Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/IpxDMNMGzJma40Ww0Z7XLRh_tOs.roa
File:                     IpxDMNMGzJma40Ww0Z7XLRh_tOs.roa (raw, json)
Hash identifier:          7XseE7ZplWvgtuJkCr9kdHZcbQqwvduvy0ZJ1voyFKw=
Subject key identifier:   22:9C:43:30:D3:06:CC:99:9A:E3:45:B0:D1:9E:D7:2D:18:7F:B4:EB
Certificate issuer:       /CN=8f3878e6b0f3b10e5f30f44aeb9d4553ed80823c
Certificate serial:       0187DBE9FB229F18A525B9802FDD27274C76
Authority key identifier: 8F:38:78:E6:B0:F3:B1:0E:5F:30:F4:4A:EB:9D:45:53:ED:80:82:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzh45rDzsQ5fMPRK651FU-2Agjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/IpxDMNMGzJma40Ww0Z7XLRh_tOs.roa
Signing time:             Tue 02 May 2023 10:02:37 +0000
ROA not before:           Tue 02 May 2023 10:02:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29491
IP address blocks:        2a11:d640::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:db:e9:fb:22:9f:18:a5:25:b9:80:2f:dd:27:27:4c:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3878e6b0f3b10e5f30f44aeb9d4553ed80823c
        Validity
            Not Before: May  2 10:02:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=229c4330d306cc999ae345b0d19ed72d187fb4eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c2:b3:ec:d7:dd:72:e2:ae:1f:5c:61:7c:68:
                    3f:c1:7b:e6:c5:4f:15:7f:94:c8:45:7b:65:20:93:
                    5e:4d:67:b5:41:e5:d9:b9:f7:ad:b6:25:6b:a5:e0:
                    6f:71:30:d3:37:1d:59:8d:ce:c7:22:bb:76:a3:01:
                    0b:61:7a:f2:1f:68:0e:f8:06:08:f3:ff:8b:1f:42:
                    44:53:18:6b:ff:ab:f8:c6:b8:af:3d:2d:34:93:47:
                    ea:6a:fc:8e:c1:85:23:7f:72:fa:c5:95:74:81:12:
                    5d:d5:6e:0e:cf:a2:fa:18:28:b8:21:b1:ed:c1:f9:
                    62:48:e7:c2:67:d9:48:76:a5:7b:a3:c2:23:c5:71:
                    c8:cd:c6:29:8c:be:92:6e:01:39:f4:a0:cf:c1:f4:
                    b0:f2:14:7c:a9:8e:ba:7e:75:ba:a5:7c:11:82:11:
                    63:fb:10:64:48:78:c4:d3:dd:de:f9:d5:bb:82:e9:
                    98:9e:98:eb:75:a9:ad:0e:11:b3:75:03:e2:d1:ac:
                    82:fc:88:b9:7e:3b:b4:16:f4:c8:76:a8:4b:be:00:
                    83:51:48:a5:96:33:c9:ec:e7:cf:de:98:d3:1f:77:
                    5c:46:7b:5a:5b:6f:ae:46:22:4c:11:d1:fe:33:6e:
                    f7:93:21:98:1a:3e:1a:43:0e:cf:9e:bd:91:2e:5a:
                    75:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9C:43:30:D3:06:CC:99:9A:E3:45:B0:D1:9E:D7:2D:18:7F:B4:EB
            X509v3 Authority Key Identifier:
                keyid:8F:38:78:E6:B0:F3:B1:0E:5F:30:F4:4A:EB:9D:45:53:ED:80:82:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzh45rDzsQ5fMPRK651FU-2Agjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/IpxDMNMGzJma40Ww0Z7XLRh_tOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/be47b9-bd9f-4165-a871-4af0c4bdba6c/1/jzh45rDzsQ5fMPRK651FU-2Agjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:d640::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:13:8e:49:ea:1c:3a:18:81:b3:7e:df:ca:d5:ce:4e:b5:c6:
         29:0f:f2:47:93:a8:63:f0:b0:be:4c:66:d2:6f:34:74:6b:f6:
         4d:41:56:99:3d:10:88:ba:37:55:de:66:56:85:91:54:58:58:
         0e:83:12:e4:53:ca:0a:f3:c9:09:39:9a:48:4b:51:a6:b5:cc:
         d1:4b:64:b4:95:4d:3f:bb:e0:a3:b5:b6:b0:c3:90:cf:ea:f1:
         b5:22:22:72:05:82:3a:75:f0:e7:db:7a:01:20:76:7f:21:6d:
         2d:e8:22:6f:f6:15:2a:79:52:be:c7:21:d1:a9:c1:3b:82:78:
         ac:45:09:d1:83:3f:34:cf:b9:72:8a:82:6d:69:26:14:c0:b1:
         1b:f3:f5:d2:94:ad:b9:4c:0a:05:c8:f8:87:12:e9:26:ba:fa:
         06:4e:ba:db:b9:45:45:9e:79:1c:c9:0e:da:44:92:15:86:1e:
         65:87:f5:2b:d3:c8:f6:b7:4c:e3:cc:0a:4f:1f:5a:3b:5f:f6:
         c8:5c:45:33:0c:be:67:84:73:74:16:77:fa:d5:48:a0:a2:9d:
         24:45:f4:e4:c6:f8:b7:46:73:ff:1f:67:99:88:5b:5c:d5:dc:
         89:d4:60:1d:b5:e7:ba:b3:dd:c4:c5:6b:35:a2:01:d9:61:f4:
         39:7b:89:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYfb6fsinxilJbmAL90nJ0x2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzg3OGU2YjBmM2IxMGU1ZjMwZjQ0YWViOWQ0NTUzZWQ4
MDgyM2MwHhcNMjMwNTAyMTAwMjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjljNDMzMGQzMDZjYzk5OWFlMzQ1YjBkMTllZDcyZDE4N2ZiNGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8Kz7NfdcuKuH1xhfGg/wXvmxU8V
f5TIRXtlIJNeTWe1QeXZufettiVrpeBvcTDTNx1Zjc7HIrt2owELYXryH2gO+AYI
8/+LH0JEUxhr/6v4xrivPS00k0fqavyOwYUjf3L6xZV0gRJd1W4Oz6L6GCi4IbHt
wfliSOfCZ9lIdqV7o8IjxXHIzcYpjL6SbgE59KDPwfSw8hR8qY66fnW6pXwRghFj
+xBkSHjE093e+dW7gumYnpjrdamtDhGzdQPi0ayC/Ii5fju0FvTIdqhLvgCDUUil
ljPJ7OfP3pjTH3dcRntaW2+uRiJMEdH+M273kyGYGj4aQw7Pnr2RLlp1nQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCKcQzDTBsyZmuNFsNGe1y0Yf7TrMB8GA1UdIwQY
MBaAFI84eOaw87EOXzD0SuudRVPtgII8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpoNDVyRHpzUTVmTVBSSzY1MUZVLTJBZ2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iZTQ3YjktYmQ5Zi00MTY1LWE4NzEt
NGFmMGM0YmRiYTZjLzEvSXB4RE1OTUd6Sm1hNDBXdzBaN1hMUmhfdE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iZTQ3YjktYmQ5Zi00MTY1LWE4NzEtNGFmMGM0YmRiYTZj
LzEvanpoNDVyRHpzUTVmTVBSSzY1MUZVLTJBZ2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhHWQDAN
BgkqhkiG9w0BAQsFAAOCAQEANBOOSeocOhiBs37fytXOTrXGKQ/yR5OoY/Cwvkxm
0m80dGv2TUFWmT0QiLo3Vd5mVoWRVFhYDoMS5FPKCvPJCTmaSEtRprXM0UtktJVN
P7vgo7W2sMOQz+rxtSIicgWCOnXw59t6ASB2fyFtLegib/YVKnlSvsch0anBO4J4
rEUJ0YM/NM+5coqCbWkmFMCxG/P10pStuUwKBcj4hxLpJrr6Bk6627lFRZ55HMkO
2kSSFYYeZYf1K9PI9rdM48wKTx9aO1/2yFxFMwy+Z4RzdBZ3+tVIoKKdJEX05Mb4
t0Zz/x9nmYhbXNXcidRgHbXnurPdxMVrNaIB2WH0OXuJeQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:47 2024 by rpki-client on console-fra.rpki-client.org