Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/d67fe9-e18c-4351-a0a0-1e358ade24fe/1/rdye6mvZ_nFPjt15_pI5atmUm0I.roa
File:                     rdye6mvZ_nFPjt15_pI5atmUm0I.roa (raw, json)
Hash identifier:          QuWtxYsnC9W7VPv7qn8VgVkw4kxrckt0KevP2Q6n77s=
Subject key identifier:   AD:DC:9E:EA:6B:D9:FE:71:4F:8E:DD:79:FE:92:39:6A:D9:94:9B:42
Certificate issuer:       /CN=3bf6a3db7a15ab57fabaa6feca289e7557715bac
Certificate serial:       01856BDC8F9EB507500DDC2FD727A6690556
Authority key identifier: 3B:F6:A3:DB:7A:15:AB:57:FA:BA:A6:FE:CA:28:9E:75:57:71:5B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_aj23oVq1f6uqb-yiiedVdxW6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/d67fe9-e18c-4351-a0a0-1e358ade24fe/1/rdye6mvZ_nFPjt15_pI5atmUm0I.roa
Signing time:             Sun 01 Jan 2023 05:44:54 +0000
ROA not before:           Sun 01 Jan 2023 05:44:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48031
IP address blocks:        176.116.3.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:dc:8f:9e:b5:07:50:0d:dc:2f:d7:27:a6:69:05:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bf6a3db7a15ab57fabaa6feca289e7557715bac
        Validity
            Not Before: Jan  1 05:44:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=addc9eea6bd9fe714f8edd79fe92396ad9949b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f3:c5:06:75:6d:f2:b1:85:22:ec:31:35:6b:
                    a7:c2:09:8f:4b:52:a7:8c:c3:84:f3:45:97:95:ed:
                    5f:49:65:ba:a0:0e:56:a5:25:c9:cb:f6:9b:ae:2e:
                    55:58:59:17:81:52:8e:db:af:50:78:d9:09:6c:50:
                    e1:1c:99:f1:8c:44:36:39:7b:fd:18:90:3e:bf:1e:
                    90:76:bb:68:56:97:be:a7:cb:46:18:0c:59:83:30:
                    5c:91:a9:33:30:a6:72:ee:c0:c4:9f:ce:a5:85:cf:
                    51:55:26:10:99:40:58:22:9c:57:30:dd:c8:03:36:
                    17:31:bc:eb:ea:96:68:08:04:1c:be:9e:19:f1:e9:
                    49:a8:2f:9e:78:a4:68:94:55:10:96:b3:5e:a6:58:
                    aa:a8:5b:9f:12:62:2b:b4:d7:7b:d2:cf:62:bc:0c:
                    44:aa:9b:ca:49:0c:ca:5d:b8:da:f9:43:36:15:f5:
                    79:61:e2:dc:d9:6f:03:c7:a0:bc:a8:38:2d:af:d6:
                    0a:30:8e:ad:84:d5:41:90:b4:8f:92:67:d4:bb:fd:
                    b4:74:8b:1d:c0:65:e4:3b:e5:09:34:a8:58:89:91:
                    b5:e6:10:7d:38:53:47:90:09:76:fb:62:e2:21:8b:
                    8d:a3:37:74:8b:22:4c:4e:36:25:e2:bb:2d:8e:54:
                    5d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:DC:9E:EA:6B:D9:FE:71:4F:8E:DD:79:FE:92:39:6A:D9:94:9B:42
            X509v3 Authority Key Identifier:
                keyid:3B:F6:A3:DB:7A:15:AB:57:FA:BA:A6:FE:CA:28:9E:75:57:71:5B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_aj23oVq1f6uqb-yiiedVdxW6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d67fe9-e18c-4351-a0a0-1e358ade24fe/1/rdye6mvZ_nFPjt15_pI5atmUm0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d67fe9-e18c-4351-a0a0-1e358ade24fe/1/O_aj23oVq1f6uqb-yiiedVdxW6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:db:5f:fc:1a:32:51:ff:90:91:3c:13:be:25:66:eb:f8:19:
         74:bc:1c:8f:0f:e5:4c:e8:f5:b6:68:04:64:8e:af:fd:7a:26:
         6b:6f:0b:70:5e:61:8c:7d:4f:d6:72:fd:4c:14:cd:7e:a2:57:
         d0:b3:ee:bd:9d:ff:7e:c1:03:3b:c2:99:c0:c4:b6:6b:dc:5d:
         ea:78:6c:39:c2:6e:49:38:7a:02:40:06:45:76:36:06:ed:08:
         69:51:c0:de:c7:71:66:1d:04:56:3d:ac:d0:a2:12:93:b6:ea:
         34:af:55:47:f8:fb:dc:4e:cc:7e:fa:a5:ab:5f:34:10:cd:b9:
         c6:90:f4:3b:91:5e:a0:0b:e6:67:68:a0:c9:4e:87:bc:58:40:
         53:c4:05:0e:57:db:77:63:f1:0c:35:b8:e6:5f:35:36:95:76:
         66:01:ed:67:75:8c:ce:32:ab:6f:6f:d9:55:9d:00:5e:b3:cd:
         13:3d:6e:f8:50:c9:15:f5:2a:64:cd:fa:22:6f:1d:ab:a7:83:
         74:15:f6:a7:c2:cf:a1:de:e3:f3:b0:01:66:68:c2:c1:cc:77:
         b8:dd:7e:e6:51:b6:aa:c5:d8:c8:b2:9a:44:0f:db:d9:23:b6:
         fd:c0:98:4d:58:f0:6d:85:51:1f:f8:93:55:b7:7a:fa:7e:f2:
         ff:22:0e:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVr3I+etQdQDdwv1yemaQVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZjZhM2RiN2ExNWFiNTdmYWJhYTZmZWNhMjg5ZTc1NTc3
MTViYWMwHhcNMjMwMTAxMDU0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGRjOWVlYTZiZDlmZTcxNGY4ZWRkNzlmZTkyMzk2YWQ5OTQ5YjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPPFBnVt8rGFIuwxNWunwgmPS1Kn
jMOE80WXle1fSWW6oA5WpSXJy/abri5VWFkXgVKO269QeNkJbFDhHJnxjEQ2OXv9
GJA+vx6QdrtoVpe+p8tGGAxZgzBckakzMKZy7sDEn86lhc9RVSYQmUBYIpxXMN3I
AzYXMbzr6pZoCAQcvp4Z8elJqC+eeKRolFUQlrNepliqqFufEmIrtNd70s9ivAxE
qpvKSQzKXbja+UM2FfV5YeLc2W8Dx6C8qDgtr9YKMI6thNVBkLSPkmfUu/20dIsd
wGXkO+UJNKhYiZG15hB9OFNHkAl2+2LiIYuNozd0iyJMTjYl4rstjlRdqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3cnupr2f5xT47def6SOWrZlJtCMB8GA1UdIwQY
MBaAFDv2o9t6FatX+rqm/soonnVXcVusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19hajIzb1ZxMWY2dXFiLXlpaWVkVmR4VzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kNjdmZTktZTE4Yy00MzUxLWEwYTAt
MWUzNThhZGUyNGZlLzEvcmR5ZTZtdlpfbkZQanQxNV9wSTVhdG1VbTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kNjdmZTktZTE4Yy00MzUxLWEwYTAtMWUzNThhZGUyNGZl
LzEvT19hajIzb1ZxMWY2dXFiLXlpaWVkVmR4VzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQDMA0G
CSqGSIb3DQEBCwUAA4IBAQCD21/8GjJR/5CRPBO+JWbr+Bl0vByPD+VM6PW2aARk
jq/9eiZrbwtwXmGMfU/Wcv1MFM1+olfQs+69nf9+wQM7wpnAxLZr3F3qeGw5wm5J
OHoCQAZFdjYG7QhpUcDex3FmHQRWPazQohKTtuo0r1VH+PvcTsx++qWrXzQQzbnG
kPQ7kV6gC+ZnaKDJToe8WEBTxAUOV9t3Y/EMNbjmXzU2lXZmAe1ndYzOMqtvb9lV
nQBes80TPW74UMkV9Spkzfoibx2rp4N0Ffanws+h3uPzsAFmaMLBzHe43X7mUbaq
xdjIsppED9vZI7b9wJhNWPBthVEf+JNVt3r6fvL/Ig5D
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:39 2024 by rpki-client on console-ams.rpki-client.org