Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/63297b-80e9-44d7-91c1-3189bb117fc6/1/gU9eb97He2BPOcz9jblfiD4sfVk.roa
File:                     gU9eb97He2BPOcz9jblfiD4sfVk.roa (raw, json)
Hash identifier:          8T3z+9JkWUWrb13Fw7zKiqortC36itDJwrIAQiiY+c0=
Subject key identifier:   81:4F:5E:6F:DE:C7:7B:60:4F:39:CC:FD:8D:B9:5F:88:3E:2C:7D:59
Certificate issuer:       /CN=def0e2026cad3e0c265fd6c81ff580d8104dee90
Certificate serial:       01856BDCB58AF99D3BAE4A30D7EEE75ABBBA
Authority key identifier: DE:F0:E2:02:6C:AD:3E:0C:26:5F:D6:C8:1F:F5:80:D8:10:4D:EE:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3vDiAmytPgwmX9bIH_WA2BBN7pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/63297b-80e9-44d7-91c1-3189bb117fc6/1/gU9eb97He2BPOcz9jblfiD4sfVk.roa
Signing time:             Sun 01 Jan 2023 05:45:04 +0000
ROA not before:           Sun 01 Jan 2023 05:45:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        2a12:7a80::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:dc:b5:8a:f9:9d:3b:ae:4a:30:d7:ee:e7:5a:bb:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=def0e2026cad3e0c265fd6c81ff580d8104dee90
        Validity
            Not Before: Jan  1 05:45:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=814f5e6fdec77b604f39ccfd8db95f883e2c7d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b4:a8:f9:de:5c:c0:25:a2:38:60:72:45:7f:
                    e9:db:e1:2e:c6:fb:92:6b:de:6f:a6:a5:3a:e6:45:
                    63:12:23:fa:84:b2:bf:2c:c4:dc:db:85:f6:1c:bf:
                    7f:9c:b0:1f:b5:49:72:04:1e:8a:5c:6d:66:d9:87:
                    ba:26:2e:57:a6:3f:3b:80:62:ee:b9:c3:8e:90:16:
                    5b:5a:4d:3a:ff:62:6d:68:c9:7b:9c:59:6a:29:51:
                    67:4e:c2:3f:eb:b7:e7:dd:05:1a:81:3d:07:b8:30:
                    88:ce:8f:9a:50:9c:8c:29:47:f5:12:59:d8:36:30:
                    77:97:8a:ec:7f:c7:77:a5:09:28:8c:3e:62:ae:17:
                    f8:ae:13:1c:84:24:1f:be:94:0f:28:bf:c6:4f:49:
                    69:a1:0f:e6:51:b8:2c:cf:0d:eb:a2:a9:6c:eb:95:
                    41:ea:66:52:96:1e:59:57:a9:91:89:22:e9:0a:c6:
                    9c:7e:62:cf:39:1c:fa:fa:e7:b3:0a:d9:e2:4a:9d:
                    6d:16:e7:f7:4d:78:3e:ef:5d:f3:df:2e:8d:9d:ea:
                    97:d9:04:f5:a0:ff:c7:8b:34:5c:c3:3b:4c:53:5f:
                    98:e3:e4:1a:25:b3:ce:75:e0:75:46:a7:91:3c:20:
                    62:b4:5f:b4:84:45:e2:40:21:9d:20:c6:97:2c:94:
                    69:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:4F:5E:6F:DE:C7:7B:60:4F:39:CC:FD:8D:B9:5F:88:3E:2C:7D:59
            X509v3 Authority Key Identifier:
                keyid:DE:F0:E2:02:6C:AD:3E:0C:26:5F:D6:C8:1F:F5:80:D8:10:4D:EE:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3vDiAmytPgwmX9bIH_WA2BBN7pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/63297b-80e9-44d7-91c1-3189bb117fc6/1/gU9eb97He2BPOcz9jblfiD4sfVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/63297b-80e9-44d7-91c1-3189bb117fc6/1/3vDiAmytPgwmX9bIH_WA2BBN7pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:7f:30:8c:3f:25:39:a7:d2:0a:de:15:aa:da:4c:7c:bc:af:
         f3:7a:fb:d7:8a:aa:61:94:98:a6:ff:c5:df:62:d2:09:8d:91:
         aa:1a:c2:df:9b:57:8e:7e:00:75:6d:b1:3c:24:9e:fa:76:3a:
         4d:86:b3:df:03:32:2d:b9:73:ed:e6:7f:0c:4b:12:87:56:50:
         fe:2c:0d:e9:fe:64:b8:0e:69:f1:65:77:74:26:54:15:51:65:
         b0:04:d1:8d:4d:50:53:27:ce:6c:f7:d2:b8:ee:01:59:d8:4f:
         d2:16:9f:3d:69:bc:a9:83:78:42:7c:fa:c9:b3:7b:62:7a:1e:
         7c:ae:23:68:79:9b:25:eb:62:65:46:ea:12:e6:00:e0:a4:64:
         b3:ef:78:8c:65:ed:02:8e:20:f0:45:d3:ec:dd:76:b2:2e:d2:
         fe:f3:77:e4:29:68:d7:2d:57:ee:bd:1c:d8:c7:10:d3:47:44:
         2f:27:16:dc:b5:e5:67:85:c1:3b:fa:f5:51:3a:fa:d7:27:36:
         65:b1:a0:2d:e2:10:e9:c9:23:03:7e:6e:a6:57:c2:89:d0:06:
         34:28:2e:6a:90:5c:f3:bd:c3:10:c4:1a:d5:2b:b8:4f:8e:d2:
         54:4b:17:a3:65:c1:81:0e:07:71:f4:3f:3d:c9:8d:49:cc:bc:
         11:ab:21:be
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVr3LWK+Z07rkow1+7nWru6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZjBlMjAyNmNhZDNlMGMyNjVmZDZjODFmZjU4MGQ4MTA0
ZGVlOTAwHhcNMjMwMTAxMDU0NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTRmNWU2ZmRlYzc3YjYwNGYzOWNjZmQ4ZGI5NWY4ODNlMmM3ZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7So+d5cwCWiOGByRX/p2+EuxvuS
a95vpqU65kVjEiP6hLK/LMTc24X2HL9/nLAftUlyBB6KXG1m2Ye6Ji5Xpj87gGLu
ucOOkBZbWk06/2JtaMl7nFlqKVFnTsI/67fn3QUagT0HuDCIzo+aUJyMKUf1ElnY
NjB3l4rsf8d3pQkojD5irhf4rhMchCQfvpQPKL/GT0lpoQ/mUbgszw3roqls65VB
6mZSlh5ZV6mRiSLpCsacfmLPORz6+uezCtniSp1tFuf3TXg+713z3y6NneqX2QT1
oP/HizRcwztMU1+Y4+QaJbPOdeB1RqeRPCBitF+0hEXiQCGdIMaXLJRphwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIFPXm/ex3tgTznM/Y25X4g+LH1ZMB8GA1UdIwQY
MBaAFN7w4gJsrT4MJl/WyB/1gNgQTe6QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3ZEaUFteXRQZ3dtWDliSUhfV0EyQkJON3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82MzI5N2ItODBlOS00NGQ3LTkxYzEt
MzE4OWJiMTE3ZmM2LzEvZ1U5ZWI5N0hlMkJQT2N6OWpibGZpRDRzZlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82MzI5N2ItODBlOS00NGQ3LTkxYzEtMzE4OWJiMTE3ZmM2
LzEvM3ZEaUFteXRQZ3dtWDliSUhfV0EyQkJON3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJ6gDAN
BgkqhkiG9w0BAQsFAAOCAQEArH8wjD8lOafSCt4VqtpMfLyv83r714qqYZSYpv/F
32LSCY2RqhrC35tXjn4AdW2xPCSe+nY6TYaz3wMyLblz7eZ/DEsSh1ZQ/iwN6f5k
uA5p8WV3dCZUFVFlsATRjU1QUyfObPfSuO4BWdhP0hafPWm8qYN4Qnz6ybN7Ynoe
fK4jaHmbJetiZUbqEuYA4KRks+94jGXtAo4g8EXT7N12si7S/vN35Clo1y1X7r0c
2McQ00dELycW3LXlZ4XBO/r1UTr61yc2ZbGgLeIQ6ckjA35uplfCidAGNCguapBc
873DEMQa1Su4T47SVEsXo2XBgQ4HcfQ/PcmNScy8Eashvg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:42 2024 by rpki-client on console-ams.rpki-client.org