyJ7nzbeC6EUcmfChdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTAyMjIwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk3MjFhNDA2ZWEzMjA5YTVhZmY2YmVlZjg2ZjhhZTE0OGYwNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13dDR2LPhMSk3XUQYfhqOIYOkfll
GERTAH3tQ5jnCxzdBq8fus45ZgtjMedmd7LqaCTVTpTlXyMYzgud0z/Gjl4qhgkv
Jwyx726aJXJrLzhlxAt/6X19nyWAOVCJhvCvT9SewlO6aiSlGmvI/yA/XC/xXUKy
lwR51folLszl3rTzFqRrQ4ehJzWUjVzS+rIHIllaTxnSUh8fYhGVi1F9ddwdk0RX
52/G7sMOK1bCMueVChvvn27dVmR0y5K6h+VlFinHeAMxAuYaoONH3SVAm9TaFNYG
IfBEflGBXHykqaJm75X3G0+wOCCtOOy0b2oOj0VlRfWfKdrqSC5549XmzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIaXIaQG6jIJpa/2vu+G+K4UjwVOMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvaHBjaHBBYnFNZ21scl9hLTc0YjRyaFNQQlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAOoaHOX2l3rnMZuQpN8
f73JWnrxQGmtcgc2tmUKT2paqhgsJbhQ5VH7t3IEmo55H177TZsK1RG3HTV3KFrC
A2nyjmRqTxHNR7bzRn6k/2LohlvLipWp1+2tf2H4nWUisujus9saApiPGBwcITx3
6SLYifvh1OTDIEvLkiy7qiYlLqKLa9fwPvyBHEW/2ezUx9q/7GXzgtk5adj0Bcwi
bVE/JenjkgTx+0M0KuhRHQNxLq9SzaSdwI9D4bzY/Om8IUfTLTQ/s3ucU6jDULr3
jj13mdHA8bm/ab25t8d67vzXZCRUQBFce2lhKDqJbQgaj+vXz/Tj+D4ImTWNXwvO
52Y=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:48 2023 by rpki-client on console.sobornost.net