Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a8e808-95f3-4ab3-978b-23cd7cceac45/1/mjNt8Hx0pPTH7arQcHFdgze47P4.roa
File:                     mjNt8Hx0pPTH7arQcHFdgze47P4.roa (raw, json)
Hash identifier:          C+vWENwthpVpBOwk+1Bcla2BTOGGBGlvA4Pv2P8IEFc=
Subject key identifier:   9A:33:6D:F0:7C:74:A4:F4:C7:ED:AA:D0:70:71:5D:83:37:B8:EC:FE
Certificate issuer:       /CN=3fbf0d4f25ec119728f14a9c51aee8034fff3ff6
Certificate serial:       018781416F1C5AEC210A57B72341594DA7F5
Authority key identifier: 3F:BF:0D:4F:25:EC:11:97:28:F1:4A:9C:51:AE:E8:03:4F:FF:3F:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P78NTyXsEZco8UqcUa7oA0__P_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a8e808-95f3-4ab3-978b-23cd7cceac45/1/mjNt8Hx0pPTH7arQcHFdgze47P4.roa
Signing time:             Fri 14 Apr 2023 19:32:41 +0000
ROA not before:           Fri 14 Apr 2023 19:32:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        176.118.33.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:81:41:6f:1c:5a:ec:21:0a:57:b7:23:41:59:4d:a7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fbf0d4f25ec119728f14a9c51aee8034fff3ff6
        Validity
            Not Before: Apr 14 19:32:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9a336df07c74a4f4c7edaad070715d8337b8ecfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:df:fc:a0:dc:da:22:c7:c1:f6:07:48:81:53:
                    b0:84:19:cb:c3:23:cf:a5:3b:10:1a:b7:ec:9a:28:
                    47:81:c3:dc:db:b0:2e:3e:32:ce:54:a7:8a:58:6f:
                    a5:e8:0f:fb:c1:d3:d8:d9:5f:1f:97:2c:aa:1b:4f:
                    a0:87:11:04:73:79:27:b2:24:cd:7e:61:e0:c5:8d:
                    2d:7d:7d:4e:ac:4c:66:52:7f:7d:1b:12:96:82:39:
                    64:8b:7d:5d:c0:cf:32:66:16:75:f3:a5:43:48:01:
                    c3:56:11:a2:b7:98:59:e1:e9:cb:a6:23:ec:b9:ad:
                    76:1f:2c:7d:b0:2a:d0:4e:ae:bc:50:11:9b:ca:b9:
                    72:d5:18:3a:d9:8b:73:5f:d4:e8:26:4f:27:ec:1e:
                    df:2b:e0:c1:bd:96:59:46:85:4d:83:26:c1:49:a2:
                    2d:d9:55:9a:f0:70:a1:b9:14:32:ce:2b:de:31:c2:
                    c1:5b:10:47:70:72:5c:be:fd:51:55:6c:4b:01:ec:
                    f0:e2:5f:4f:9e:27:4f:27:e8:94:78:46:9c:22:05:
                    da:46:ee:83:03:ab:7a:c3:27:8e:d4:4b:4d:09:53:
                    5d:dc:13:bd:56:b2:20:fb:cb:41:42:15:d0:88:d5:
                    8d:90:84:d3:ec:f0:f8:21:ba:59:0c:70:66:23:f2:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:33:6D:F0:7C:74:A4:F4:C7:ED:AA:D0:70:71:5D:83:37:B8:EC:FE
            X509v3 Authority Key Identifier:
                keyid:3F:BF:0D:4F:25:EC:11:97:28:F1:4A:9C:51:AE:E8:03:4F:FF:3F:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P78NTyXsEZco8UqcUa7oA0__P_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a8e808-95f3-4ab3-978b-23cd7cceac45/1/mjNt8Hx0pPTH7arQcHFdgze47P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a8e808-95f3-4ab3-978b-23cd7cceac45/1/P78NTyXsEZco8UqcUa7oA0__P_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:3e:17:8c:06:78:20:72:b7:66:a3:b5:63:b4:c7:ad:4b:86:
         6e:35:2c:46:2a:d1:bc:03:48:08:db:67:40:d6:53:12:d1:6d:
         3b:fc:52:89:f8:45:c2:aa:4a:50:06:8f:d7:01:67:92:58:67:
         42:12:b2:88:c2:73:b2:d7:6b:9f:71:55:09:04:c7:4d:87:f8:
         d1:e8:ce:af:ef:b8:bd:f6:49:d2:de:9a:b3:72:0b:d9:74:f4:
         d6:af:ea:27:4a:73:41:aa:e8:cd:18:f6:78:3d:ac:dd:ba:f4:
         a9:1b:50:76:3f:66:da:72:3d:2a:03:fd:d4:6a:31:2c:d8:52:
         e8:d1:1f:af:28:6a:32:c9:c6:37:e4:47:d5:f0:81:58:53:ed:
         07:e4:14:85:cb:c1:75:85:a5:c2:8c:fd:40:ab:0d:df:0c:34:
         c3:d4:36:38:24:b6:e1:d0:8e:61:b2:85:1d:05:cf:5a:60:93:
         59:71:63:38:97:08:75:f9:47:9d:9a:d3:19:94:06:39:c0:4f:
         d7:1b:1d:6e:09:e8:cb:99:b3:6d:86:fd:b3:e5:91:ae:b2:06:
         40:7c:51:2b:fe:e9:c0:b3:76:72:67:88:03:a3:a2:87:7b:4b:
         1a:49:38:99:bb:80:d2:95:42:0e:e0:8e:38:53:f1:9b:e2:64:
         13:89:f7:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeBQW8cWuwhCle3I0FZTaf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYmYwZDRmMjVlYzExOTcyOGYxNGE5YzUxYWVlODAzNGZm
ZjNmZjYwHhcNMjMwNDE0MTkzMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTMzNmRmMDdjNzRhNGY0YzdlZGFhZDA3MDcxNWQ4MzM3YjhlY2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhN/8oNzaIsfB9gdIgVOwhBnLwyPP
pTsQGrfsmihHgcPc27AuPjLOVKeKWG+l6A/7wdPY2V8flyyqG0+ghxEEc3knsiTN
fmHgxY0tfX1OrExmUn99GxKWgjlki31dwM8yZhZ186VDSAHDVhGit5hZ4enLpiPs
ua12Hyx9sCrQTq68UBGbyrly1Rg62YtzX9ToJk8n7B7fK+DBvZZZRoVNgybBSaIt
2VWa8HChuRQyziveMcLBWxBHcHJcvv1RVWxLAezw4l9PnidPJ+iUeEacIgXaRu6D
A6t6wyeO1EtNCVNd3BO9VrIg+8tBQhXQiNWNkITT7PD4IbpZDHBmI/IL2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJozbfB8dKT0x+2q0HBxXYM3uOz+MB8GA1UdIwQY
MBaAFD+/DU8l7BGXKPFKnFGu6ANP/z/2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDc4TlR5WHNFWmNvOFVxY1VhN29BMF9fUF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hOGU4MDgtOTVmMy00YWIzLTk3OGIt
MjNjZDdjY2VhYzQ1LzEvbWpOdDhIeDBwUFRIN2FyUWNIRmRnemU0N1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hOGU4MDgtOTVmMy00YWIzLTk3OGItMjNjZDdjY2VhYzQ1
LzEvUDc4TlR5WHNFWmNvOFVxY1VhN29BMF9fUF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHYhMA0G
CSqGSIb3DQEBCwUAA4IBAQByPheMBnggcrdmo7VjtMetS4ZuNSxGKtG8A0gI22dA
1lMS0W07/FKJ+EXCqkpQBo/XAWeSWGdCErKIwnOy12ufcVUJBMdNh/jR6M6v77i9
9knS3pqzcgvZdPTWr+onSnNBqujNGPZ4PazduvSpG1B2P2bacj0qA/3UajEs2FLo
0R+vKGoyycY35EfV8IFYU+0H5BSFy8F1haXCjP1Aqw3fDDTD1DY4JLbh0I5hsoUd
Bc9aYJNZcWM4lwh1+UedmtMZlAY5wE/XGx1uCejLmbNthv2z5ZGusgZAfFEr/unA
s3ZyZ4gDo6KHe0saSTiZu4DSlUIO4I44U/Gb4mQTiffu
-----END CERTIFICATE-----
Generated at Mon Nov 13 09:49:35 2023 by rpki-client on console-fra.rpki-client.org