Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/72028a-c305-4edf-9570-45904e460f73/1/Rc3TtdCijOrXstn_sustec16WEo.roa
File:                     Rc3TtdCijOrXstn_sustec16WEo.roa (raw, json)
Hash identifier:          I/2e0xGTuGm55lIcuJzwqTJw7U+y2XQ5QV9bTUwvV+o=
Subject key identifier:   45:CD:D3:B5:D0:A2:8C:EA:D7:B2:D9:FF:B2:EB:2D:79:CD:7A:58:4A
Certificate issuer:       /CN=fd33f44e08988baecafdb5cf290bdc8d18c9e46a
Certificate serial:       01857343AE8350A9D235EE0F77D2F248743C
Authority key identifier: FD:33:F4:4E:08:98:8B:AE:CA:FD:B5:CF:29:0B:DC:8D:18:C9:E4:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TP0TgiYi67K_bXPKQvcjRjJ5Go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/72028a-c305-4edf-9570-45904e460f73/1/Rc3TtdCijOrXstn_sustec16WEo.roa
Signing time:             Mon 02 Jan 2023 16:14:53 +0000
ROA not before:           Mon 02 Jan 2023 16:14:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205614
IP address blocks:        45.135.124.0/22 maxlen: 24
                          2a0e:8b40::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:43:ae:83:50:a9:d2:35:ee:0f:77:d2:f2:48:74:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd33f44e08988baecafdb5cf290bdc8d18c9e46a
        Validity
            Not Before: Jan  2 16:14:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=45cdd3b5d0a28cead7b2d9ffb2eb2d79cd7a584a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:be:aa:13:e3:fd:7d:6b:0b:17:fc:8b:35:19:
                    2e:a8:d6:f2:99:f4:40:76:3f:d0:0a:ce:07:5e:3c:
                    c7:7b:4e:de:e0:e3:46:26:b1:bb:45:11:ad:90:72:
                    9c:01:9a:9a:ae:8e:74:0e:9e:cc:59:8f:bd:75:ab:
                    bd:c2:8d:41:18:9b:5d:e6:bb:f4:61:38:ce:19:a3:
                    92:82:43:d4:ab:50:b7:cd:1b:65:fc:4a:23:f3:24:
                    04:23:9f:3c:18:94:de:be:a6:38:7c:a4:11:90:7e:
                    29:ed:14:01:ae:9c:d6:7c:42:6b:fc:47:82:05:e5:
                    c0:34:0b:38:2a:4b:57:26:8e:49:5a:e4:6b:1e:79:
                    39:99:86:50:0b:1a:95:3d:aa:9b:77:b5:bf:3e:75:
                    cc:b8:8b:3b:02:5c:6d:27:d2:4a:a0:a7:8f:d0:22:
                    84:09:4d:09:97:98:86:4e:60:df:94:a3:fc:b9:84:
                    43:0a:23:85:e4:a2:25:97:fb:4f:35:35:92:2c:a7:
                    b6:63:bf:27:72:5c:8f:e6:4f:af:03:26:94:4f:b1:
                    f1:92:a1:c6:63:ff:43:14:23:23:b3:4e:d0:8a:c6:
                    49:d1:95:af:2b:fb:82:fc:6d:25:69:2d:c4:d3:35:
                    ca:c8:8f:67:af:77:b1:29:08:37:02:f4:6f:a5:72:
                    63:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CD:D3:B5:D0:A2:8C:EA:D7:B2:D9:FF:B2:EB:2D:79:CD:7A:58:4A
            X509v3 Authority Key Identifier:
                keyid:FD:33:F4:4E:08:98:8B:AE:CA:FD:B5:CF:29:0B:DC:8D:18:C9:E4:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TP0TgiYi67K_bXPKQvcjRjJ5Go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/72028a-c305-4edf-9570-45904e460f73/1/Rc3TtdCijOrXstn_sustec16WEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/72028a-c305-4edf-9570-45904e460f73/1/_TP0TgiYi67K_bXPKQvcjRjJ5Go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.124.0/22
                IPv6:
                  2a0e:8b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:12:30:77:ac:12:03:b4:90:c5:8f:2e:54:43:fb:2c:f1:87:
         5d:ad:4f:a6:28:a5:7b:42:68:18:18:22:2f:cd:5d:dd:6a:e1:
         88:8a:ed:93:a2:e5:c4:85:36:44:e6:ea:24:9b:98:a2:99:5c:
         c5:97:3c:e6:b1:02:41:e3:d1:cd:d3:36:e8:38:17:d0:f9:4c:
         8e:69:52:25:c0:23:cb:b5:f1:33:f7:78:6e:26:16:36:66:d3:
         fb:5d:60:0a:81:0f:60:1a:ca:17:b6:46:d8:10:60:5a:ce:34:
         7c:94:36:08:79:c7:67:44:40:51:0c:ed:f4:c6:79:23:86:3d:
         7e:29:91:45:94:0a:3b:8d:22:10:ec:ef:47:78:15:9d:dc:c9:
         e3:02:94:f4:52:16:07:01:e2:ae:04:41:87:c5:7b:66:3a:eb:
         5f:ff:14:2e:1d:4c:09:1c:28:2a:44:db:d0:4e:e3:b0:7d:48:
         a8:1a:49:a6:93:f0:4c:fa:9f:cf:bb:ed:4b:30:f2:7b:23:11:
         1d:f6:fe:66:69:3a:1e:7a:4b:48:e9:a6:f5:97:e0:d4:12:96:
         a6:4c:69:d2:e0:ee:56:25:9c:4a:8a:b3:ca:be:f1:96:1f:27:
         6d:67:41:88:87:27:06:4c:d0:66:fb:82:0a:4d:e2:8b:3e:13:
         1b:a9:44:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVzQ66DUKnSNe4Pd9LySHQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzNmNDRlMDg5ODhiYWVjYWZkYjVjZjI5MGJkYzhkMThj
OWU0NmEwHhcNMjMwMTAyMTYxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWNkZDNiNWQwYTI4Y2VhZDdiMmQ5ZmZiMmViMmQ3OWNkN2E1ODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp76qE+P9fWsLF/yLNRkuqNbymfRA
dj/QCs4HXjzHe07e4ONGJrG7RRGtkHKcAZqaro50Dp7MWY+9dau9wo1BGJtd5rv0
YTjOGaOSgkPUq1C3zRtl/Eoj8yQEI588GJTevqY4fKQRkH4p7RQBrpzWfEJr/EeC
BeXANAs4KktXJo5JWuRrHnk5mYZQCxqVPaqbd7W/PnXMuIs7AlxtJ9JKoKeP0CKE
CU0Jl5iGTmDflKP8uYRDCiOF5KIll/tPNTWSLKe2Y78nclyP5k+vAyaUT7HxkqHG
Y/9DFCMjs07QisZJ0ZWvK/uC/G0laS3E0zXKyI9nr3exKQg3AvRvpXJjIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEXN07XQoozq17LZ/7LrLXnNelhKMB8GA1UdIwQY
MBaAFP0z9E4ImIuuyv21zykL3I0YyeRqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RQMFRnaVlpNjdLX2JYUEtRdmNqUmpKNUdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83MjAyOGEtYzMwNS00ZWRmLTk1NzAt
NDU5MDRlNDYwZjczLzEvUmMzVHRkQ2lqT3JYc3RuX3N1c3RlYzE2V0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83MjAyOGEtYzMwNS00ZWRmLTk1NzAtNDU5MDRlNDYwZjcz
LzEvX1RQMFRnaVlpNjdLX2JYUEtRdmNqUmpKNUdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYd8MA0E
AgACMAcDBQMqDotAMA0GCSqGSIb3DQEBCwUAA4IBAQBKEjB3rBIDtJDFjy5UQ/ss
8YddrU+mKKV7QmgYGCIvzV3dauGIiu2TouXEhTZE5uokm5iimVzFlzzmsQJB49HN
0zboOBfQ+UyOaVIlwCPLtfEz93huJhY2ZtP7XWAKgQ9gGsoXtkbYEGBazjR8lDYI
ecdnREBRDO30xnkjhj1+KZFFlAo7jSIQ7O9HeBWd3MnjApT0UhYHAeKuBEGHxXtm
Outf/xQuHUwJHCgqRNvQTuOwfUioGkmmk/BM+p/Pu+1LMPJ7IxEd9v5maToeektI
6ab1l+DUEpamTGnS4O5WJZxKirPKvvGWHydtZ0GIhycGTNBm+4IKTeKLPhMbqUSU
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:12 2024 by rpki-client on console-ams.rpki-client.org