Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/thK6Hpd1rWBAaw3JjRIVjy4wZ_s.roa
File:                     thK6Hpd1rWBAaw3JjRIVjy4wZ_s.roa (raw, json)
Hash identifier:          yZFZ2VbiR5QWjwUMKQOrWhw841oRZbuIkYt0tcGQ6AA=
Subject key identifier:   B6:12:BA:1E:97:75:AD:60:40:6B:0D:C9:8D:12:15:8F:2E:30:67:FB
Certificate issuer:       /CN=33918ec7f02cacafe26546be1e1980f9c3a3e890
Certificate serial:       01856DCAE453A03211B72393764D39243B15
Authority key identifier: 33:91:8E:C7:F0:2C:AC:AF:E2:65:46:BE:1E:19:80:F9:C3:A3:E8:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M5GOx_AsrK_iZUa-HhmA-cOj6JA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/thK6Hpd1rWBAaw3JjRIVjy4wZ_s.roa
Signing time:             Sun 01 Jan 2023 14:44:51 +0000
ROA not before:           Sun 01 Jan 2023 14:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        45.15.42.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:e4:53:a0:32:11:b7:23:93:76:4d:39:24:3b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33918ec7f02cacafe26546be1e1980f9c3a3e890
        Validity
            Not Before: Jan  1 14:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b612ba1e9775ad60406b0dc98d12158f2e3067fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b8:56:5a:89:d5:42:1a:38:78:91:a9:2c:e6:
                    6c:04:ad:f0:13:9c:09:fb:ea:c4:28:ef:c6:ba:58:
                    c5:75:5b:17:9e:11:78:ef:35:3a:16:81:7d:fb:2c:
                    17:76:d8:ca:b9:11:29:e3:7b:03:76:fd:89:9f:fd:
                    ba:db:06:b6:50:9e:ce:31:76:48:9e:b9:b3:13:1e:
                    b7:eb:02:9a:ac:19:38:d4:83:0a:ad:25:09:69:65:
                    f9:48:44:34:61:cc:73:c2:c2:53:ec:0d:84:f6:5e:
                    91:4a:91:67:b3:0a:61:29:16:fe:4b:e9:46:41:12:
                    be:d5:98:7d:41:2c:72:21:4b:5c:04:05:2c:e6:2f:
                    d4:e4:db:20:de:de:2c:47:d1:11:78:c3:f6:28:34:
                    d2:0e:e6:99:ac:60:94:39:a8:3d:16:af:2a:05:3f:
                    dc:0b:d8:96:a5:f8:6d:ef:45:d8:1c:b2:90:ab:84:
                    9f:e5:cf:be:e8:0a:0d:3d:bc:b1:dc:32:ec:a9:5e:
                    e3:a8:b6:b2:2b:4c:18:f4:53:49:9c:46:7f:6c:fd:
                    7e:f4:5a:10:6e:3e:45:f5:9f:2a:ac:c0:18:76:7a:
                    e9:c4:9e:2a:bc:1d:6e:82:f6:91:43:de:c8:64:58:
                    aa:aa:2e:e8:da:a0:8f:2a:ac:85:bc:8f:64:5e:e6:
                    39:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:12:BA:1E:97:75:AD:60:40:6B:0D:C9:8D:12:15:8F:2E:30:67:FB
            X509v3 Authority Key Identifier:
                keyid:33:91:8E:C7:F0:2C:AC:AF:E2:65:46:BE:1E:19:80:F9:C3:A3:E8:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M5GOx_AsrK_iZUa-HhmA-cOj6JA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/thK6Hpd1rWBAaw3JjRIVjy4wZ_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/d31e85-2786-4d91-a69a-3f5355092aec/1/M5GOx_AsrK_iZUa-HhmA-cOj6JA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:28:5c:d3:64:73:bf:e9:83:bd:db:4f:03:c5:1d:22:56:ea:
         85:da:27:6a:44:2e:aa:1f:ec:97:27:ec:e9:6d:09:22:aa:22:
         90:9c:86:3e:91:de:cd:a2:46:db:b1:56:fd:04:a2:ad:14:de:
         56:1e:57:76:0f:03:71:bf:72:18:a1:09:e6:9a:31:02:2d:69:
         11:bf:6c:36:b1:35:d8:a0:66:4f:b5:d0:2c:53:62:eb:1f:0c:
         cd:3a:db:39:a7:83:3c:d8:9b:c6:39:b0:e1:35:95:a2:4d:08:
         e5:4f:ef:20:da:cf:58:a9:e2:02:06:7a:ec:dd:da:e6:5f:ab:
         ff:c0:1a:10:96:2b:0b:e4:53:26:24:e6:d7:29:73:b9:18:ad:
         f5:b2:3f:73:41:14:22:20:ff:1a:81:1e:57:9b:9e:a8:e7:5f:
         31:86:cc:66:ca:56:c8:ac:7e:3f:85:ee:41:4c:81:0e:6e:9e:
         70:32:f4:9b:ac:19:9b:fd:5a:3c:b7:3b:03:88:a7:24:70:60:
         e2:9c:dd:ed:9a:2a:70:1d:e5:ba:ea:89:a3:ba:46:1f:c1:c7:
         c5:e4:81:5b:01:c2:18:99:4a:6d:b6:dc:f8:4d:cf:ee:59:f8:
         8b:95:1c:ec:ea:29:c6:36:a2:c2:aa:2d:92:8f:c6:ea:37:bc:
         08:ad:c5:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtyuRToDIRtyOTdk05JDsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOTE4ZWM3ZjAyY2FjYWZlMjY1NDZiZTFlMTk4MGY5YzNh
M2U4OTAwHhcNMjMwMTAxMTQ0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjEyYmExZTk3NzVhZDYwNDA2YjBkYzk4ZDEyMTU4ZjJlMzA2N2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbhWWonVQho4eJGpLOZsBK3wE5wJ
++rEKO/GuljFdVsXnhF47zU6FoF9+ywXdtjKuREp43sDdv2Jn/262wa2UJ7OMXZI
nrmzEx636wKarBk41IMKrSUJaWX5SEQ0YcxzwsJT7A2E9l6RSpFnswphKRb+S+lG
QRK+1Zh9QSxyIUtcBAUs5i/U5Nsg3t4sR9EReMP2KDTSDuaZrGCUOag9Fq8qBT/c
C9iWpfht70XYHLKQq4Sf5c++6AoNPbyx3DLsqV7jqLayK0wY9FNJnEZ/bP1+9FoQ
bj5F9Z8qrMAYdnrpxJ4qvB1ugvaRQ97IZFiqqi7o2qCPKqyFvI9kXuY59wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYSuh6Xda1gQGsNyY0SFY8uMGf7MB8GA1UdIwQY
MBaAFDORjsfwLKyv4mVGvh4ZgPnDo+iQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTVHT3hfQXNyS19pWlVhLUhobUEtY09qNkpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9kMzFlODUtMjc4Ni00ZDkxLWE2OWEt
M2Y1MzU1MDkyYWVjLzEvdGhLNkhwZDFyV0JBYXczSmpSSVZqeTR3Wl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9kMzFlODUtMjc4Ni00ZDkxLWE2OWEtM2Y1MzU1MDkyYWVj
LzEvTTVHT3hfQXNyS19pWlVhLUhobUEtY09qNkpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8qMA0G
CSqGSIb3DQEBCwUAA4IBAQCuKFzTZHO/6YO9208DxR0iVuqF2idqRC6qH+yXJ+zp
bQkiqiKQnIY+kd7NokbbsVb9BKKtFN5WHld2DwNxv3IYoQnmmjECLWkRv2w2sTXY
oGZPtdAsU2LrHwzNOts5p4M82JvGObDhNZWiTQjlT+8g2s9YqeICBnrs3drmX6v/
wBoQlisL5FMmJObXKXO5GK31sj9zQRQiIP8agR5Xm56o518xhsxmylbIrH4/he5B
TIEObp5wMvSbrBmb/Vo8tzsDiKckcGDinN3tmipwHeW66omjukYfwcfF5IFbAcIY
mUptttz4Tc/uWfiLlRzs6inGNqLCqi2Sj8bqN7wIrcX0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:38 2024 by rpki-client on console-ams.rpki-client.org