Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/47ada5-183f-446d-b705-023f2be5daa4/1/40cOOIZNV59j4m-TZTdMCH-2QFg.roa
File:                     40cOOIZNV59j4m-TZTdMCH-2QFg.roa (raw, json)
Hash identifier:          aUpTCMVRzPWGpCSettG5L8iDbCOlK5heh4kepTXpnuA=
Subject key identifier:   E3:47:0E:38:86:4D:57:9F:63:E2:6F:93:65:37:4C:08:7F:B6:40:58
Certificate issuer:       /CN=fdf4b621eeb739d24fc92ad78d2776da7b870027
Certificate serial:       01889E803551DB15A1A0E1B870B82780CE6D
Authority key identifier: FD:F4:B6:21:EE:B7:39:D2:4F:C9:2A:D7:8D:27:76:DA:7B:87:00:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_fS2Ie63OdJPySrXjSd22nuHACc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/47ada5-183f-446d-b705-023f2be5daa4/1/40cOOIZNV59j4m-TZTdMCH-2QFg.roa
Signing time:             Fri 09 Jun 2023 04:53:02 +0000
ROA not before:           Fri 09 Jun 2023 04:53:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        188.95.70.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9e:80:35:51:db:15:a1:a0:e1:b8:70:b8:27:80:ce:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdf4b621eeb739d24fc92ad78d2776da7b870027
        Validity
            Not Before: Jun  9 04:53:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e3470e38864d579f63e26f9365374c087fb64058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6b:f6:1b:ad:a5:7e:bf:31:9a:ab:c9:78:a3:
                    ad:cd:df:57:76:5f:41:1d:aa:ed:40:13:29:92:4c:
                    ad:cb:e4:45:72:72:1a:06:9c:1a:09:b1:68:eb:df:
                    28:c9:38:21:52:c7:d9:4e:4c:76:d4:1b:65:71:8c:
                    1d:67:33:e5:6a:88:9f:ca:65:dd:b7:59:76:fd:b1:
                    78:2e:1d:20:44:1c:dd:04:02:16:60:cb:bc:c5:56:
                    dd:83:21:a5:bb:af:b1:2f:90:79:c2:2c:1d:a0:6a:
                    9a:d0:d9:56:bc:01:02:15:1b:8e:42:26:8d:99:f5:
                    bb:ad:b0:94:13:18:36:d6:06:fd:20:cc:40:e6:53:
                    f9:3e:e1:fe:d4:de:46:d9:1a:ad:f6:d9:3b:8f:b7:
                    03:b8:d4:81:2b:7a:03:ba:db:7f:81:36:b7:c5:bb:
                    fe:ca:d1:3a:0e:f4:49:0a:b1:79:ff:50:5a:4d:69:
                    88:1e:ed:5b:b5:9f:06:3c:21:6f:5d:33:18:d0:bd:
                    c8:94:d9:9d:62:d2:73:23:08:d6:f9:48:7b:28:26:
                    e6:1a:2b:9f:15:d8:1f:f8:e2:27:81:8a:da:b8:a3:
                    35:98:33:0d:4e:7e:5c:8f:31:23:ae:25:31:a6:1a:
                    0c:a3:ed:50:28:74:91:6d:bb:a7:00:3a:4a:ac:e4:
                    a4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:47:0E:38:86:4D:57:9F:63:E2:6F:93:65:37:4C:08:7F:B6:40:58
            X509v3 Authority Key Identifier:
                keyid:FD:F4:B6:21:EE:B7:39:D2:4F:C9:2A:D7:8D:27:76:DA:7B:87:00:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_fS2Ie63OdJPySrXjSd22nuHACc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/47ada5-183f-446d-b705-023f2be5daa4/1/40cOOIZNV59j4m-TZTdMCH-2QFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/47ada5-183f-446d-b705-023f2be5daa4/1/_fS2Ie63OdJPySrXjSd22nuHACc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ce:c5:71:9c:81:2d:6d:23:12:6d:11:da:d2:69:07:94:c6:
         dc:0c:c8:b0:fc:eb:6a:a1:6c:c9:68:c1:5f:2f:bd:8b:da:ef:
         92:52:a4:e3:70:e0:2e:ec:f4:38:f9:15:63:8d:3f:96:05:2d:
         c9:70:3d:51:31:43:dc:18:26:92:c5:59:dd:fe:9f:bb:b1:50:
         5c:62:66:30:75:db:42:90:9b:56:32:8c:43:c2:2f:43:73:25:
         da:98:57:4b:82:d0:25:2d:b5:7a:46:08:28:9e:80:ba:5c:62:
         96:e1:6a:87:74:0f:a8:bf:0d:93:a6:a5:5d:0a:91:eb:45:29:
         24:6d:50:4f:78:25:f9:56:d3:0d:2d:99:f6:97:63:f3:30:a5:
         15:f3:1d:1c:6c:bd:90:57:bc:66:b9:8f:04:63:cf:ef:04:49:
         f3:dd:e7:9a:ec:4a:7d:cc:56:30:8b:c5:5d:e3:23:73:d0:e4:
         7b:12:49:28:eb:15:5c:c1:bd:e3:1d:55:33:98:15:14:6c:f9:
         92:34:68:c5:32:d7:36:fa:2a:45:d4:1d:b1:f6:95:8a:4f:55:
         58:e8:2f:d3:db:7f:76:89:fb:cf:a6:4f:6d:7e:79:b9:32:b8:
         3d:e8:31:0a:f8:6c:14:52:dd:40:6c:00:ed:b0:52:cf:85:92:
         45:67:73:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYiegDVR2xWhoOG4cLgngM5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZjRiNjIxZWViNzM5ZDI0ZmM5MmFkNzhkMjc3NmRhN2I4
NzAwMjcwHhcNMjMwNjA5MDQ1MzAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQ3MGUzODg2NGQ1NzlmNjNlMjZmOTM2NTM3NGMwODdmYjY0MDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2v2G62lfr8xmqvJeKOtzd9Xdl9B
HartQBMpkkyty+RFcnIaBpwaCbFo698oyTghUsfZTkx21BtlcYwdZzPlaoifymXd
t1l2/bF4Lh0gRBzdBAIWYMu8xVbdgyGlu6+xL5B5wiwdoGqa0NlWvAECFRuOQiaN
mfW7rbCUExg21gb9IMxA5lP5PuH+1N5G2Rqt9tk7j7cDuNSBK3oDutt/gTa3xbv+
ytE6DvRJCrF5/1BaTWmIHu1btZ8GPCFvXTMY0L3IlNmdYtJzIwjW+Uh7KCbmGiuf
Fdgf+OIngYrauKM1mDMNTn5cjzEjriUxphoMo+1QKHSRbbunADpKrOSkdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONHDjiGTVefY+Jvk2U3TAh/tkBYMB8GA1UdIwQY
MBaAFP30tiHutznST8kq140ndtp7hwAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2ZTMkllNjNPZEpQeVNyWGpTZDIybnVIQUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy80N2FkYTUtMTgzZi00NDZkLWI3MDUt
MDIzZjJiZTVkYWE0LzEvNDBjT09JWk5WNTlqNG0tVFpUZE1DSC0yUUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy80N2FkYTUtMTgzZi00NDZkLWI3MDUtMDIzZjJiZTVkYWE0
LzEvX2ZTMkllNjNPZEpQeVNyWGpTZDIybnVIQUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9GMA0G
CSqGSIb3DQEBCwUAA4IBAQAhzsVxnIEtbSMSbRHa0mkHlMbcDMiw/OtqoWzJaMFf
L72L2u+SUqTjcOAu7PQ4+RVjjT+WBS3JcD1RMUPcGCaSxVnd/p+7sVBcYmYwddtC
kJtWMoxDwi9DcyXamFdLgtAlLbV6RggonoC6XGKW4WqHdA+ovw2TpqVdCpHrRSkk
bVBPeCX5VtMNLZn2l2PzMKUV8x0cbL2QV7xmuY8EY8/vBEnz3eea7Ep9zFYwi8Vd
4yNz0OR7Ekko6xVcwb3jHVUzmBUUbPmSNGjFMtc2+ipF1B2x9pWKT1VY6C/T2392
ifvPpk9tfnm5Mrg96DEK+GwUUt1AbADtsFLPhZJFZ3MN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:11 2024 by rpki-client on console-ams.rpki-client.org