Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/f61617-ef2e-4831-be5a-882856677eba/1/yu8CNtYpUZgJtRLdKi3Cm_rsVjw.roa
File:                     yu8CNtYpUZgJtRLdKi3Cm_rsVjw.roa (raw, json)
Hash identifier:          byhxs9kacYDa7PcNOS261KlkW3L9x041jDAxJmRkSic=
Subject key identifier:   CA:EF:02:36:D6:29:51:98:09:B5:12:DD:2A:2D:C2:9B:FA:EC:56:3C
Certificate issuer:       /CN=78f8e246cfc2f7e17d270879ab93b3de870cdf56
Certificate serial:       018572B42E0F161604A10CF2165163030509
Authority key identifier: 78:F8:E2:46:CF:C2:F7:E1:7D:27:08:79:AB:93:B3:DE:87:0C:DF:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ePjiRs_C9-F9Jwh5q5Oz3ocM31Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/f61617-ef2e-4831-be5a-882856677eba/1/yu8CNtYpUZgJtRLdKi3Cm_rsVjw.roa
Signing time:             Mon 02 Jan 2023 13:38:08 +0000
ROA not before:           Mon 02 Jan 2023 13:38:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        91.242.251.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:b4:2e:0f:16:16:04:a1:0c:f2:16:51:63:03:05:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78f8e246cfc2f7e17d270879ab93b3de870cdf56
        Validity
            Not Before: Jan  2 13:38:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=caef0236d629519809b512dd2a2dc29bfaec563c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:38:36:aa:07:d2:23:ab:8c:9f:29:22:8c:30:
                    d4:38:3e:25:40:42:0c:03:ca:d8:bb:bf:be:17:67:
                    42:e9:43:82:41:c8:73:ce:2b:b4:1b:ee:dc:ef:98:
                    d0:6e:f9:17:a2:44:c6:55:68:6b:d7:d1:9a:4c:68:
                    60:7f:44:44:06:be:da:60:57:fa:8e:43:6d:52:72:
                    ad:34:46:c1:da:5b:31:e3:75:10:79:2d:ea:3a:cf:
                    f6:d1:6b:8a:34:16:a1:8d:88:43:16:af:03:ea:4b:
                    2a:29:79:9e:2f:41:17:50:ca:28:03:82:a8:a6:28:
                    6a:6c:aa:ff:0f:a2:c4:09:1e:02:e5:43:a9:29:41:
                    96:23:0a:7c:22:f7:ea:43:d0:46:f1:fe:7f:3a:04:
                    ad:d8:6b:bd:4e:0a:d2:f3:96:aa:5b:ba:93:fd:fd:
                    e9:f6:2d:65:d5:08:c7:02:ae:f7:98:12:14:10:a9:
                    a1:42:38:9c:0d:64:81:c1:f7:a0:44:38:e9:98:7b:
                    92:a7:c7:d4:82:87:98:3c:d1:d6:80:f6:6a:3c:de:
                    df:62:65:81:2d:27:f5:12:dc:ab:34:e7:ca:b5:f3:
                    06:6f:9d:ca:6d:51:b0:36:c2:e9:9e:39:fe:ac:dc:
                    d4:36:3c:20:b5:39:5c:11:eb:1e:99:88:49:82:76:
                    f2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EF:02:36:D6:29:51:98:09:B5:12:DD:2A:2D:C2:9B:FA:EC:56:3C
            X509v3 Authority Key Identifier:
                keyid:78:F8:E2:46:CF:C2:F7:E1:7D:27:08:79:AB:93:B3:DE:87:0C:DF:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ePjiRs_C9-F9Jwh5q5Oz3ocM31Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f61617-ef2e-4831-be5a-882856677eba/1/yu8CNtYpUZgJtRLdKi3Cm_rsVjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f61617-ef2e-4831-be5a-882856677eba/1/ePjiRs_C9-F9Jwh5q5Oz3ocM31Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:40:04:3a:d6:85:cf:6a:79:18:9e:f1:c5:83:0e:dd:d6:4b:
         cb:2f:07:e1:26:ee:01:68:d6:38:25:e0:a1:c7:05:d2:4e:16:
         a2:47:7b:ca:a6:e0:ed:1a:a6:62:6e:11:06:f5:40:3e:24:cc:
         cd:23:ed:3e:c8:33:45:34:b8:02:ec:4c:68:0f:63:22:30:8f:
         0a:62:8f:2a:d3:7e:a5:5d:85:ac:83:c2:33:4d:e1:57:83:a2:
         03:d6:bf:2f:a2:b0:70:86:6d:d8:c2:8d:0d:91:88:19:1b:3f:
         9c:f4:82:f8:db:ad:00:a7:b7:56:5e:9c:68:a3:c4:56:34:97:
         53:f6:7c:c4:07:87:37:fd:5f:c6:fa:41:19:14:09:4b:25:31:
         92:c7:d3:fa:14:28:9d:25:58:62:48:ca:f9:a6:5f:ff:01:92:
         19:6a:7c:cc:b9:0e:65:95:5b:9a:88:61:67:f9:08:6e:bc:33:
         a4:92:70:2d:21:12:9b:6e:b7:b5:e8:c1:4a:62:f7:be:32:04:
         49:cd:a5:7f:d8:ea:97:13:89:81:ac:d7:22:dd:62:df:cb:05:
         70:ee:78:7a:81:6a:9e:83:18:8a:60:48:37:9c:75:fa:06:17:
         77:c6:2d:23:6d:73:10:7a:d3:fc:9c:d6:ba:a7:ec:bc:a7:b8:
         d5:4b:e1:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVytC4PFhYEoQzyFlFjAwUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZjhlMjQ2Y2ZjMmY3ZTE3ZDI3MDg3OWFiOTNiM2RlODcw
Y2RmNTYwHhcNMjMwMTAyMTMzODA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVmMDIzNmQ2Mjk1MTk4MDliNTEyZGQyYTJkYzI5YmZhZWM1NjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDg2qgfSI6uMnykijDDUOD4lQEIM
A8rYu7++F2dC6UOCQchzziu0G+7c75jQbvkXokTGVWhr19GaTGhgf0REBr7aYFf6
jkNtUnKtNEbB2lsx43UQeS3qOs/20WuKNBahjYhDFq8D6ksqKXmeL0EXUMooA4Ko
pihqbKr/D6LECR4C5UOpKUGWIwp8IvfqQ9BG8f5/OgSt2Gu9TgrS85aqW7qT/f3p
9i1l1QjHAq73mBIUEKmhQjicDWSBwfegRDjpmHuSp8fUgoeYPNHWgPZqPN7fYmWB
LSf1EtyrNOfKtfMGb53KbVGwNsLpnjn+rNzUNjwgtTlcEesemYhJgnbyNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrvAjbWKVGYCbUS3Sotwpv67FY8MB8GA1UdIwQY
MBaAFHj44kbPwvfhfScIeauTs96HDN9WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVBqaVJzX0M5LUY5SndoNXE1T3ozb2NNMzFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9mNjE2MTctZWYyZS00ODMxLWJlNWEt
ODgyODU2Njc3ZWJhLzEveXU4Q050WXBVWmdKdFJMZEtpM0NtX3JzVmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9mNjE2MTctZWYyZS00ODMxLWJlNWEtODgyODU2Njc3ZWJh
LzEvZVBqaVJzX0M5LUY5SndoNXE1T3ozb2NNMzFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/L7MA0G
CSqGSIb3DQEBCwUAA4IBAQA4QAQ61oXPankYnvHFgw7d1kvLLwfhJu4BaNY4JeCh
xwXSThaiR3vKpuDtGqZibhEG9UA+JMzNI+0+yDNFNLgC7ExoD2MiMI8KYo8q036l
XYWsg8IzTeFXg6ID1r8vorBwhm3Ywo0NkYgZGz+c9IL4260Ap7dWXpxoo8RWNJdT
9nzEB4c3/V/G+kEZFAlLJTGSx9P6FCidJVhiSMr5pl//AZIZanzMuQ5llVuaiGFn
+QhuvDOkknAtIRKbbre16MFKYve+MgRJzaV/2OqXE4mBrNci3WLfywVw7nh6gWqe
gxiKYEg3nHX6Bhd3xi0jbXMQetP8nNa6p+y8p7jVS+GW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:54 2024 by rpki-client on console-fra.rpki-client.org