Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/rskxL9iKgfAu_t9dQnh1-1eZheI.roa
File:                     rskxL9iKgfAu_t9dQnh1-1eZheI.roa (raw, json)
Hash identifier:          O2FA82FYC+HF/1HjjWp+gr8Q7qQJjdhNrn9CyWCaFzE=
Subject key identifier:   AE:C9:31:2F:D8:8A:81:F0:2E:FE:DF:5D:42:78:75:FB:57:99:85:E2
Certificate issuer:       /CN=33918ec7f02cacafe26546be1e1980f9c3a3e890
Certificate serial:       01856DCAE34FDFB916DF9B7995F0CCAD5156
Authority key identifier: 33:91:8E:C7:F0:2C:AC:AF:E2:65:46:BE:1E:19:80:F9:C3:A3:E8:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M5GOx_AsrK_iZUa-HhmA-cOj6JA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/rskxL9iKgfAu_t9dQnh1-1eZheI.roa
Signing time:             Sun 01 Jan 2023 14:44:51 +0000
ROA not before:           Sun 01 Jan 2023 14:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3356
IP address blocks:        45.15.42.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:e3:4f:df:b9:16:df:9b:79:95:f0:cc:ad:51:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33918ec7f02cacafe26546be1e1980f9c3a3e890
        Validity
            Not Before: Jan  1 14:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aec9312fd88a81f02efedf5d427875fb579985e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:40:14:04:09:ed:6e:c4:5a:fb:26:7f:1c:43:
                    15:c8:47:9c:83:c6:ee:6d:14:59:19:75:82:9d:8e:
                    d1:b2:58:93:db:42:aa:81:28:d3:60:da:1e:28:fe:
                    a4:29:bc:95:23:b3:36:d7:d5:92:55:58:05:56:08:
                    f3:09:23:6e:25:bc:1d:ca:f7:91:7a:7e:bf:91:4c:
                    79:03:e4:1d:ce:9f:bd:65:38:29:b3:aa:cc:cb:9d:
                    51:19:f0:00:65:76:b2:d4:61:f3:9e:c8:50:b4:97:
                    8b:6b:25:3b:66:24:bb:ff:83:8d:6c:f7:e8:a2:51:
                    df:90:90:d0:c7:1d:7c:07:c4:ea:3a:ec:23:b7:bb:
                    34:cd:35:66:c0:f5:d3:6c:28:bb:70:19:e6:23:09:
                    78:8c:08:2f:bf:9b:62:51:12:84:37:c9:ea:d3:cd:
                    a7:ca:76:4f:dd:f0:c2:41:5f:42:31:f1:ee:f0:ce:
                    6f:8a:c9:52:79:6c:4e:98:ca:79:86:12:08:8d:f0:
                    4d:c8:24:c5:5e:37:ab:06:93:79:ec:86:82:5e:b5:
                    5b:fc:85:38:d3:5c:b5:d5:30:04:a2:49:95:3e:60:
                    ba:d8:0e:d1:3a:87:70:d9:b2:00:9e:f7:6d:50:2c:
                    5c:c1:64:9d:8b:9f:db:6b:7a:af:47:33:bc:0a:8c:
                    24:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C9:31:2F:D8:8A:81:F0:2E:FE:DF:5D:42:78:75:FB:57:99:85:E2
            X509v3 Authority Key Identifier:
                keyid:33:91:8E:C7:F0:2C:AC:AF:E2:65:46:BE:1E:19:80:F9:C3:A3:E8:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M5GOx_AsrK_iZUa-HhmA-cOj6JA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/rskxL9iKgfAu_t9dQnh1-1eZheI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/M5GOx_AsrK_iZUa-HhmA-cOj6JA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:b7:f8:b2:f9:cf:ff:95:5f:e8:e4:0b:d8:d7:51:da:e3:df:
         ce:ec:ef:51:83:14:cd:18:e5:ab:d7:9d:3d:af:a7:e2:fc:be:
         43:e4:2d:d1:70:7f:24:91:8f:d6:9a:8a:27:41:9d:e5:6a:34:
         62:11:29:ff:c9:fb:e0:48:f8:d8:54:e6:41:7a:cb:a1:6e:ca:
         8f:81:69:4c:ed:81:b9:61:de:ea:23:88:e1:1a:fd:bd:42:8c:
         1e:a0:86:af:42:d3:f7:df:c0:6a:dd:23:65:dd:90:84:df:fd:
         f3:45:96:3a:ac:c9:b8:1c:1b:bc:10:6a:5c:bf:9f:93:ae:f3:
         8d:49:54:33:af:b7:3e:99:51:e1:13:0d:cb:f3:43:e4:8c:f2:
         3c:87:fe:33:d8:c2:f0:b5:69:72:c4:18:fd:d0:1a:0d:7b:f9:
         44:96:2c:eb:00:e5:ef:ea:58:a3:0f:d6:c6:40:2b:ad:e8:63:
         0e:16:18:3c:b9:13:e2:e0:b6:33:cc:4c:ca:04:2f:56:95:a9:
         e6:58:97:64:73:e5:1c:db:e5:a4:cd:3e:45:ff:b9:6e:e5:cb:
         0f:09:5b:4f:e3:8e:e3:ec:f9:96:04:64:d4:cc:3d:19:94:2b:
         cb:ac:f0:24:94:78:03:88:28:52:fa:09:a1:86:e7:a6:70:cd:
         5c:a2:22:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtyuNP37kW35t5lfDMrVFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOTE4ZWM3ZjAyY2FjYWZlMjY1NDZiZTFlMTk4MGY5YzNh
M2U4OTAwHhcNMjMwMTAxMTQ0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWM5MzEyZmQ4OGE4MWYwMmVmZWRmNWQ0Mjc4NzVmYjU3OTk4NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0AUBAntbsRa+yZ/HEMVyEecg8bu
bRRZGXWCnY7RsliT20KqgSjTYNoeKP6kKbyVI7M219WSVVgFVgjzCSNuJbwdyveR
en6/kUx5A+Qdzp+9ZTgps6rMy51RGfAAZXay1GHznshQtJeLayU7ZiS7/4ONbPfo
olHfkJDQxx18B8TqOuwjt7s0zTVmwPXTbCi7cBnmIwl4jAgvv5tiURKEN8nq082n
ynZP3fDCQV9CMfHu8M5vislSeWxOmMp5hhIIjfBNyCTFXjerBpN57IaCXrVb/IU4
01y11TAEokmVPmC62A7ROodw2bIAnvdtUCxcwWSdi5/ba3qvRzO8Cowk2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7JMS/YioHwLv7fXUJ4dftXmYXiMB8GA1UdIwQY
MBaAFDORjsfwLKyv4mVGvh4ZgPnDo+iQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTVHT3hfQXNyS19pWlVhLUhobUEtY09qNkpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9kMzFlODUtMjc4Ni00ZDkxLWE2OWEt
M2Y1MzU1MDkyYWVjLzEvcnNreEw5aUtnZkF1X3Q5ZFFuaDEtMWVaaGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9kMzFlODUtMjc4Ni00ZDkxLWE2OWEtM2Y1MzU1MDkyYWVj
LzEvTTVHT3hfQXNyS19pWlVhLUhobUEtY09qNkpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8qMA0G
CSqGSIb3DQEBCwUAA4IBAQCvt/iy+c//lV/o5AvY11Ha49/O7O9RgxTNGOWr1509
r6fi/L5D5C3RcH8kkY/WmoonQZ3lajRiESn/yfvgSPjYVOZBesuhbsqPgWlM7YG5
Yd7qI4jhGv29QoweoIavQtP338Bq3SNl3ZCE3/3zRZY6rMm4HBu8EGpcv5+TrvON
SVQzr7c+mVHhEw3L80PkjPI8h/4z2MLwtWlyxBj90BoNe/lElizrAOXv6lijD9bG
QCut6GMOFhg8uRPi4LYzzEzKBC9WlanmWJdkc+Uc2+WkzT5F/7lu5csPCVtP447j
7PmWBGTUzD0ZlCvLrPAklHgDiChS+gmhhuemcM1coiJ9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:38 2024 by rpki-client on console-ams.rpki-client.org