Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/13d7ec-cb9d-4751-9aab-66e84864b171/1/40dwGCb7AtYPLD9hdG-kERrjnA0.roa
File:                     40dwGCb7AtYPLD9hdG-kERrjnA0.roa (raw, json)
Hash identifier:          zvMjWmKID2g52d9K8b/Z6ERN2xjoMMSdSVJA81i9kug=
Subject key identifier:   E3:47:70:18:26:FB:02:D6:0F:2C:3F:61:74:6F:A4:11:1A:E3:9C:0D
Certificate issuer:       /CN=9b96e5ed7cef7b59546f02404c457dee04bf00f8
Certificate serial:       07552A64
Authority key identifier: 9B:96:E5:ED:7C:EF:7B:59:54:6F:02:40:4C:45:7D:EE:04:BF:00:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m5bl7Xzve1lUbwJATEV97gS_APg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/13d7ec-cb9d-4751-9aab-66e84864b171/1/40dwGCb7AtYPLD9hdG-kERrjnA0.roa
Signing time:             Sat 01 Jan 2022 09:02:09 +0000
ROA not before:           Sat 01 Jan 2022 09:02:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41230
IP address blocks:        45.154.248.0/22 maxlen: 22
                          2a0f:dd00::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 123021924 (0x7552a64)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b96e5ed7cef7b59546f02404c457dee04bf00f8
        Validity
            Not Before: Jan  1 09:02:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e347701826fb02d60f2c3f61746fa4111ae39c0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d0:85:38:93:9d:e0:4e:db:2d:71:75:41:c3:
                    fb:71:4c:3c:f8:27:1b:2f:87:5e:2e:7d:21:e5:37:
                    3b:42:15:9b:a8:3a:50:25:36:e8:fe:c0:61:f6:05:
                    fc:a4:a7:29:43:3b:5a:f4:48:c5:3b:f5:91:dd:44:
                    2d:42:f2:a6:dd:83:41:9a:c7:cd:87:92:74:12:c4:
                    27:6e:a2:3d:8b:fc:43:94:f2:7f:b9:66:bf:67:e7:
                    59:07:1a:f9:97:f3:ef:17:aa:21:14:a0:4a:9a:bc:
                    1e:a5:0c:7b:9a:e9:6f:bb:ff:9a:6f:e5:fa:f4:c7:
                    25:2f:11:78:33:ec:92:5c:56:2e:62:c9:34:aa:3d:
                    ea:cd:19:b9:8d:53:88:f6:7c:5f:a0:0c:74:13:c8:
                    38:66:c6:99:7a:42:e3:d5:cc:64:10:76:c6:a3:93:
                    9d:50:ec:b6:90:13:9c:e1:e5:2e:37:04:83:c9:59:
                    78:ac:bd:26:5e:ec:a6:03:00:62:83:cf:f1:74:94:
                    db:af:a7:4a:c5:76:03:6d:45:ba:f4:aa:e1:46:57:
                    73:58:bb:84:f8:bf:7e:b6:d2:70:fd:cd:78:cf:ad:
                    00:37:98:f3:07:fb:82:eb:62:2f:95:9c:da:d8:4b:
                    b2:0e:4e:84:22:77:98:bc:e8:06:e2:3a:8c:77:d9:
                    fe:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:47:70:18:26:FB:02:D6:0F:2C:3F:61:74:6F:A4:11:1A:E3:9C:0D
            X509v3 Authority Key Identifier:
                keyid:9B:96:E5:ED:7C:EF:7B:59:54:6F:02:40:4C:45:7D:EE:04:BF:00:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m5bl7Xzve1lUbwJATEV97gS_APg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/13d7ec-cb9d-4751-9aab-66e84864b171/1/40dwGCb7AtYPLD9hdG-kERrjnA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/13d7ec-cb9d-4751-9aab-66e84864b171/1/m5bl7Xzve1lUbwJATEV97gS_APg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.248.0/22
                IPv6:
                  2a0f:dd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:d9:af:f4:c6:6f:30:97:97:3c:a3:e5:4a:f1:29:d4:d8:7d:
         e1:e4:08:e5:00:e5:ae:94:14:05:4f:a5:8b:89:d3:3e:af:e4:
         0b:c7:d6:1a:39:56:0c:56:35:c2:d5:cd:be:8d:c5:2c:f1:dc:
         38:15:a5:6a:e4:fb:20:cb:2b:f4:17:27:be:fb:e9:24:49:97:
         2a:6d:4d:22:f3:4e:1b:94:c8:19:71:38:71:6c:e4:b4:08:1f:
         a1:49:e0:b3:59:37:db:db:5d:7a:6d:c4:dc:f4:bd:55:3c:75:
         90:3e:69:91:85:2c:38:e8:34:68:d9:cb:e7:24:12:9c:d4:a6:
         4d:3b:97:51:72:0e:06:40:28:8e:57:bd:ed:73:b1:4d:4a:fa:
         9c:3a:2d:e7:c7:b3:be:bb:94:4e:b5:fc:df:59:08:bf:2a:5a:
         0f:ce:0d:af:45:03:0b:40:c4:12:4e:c6:be:33:75:c4:35:ad:
         fc:77:eb:12:c5:59:c7:9b:67:6d:57:34:9f:e7:84:ed:a1:56:
         90:c2:d0:ee:cb:4c:22:d3:f3:a3:ca:32:e4:43:2f:57:45:4c:
         a6:80:0f:df:b2:fd:ad:af:a3:dc:9b:43:ea:51:1a:eb:28:2f:
         23:29:55:30:ba:dd:11:c4:e8:4d:7b:f0:e7:cf:4d:9c:0c:0b:
         ad:ab:be:0e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB1UqZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
Yjk2ZTVlZDdjZWY3YjU5NTQ2ZjAyNDA0YzQ1N2RlZTA0YmYwMGY4MB4XDTIyMDEw
MTA5MDIwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTM0NzcwMTgyNmZi
MDJkNjBmMmMzZjYxNzQ2ZmE0MTExYWUzOWMwZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMHQhTiTneBO2y1xdUHD+3FMPPgnGy+HXi59IeU3O0IVm6g6
UCU26P7AYfYF/KSnKUM7WvRIxTv1kd1ELULypt2DQZrHzYeSdBLEJ26iPYv8Q5Ty
f7lmv2fnWQca+Zfz7xeqIRSgSpq8HqUMe5rpb7v/mm/l+vTHJS8ReDPsklxWLmLJ
NKo96s0ZuY1TiPZ8X6AMdBPIOGbGmXpC49XMZBB2xqOTnVDstpATnOHlLjcEg8lZ
eKy9Jl7spgMAYoPP8XSU26+nSsV2A21FuvSq4UZXc1i7hPi/frbScP3NeM+tADeY
8wf7gutiL5Wc2thLsg5OhCJ3mLzoBuI6jHfZ/j8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTjR3AYJvsC1g8sP2F0b6QRGuOcDTAfBgNVHSMEGDAWgBSbluXtfO97WVRv
AkBMRX3uBL8A+DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L201Ymw3WHp2ZTFsVWJ3SkFURVY5N2dTX0FQZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvMTNkN2VjLWNiOWQtNDc1MS05YWFiLTY2ZTg0ODY0YjE3MS8x
LzQwZHdHQ2I3QXRZUExEOWhkRy1rRVJyam5BMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
MTNkN2VjLWNiOWQtNDc1MS05YWFiLTY2ZTg0ODY0YjE3MS8xL201Ymw3WHp2ZTFs
VWJ3SkFURVY5N2dTX0FQZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi2a+DANBAIAAjAHAwUDKg/dADAN
BgkqhkiG9w0BAQsFAAOCAQEAOdmv9MZvMJeXPKPlSvEp1Nh94eQI5QDlrpQUBU+l
i4nTPq/kC8fWGjlWDFY1wtXNvo3FLPHcOBWlauT7IMsr9BcnvvvpJEmXKm1NIvNO
G5TIGXE4cWzktAgfoUngs1k329tdem3E3PS9VTx1kD5pkYUsOOg0aNnL5yQSnNSm
TTuXUXIOBkAojle97XOxTUr6nDot58ezvruUTrX831kIvypaD84Nr0UDC0DEEk7G
vjN1xDWt/HfrEsVZx5tnbVc0n+eE7aFWkMLQ7stMItPzo8oy5EMvV0VMpoAP37L9
ra+j3JtD6lEa6ygvIylVMLrdEcToTXvw589NnAwLrau+Dg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:19 2024 by rpki-client on console-ams.rpki-client.org