Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/a45867-3f5e-454e-aa1c-9e1161b44622/1/MPia9mzsmbSXA8qqKCD2BfZfO7U.roa
File:                     MPia9mzsmbSXA8qqKCD2BfZfO7U.roa (raw, json)
Hash identifier:          WH9FFMLctHSRX9ivX56CbYe2UPfTrrGb5w7/aj5qYGQ=
Subject key identifier:   30:F8:9A:F6:6C:EC:99:B4:97:03:CA:AA:28:20:F6:05:F6:5F:3B:B5
Certificate issuer:       /CN=7e4c0e45307df8c8ec4c8d4ff0a324a325849c8c
Certificate serial:       E54DBC
Authority key identifier: 7E:4C:0E:45:30:7D:F8:C8:EC:4C:8D:4F:F0:A3:24:A3:25:84:9C:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkwORTB9-MjsTI1P8KMkoyWEnIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/a45867-3f5e-454e-aa1c-9e1161b44622/1/MPia9mzsmbSXA8qqKCD2BfZfO7U.roa
Signing time:             Sat 01 Jan 2022 07:54:25 +0000
ROA not before:           Sat 01 Jan 2022 07:54:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     396982
IP address blocks:        213.232.238.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15027644 (0xe54dbc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e4c0e45307df8c8ec4c8d4ff0a324a325849c8c
        Validity
            Not Before: Jan  1 07:54:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=30f89af66cec99b49703caaa2820f605f65f3bb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:32:64:87:49:47:e1:1f:70:0d:fb:b6:05:05:
                    9e:54:1e:7f:60:3c:6d:ab:51:26:43:46:4c:36:8d:
                    9d:c6:73:ca:b1:c4:66:70:2e:a7:85:24:2d:6c:1c:
                    f1:fe:75:20:7d:c1:1f:14:c4:ff:5a:cb:f6:84:8d:
                    52:9a:af:83:29:29:18:fe:6d:e2:68:5e:ca:af:c9:
                    c4:1c:cd:a1:49:e2:b8:f4:f0:b7:de:ab:a0:a5:a5:
                    b9:e3:7e:e9:39:f8:27:96:e7:d1:5d:1e:07:38:1f:
                    c9:51:02:e7:91:35:98:6c:15:a4:74:5c:bf:2e:34:
                    34:bb:22:43:1c:cf:e9:dc:3e:99:31:62:8a:81:ec:
                    b2:5d:c6:37:70:26:4d:73:59:5a:5d:2e:51:67:c1:
                    b1:99:98:fb:53:b7:30:1d:09:4a:5a:c2:b2:d3:37:
                    e0:05:26:27:32:b3:8a:2b:99:bc:46:a0:8e:82:b4:
                    59:ad:90:86:46:b1:16:99:d3:d4:eb:5e:b8:f2:2e:
                    e2:68:a0:81:ab:8d:41:dc:ec:85:8d:03:5f:d4:33:
                    0c:fe:c9:94:92:55:01:3b:96:a3:7b:58:c5:54:49:
                    92:9c:41:3d:13:18:ac:42:60:74:54:73:79:4c:35:
                    73:0b:75:05:3a:5e:ac:d6:65:03:29:fb:01:82:df:
                    e8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F8:9A:F6:6C:EC:99:B4:97:03:CA:AA:28:20:F6:05:F6:5F:3B:B5
            X509v3 Authority Key Identifier:
                keyid:7E:4C:0E:45:30:7D:F8:C8:EC:4C:8D:4F:F0:A3:24:A3:25:84:9C:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkwORTB9-MjsTI1P8KMkoyWEnIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a45867-3f5e-454e-aa1c-9e1161b44622/1/MPia9mzsmbSXA8qqKCD2BfZfO7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a45867-3f5e-454e-aa1c-9e1161b44622/1/fkwORTB9-MjsTI1P8KMkoyWEnIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:53:51:93:9d:ed:05:a2:4e:7c:0c:84:15:a4:09:8c:d7:76:
         2a:57:77:79:14:e1:9e:62:e1:46:6e:0c:8f:d9:85:55:70:b4:
         72:3f:05:b9:52:24:6f:1e:fb:41:88:af:7e:bd:3e:13:e1:69:
         c5:e4:9c:64:01:a5:58:1c:23:76:3b:f0:86:8b:db:b0:42:9d:
         3a:96:d0:d2:59:d0:4c:b4:6e:af:e9:55:2b:24:19:4d:13:aa:
         2f:3c:c2:b1:27:0b:a2:d2:28:35:cd:a9:2e:11:12:12:5a:92:
         95:99:15:49:cf:3d:42:ef:d1:0b:a3:b2:d8:f6:ee:ed:20:e1:
         6e:6e:d1:a7:cc:85:38:05:a1:65:da:73:52:70:17:b1:ae:09:
         8d:ee:11:7d:aa:83:53:a3:9c:c0:96:1a:07:97:29:c4:1a:c6:
         43:ae:38:47:77:6a:15:d1:e8:07:7f:0a:ac:4a:8d:13:58:dd:
         c7:02:54:75:6d:fc:70:e3:d6:09:4f:61:68:a2:f5:e3:81:54:
         d2:3a:b9:c8:16:4f:fb:2e:dc:79:51:99:af:a0:03:8f:67:da:
         f5:3b:aa:df:0c:cf:79:20:12:ac:2c:2b:e2:b1:b1:5a:0d:80:
         8b:b0:2b:03:76:71:e3:6c:b6:5d:99:bf:39:d1:a2:f9:eb:54:
         19:7e:81:fd
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAOVNvDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZTRjMGU0NTMwN2RmOGM4ZWM0YzhkNGZmMGEzMjRhMzI1ODQ5YzhjMB4XDTIyMDEw
MTA3NTQyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzBmODlhZjY2Y2Vj
OTliNDk3MDNjYWFhMjgyMGY2MDVmNjVmM2JiNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALAyZIdJR+EfcA37tgUFnlQef2A8batRJkNGTDaNncZzyrHE
ZnAup4UkLWwc8f51IH3BHxTE/1rL9oSNUpqvgykpGP5t4mheyq/JxBzNoUniuPTw
t96roKWlueN+6Tn4J5bn0V0eBzgfyVEC55E1mGwVpHRcvy40NLsiQxzP6dw+mTFi
ioHssl3GN3AmTXNZWl0uUWfBsZmY+1O3MB0JSlrCstM34AUmJzKziiuZvEagjoK0
Wa2QhkaxFpnT1OteuPIu4miggauNQdzshY0DX9QzDP7JlJJVATuWo3tYxVRJkpxB
PRMYrEJgdFRzeUw1cwt1BTperNZlAyn7AYLf6FUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQw+Jr2bOyZtJcDyqooIPYF9l87tTAfBgNVHSMEGDAWgBR+TA5FMH34yOxM
jU/woySjJYScjDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2Zrd09SVEI5LU1qc1RJMVA4S01rb3lXRW5Jdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDAvYTQ1ODY3LTNmNWUtNDU0ZS1hYTFjLTllMTE2MWI0NDYyMi8x
L01QaWE5bXpzbWJTWEE4cXFLQ0QyQmZaZk83VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAv
YTQ1ODY3LTNmNWUtNDU0ZS1hYTFjLTllMTE2MWI0NDYyMi8xL2Zrd09SVEI5LU1q
c1RJMVA4S01rb3lXRW5Jdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANXo7jANBgkqhkiG9w0BAQsFAAOC
AQEAQlNRk53tBaJOfAyEFaQJjNd2Kld3eRThnmLhRm4Mj9mFVXC0cj8FuVIkbx77
QYivfr0+E+FpxeScZAGlWBwjdjvwhovbsEKdOpbQ0lnQTLRur+lVKyQZTROqLzzC
sScLotIoNc2pLhESElqSlZkVSc89Qu/RC6Oy2Pbu7SDhbm7Rp8yFOAWhZdpzUnAX
sa4Jje4RfaqDU6OcwJYaB5cpxBrGQ644R3dqFdHoB38KrEqNE1jdxwJUdW38cOPW
CU9haKL144FU0jq5yBZP+y7ceVGZr6ADj2fa9Tuq3wzPeSASrCwr4rGxWg2Ai7Ar
A3Zx42y2XZm/OdGi+etUGX6B/Q==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:41:52 2023 by rpki-client on console-fra.rpki-client.org