Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/a370c1-b2f6-4048-ae6c-8abcc15a999a/1/3leeuYo5qXzcBrTZQH5D6_VNgUk.roa
File:                     3leeuYo5qXzcBrTZQH5D6_VNgUk.roa (raw, json)
Hash identifier:          YYFZSWXvsSOQY5rRL6a6jlF/4xVR1V36eeW3q2kW/78=
Subject key identifier:   DE:57:9E:B9:8A:39:A9:7C:DC:06:B4:D9:40:7E:43:EB:F5:4D:81:49
Certificate issuer:       /CN=d48c75105a13129d52ea27e251595cbeb0f8a64a
Certificate serial:       018570CBE7DE8047967816F643F3EE08BFD1
Authority key identifier: D4:8C:75:10:5A:13:12:9D:52:EA:27:E2:51:59:5C:BE:B0:F8:A6:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ix1EFoTEp1S6ifiUVlcvrD4pko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/a370c1-b2f6-4048-ae6c-8abcc15a999a/1/3leeuYo5qXzcBrTZQH5D6_VNgUk.roa
Signing time:             Mon 02 Jan 2023 04:44:49 +0000
ROA not before:           Mon 02 Jan 2023 04:44:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8685
IP address blocks:        91.195.139.0/24 maxlen: 24
                          91.195.138.0/23 maxlen: 23
                          91.195.138.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:cb:e7:de:80:47:96:78:16:f6:43:f3:ee:08:bf:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48c75105a13129d52ea27e251595cbeb0f8a64a
        Validity
            Not Before: Jan  2 04:44:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de579eb98a39a97cdc06b4d9407e43ebf54d8149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5d:a9:4f:65:ad:39:84:94:dc:d1:d3:09:fc:
                    8f:06:9d:45:f0:41:37:1c:84:49:bf:a5:92:1f:f5:
                    1a:29:1f:6c:83:d3:e5:27:5c:6c:76:ac:6d:d1:28:
                    4d:ef:33:53:53:3e:f1:2a:21:75:12:85:32:83:ca:
                    7b:da:b5:1b:f9:df:cf:10:bb:0b:35:97:e8:12:41:
                    ee:7e:aa:2a:7f:61:9c:6e:b2:95:93:85:4d:31:34:
                    84:6e:50:c3:59:12:d3:ac:10:29:56:22:be:85:f5:
                    e0:3a:c7:e1:4f:c3:9c:29:8a:48:45:db:b9:50:11:
                    95:12:59:0c:c1:40:33:58:9e:80:f0:30:b1:7e:d0:
                    91:1e:b4:79:8c:cf:57:1e:e2:c3:fb:fb:7a:cd:45:
                    c2:e7:5a:60:01:81:10:9f:36:3d:b5:16:20:84:c7:
                    99:d5:98:c2:fe:28:c4:94:f6:33:7b:3f:1a:d2:20:
                    b7:e3:7e:57:e9:be:26:2f:a0:a4:d7:9d:e9:a8:38:
                    aa:9e:72:1f:6b:ce:dd:81:4d:d6:78:27:cf:e0:80:
                    07:98:f2:c2:13:ad:b5:b1:a3:14:e1:7a:c2:fe:ce:
                    10:3b:9d:11:98:6e:44:a9:e2:22:7d:9a:fb:1d:6d:
                    2e:31:d2:06:af:1d:48:47:85:4d:cc:6a:d2:f5:7e:
                    72:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:57:9E:B9:8A:39:A9:7C:DC:06:B4:D9:40:7E:43:EB:F5:4D:81:49
            X509v3 Authority Key Identifier:
                keyid:D4:8C:75:10:5A:13:12:9D:52:EA:27:E2:51:59:5C:BE:B0:F8:A6:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ix1EFoTEp1S6ifiUVlcvrD4pko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a370c1-b2f6-4048-ae6c-8abcc15a999a/1/3leeuYo5qXzcBrTZQH5D6_VNgUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a370c1-b2f6-4048-ae6c-8abcc15a999a/1/1Ix1EFoTEp1S6ifiUVlcvrD4pko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:b2:cf:6c:e4:91:df:cf:5d:03:15:2f:ab:b0:70:c8:bd:4f:
         14:f6:7b:27:40:a7:fb:1c:73:76:f5:3e:e8:84:87:fe:d5:6c:
         b4:33:b0:4c:9d:1e:5c:95:e4:ef:ce:26:0c:80:b8:aa:c1:49:
         34:9a:b7:3a:2a:4f:4e:c1:d0:05:11:7c:60:37:d6:c8:fd:eb:
         d6:80:c3:37:d5:74:27:7f:4d:2e:6b:b5:f3:e4:f9:83:03:97:
         4c:bc:eb:08:52:60:8f:a0:77:10:df:71:2d:43:44:29:75:76:
         d1:5f:3c:dd:9e:20:6e:dd:dd:65:e4:13:a7:82:f5:67:2a:fa:
         0e:9a:06:83:3a:20:b6:12:6d:96:c6:c5:ad:89:d7:70:89:19:
         3e:c4:9c:4d:7f:1b:d5:73:56:4b:07:82:80:0f:29:7b:5e:30:
         7c:65:98:fc:19:04:f1:f6:68:09:9d:8f:7c:5e:b4:4a:7c:27:
         b1:b7:02:20:ff:5a:3c:4e:c1:04:15:9a:f3:fe:6d:d7:e6:51:
         48:95:a6:ab:66:df:3c:d5:23:51:be:0c:6f:0f:c7:22:5b:09:
         cf:9c:48:85:9f:92:ca:86:ef:d9:66:80:07:7c:b4:e8:5b:06:
         19:4d:8d:c6:42:ac:8b:61:e9:7e:87:34:f2:2a:2c:a1:fb:c2:
         62:84:63:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwy+fegEeWeBb2Q/PuCL/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGM3NTEwNWExMzEyOWQ1MmVhMjdlMjUxNTk1Y2JlYjBm
OGE2NGEwHhcNMjMwMTAyMDQ0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTU3OWViOThhMzlhOTdjZGMwNmI0ZDk0MDdlNDNlYmY1NGQ4MTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF2pT2WtOYSU3NHTCfyPBp1F8EE3
HIRJv6WSH/UaKR9sg9PlJ1xsdqxt0ShN7zNTUz7xKiF1EoUyg8p72rUb+d/PELsL
NZfoEkHufqoqf2GcbrKVk4VNMTSEblDDWRLTrBApViK+hfXgOsfhT8OcKYpIRdu5
UBGVElkMwUAzWJ6A8DCxftCRHrR5jM9XHuLD+/t6zUXC51pgAYEQnzY9tRYghMeZ
1ZjC/ijElPYzez8a0iC3435X6b4mL6Ck153pqDiqnnIfa87dgU3WeCfP4IAHmPLC
E621saMU4XrC/s4QO50RmG5EqeIifZr7HW0uMdIGrx1IR4VNzGrS9X5yCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5XnrmKOal83Aa02UB+Q+v1TYFJMB8GA1UdIwQY
MBaAFNSMdRBaExKdUuon4lFZXL6w+KZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUl4MUVGb1RFcDFTNmlmaVVWbGN2ckQ0cGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hMzcwYzEtYjJmNi00MDQ4LWFlNmMt
OGFiY2MxNWE5OTlhLzEvM2xlZXVZbzVxWHpjQnJUWlFINUQ2X1ZOZ1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hMzcwYzEtYjJmNi00MDQ4LWFlNmMtOGFiY2MxNWE5OTlh
LzEvMUl4MUVGb1RFcDFTNmlmaVVWbGN2ckQ0cGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8OKMA0G
CSqGSIb3DQEBCwUAA4IBAQBGss9s5JHfz10DFS+rsHDIvU8U9nsnQKf7HHN29T7o
hIf+1Wy0M7BMnR5cleTvziYMgLiqwUk0mrc6Kk9OwdAFEXxgN9bI/evWgMM31XQn
f00ua7Xz5PmDA5dMvOsIUmCPoHcQ33EtQ0QpdXbRXzzdniBu3d1l5BOngvVnKvoO
mgaDOiC2Em2WxsWtiddwiRk+xJxNfxvVc1ZLB4KADyl7XjB8ZZj8GQTx9mgJnY98
XrRKfCextwIg/1o8TsEEFZrz/m3X5lFIlaarZt881SNRvgxvD8ciWwnPnEiFn5LK
hu/ZZoAHfLToWwYZTY3GQqyLYel+hzTyKiyh+8JihGMq
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:48 2024 by rpki-client on console-ams.rpki-client.org