Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/9a293d-ad72-4474-8522-6774df5011a5/1/klXo6SztuiKqRBqvAapa1uRaPLU.roa
File:                     klXo6SztuiKqRBqvAapa1uRaPLU.roa (raw, json)
Hash identifier:          pY8p0J1nYLeZlbZ/O+iMukvQ5gnY2P0eRvtNEnO/HvQ=
Subject key identifier:   92:55:E8:E9:2C:ED:BA:22:AA:44:1A:AF:01:AA:5A:D6:E4:5A:3C:B5
Certificate issuer:       /CN=3924e7ec3f43a911ab15963ae1304a9a2bfdd8b4
Certificate serial:       064DF9EC
Authority key identifier: 39:24:E7:EC:3F:43:A9:11:AB:15:96:3A:E1:30:4A:9A:2B:FD:D8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSTn7D9DqRGrFZY64TBKmiv92LQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/9a293d-ad72-4474-8522-6774df5011a5/1/klXo6SztuiKqRBqvAapa1uRaPLU.roa
Signing time:             Sat 01 Jan 2022 13:01:29 +0000
ROA not before:           Sat 01 Jan 2022 13:01:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        91.213.81.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 105773548 (0x64df9ec)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3924e7ec3f43a911ab15963ae1304a9a2bfdd8b4
        Validity
            Not Before: Jan  1 13:01:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9255e8e92cedba22aa441aaf01aa5ad6e45a3cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:05:0a:2f:27:66:e0:cc:ab:61:c0:5d:39:f6:
                    06:51:d7:42:c3:fe:c4:25:59:2b:b2:08:a3:25:c1:
                    00:2b:3a:c1:35:e8:ac:dc:73:15:2d:95:eb:b6:58:
                    c5:7f:20:ce:33:45:10:c5:7b:44:5a:48:0a:e0:14:
                    49:e9:70:f3:5f:a5:2e:57:01:b5:af:7b:59:ea:40:
                    f4:ea:2d:23:70:ed:19:9f:0a:04:a1:94:4d:84:00:
                    23:eb:ff:09:0a:11:63:6d:a1:b4:61:e7:45:14:b4:
                    93:0a:99:44:d5:ca:c1:90:8d:03:80:2a:12:48:68:
                    8a:d8:ab:dd:ec:d7:17:c5:a8:e8:40:77:15:76:23:
                    7d:88:9e:93:85:d2:83:ab:45:07:fc:c1:44:76:4a:
                    85:43:4e:1a:7f:e2:a6:5b:3f:5f:98:47:9f:0b:c4:
                    dc:20:e4:20:14:be:6f:eb:23:97:2f:6b:aa:23:6b:
                    99:16:68:b3:7b:c1:34:14:2c:ad:65:43:28:0c:da:
                    9b:98:cc:c4:18:11:36:b8:06:eb:6d:e7:fb:bb:f5:
                    d7:ca:99:f5:2c:c5:5b:63:b5:e2:2f:a2:4b:5c:5f:
                    93:df:57:80:3e:f1:cd:1f:78:18:a6:7f:9c:75:d5:
                    e7:20:fc:62:ba:4d:00:fb:29:33:24:b7:c7:a7:4d:
                    ea:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:55:E8:E9:2C:ED:BA:22:AA:44:1A:AF:01:AA:5A:D6:E4:5A:3C:B5
            X509v3 Authority Key Identifier:
                keyid:39:24:E7:EC:3F:43:A9:11:AB:15:96:3A:E1:30:4A:9A:2B:FD:D8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSTn7D9DqRGrFZY64TBKmiv92LQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9a293d-ad72-4474-8522-6774df5011a5/1/klXo6SztuiKqRBqvAapa1uRaPLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9a293d-ad72-4474-8522-6774df5011a5/1/OSTn7D9DqRGrFZY64TBKmiv92LQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a7:8e:50:b3:78:66:fb:85:d4:77:29:1a:17:97:43:5f:be:
         51:68:18:6e:df:c9:db:fc:09:2d:46:88:24:2f:5c:72:c6:e9:
         0e:35:d0:df:f2:54:ad:86:3f:ba:a2:1f:70:19:cb:6d:46:6e:
         0a:07:01:14:b1:f4:3d:a8:92:f1:80:73:d2:84:9d:7f:45:2b:
         88:6c:d1:da:b5:10:50:63:6a:63:3b:ff:57:d8:26:b8:19:aa:
         72:4f:6b:62:d6:c6:a5:6e:6c:07:60:82:a4:27:82:27:a8:7f:
         e6:ab:bd:e7:98:7b:c9:93:55:3c:61:6d:c8:03:ef:f2:21:a0:
         3c:17:58:d1:83:35:2b:20:92:02:04:ad:70:aa:48:ff:25:4d:
         8e:f3:92:ab:38:9c:97:3c:29:ed:9e:54:f8:85:ea:a3:f8:d9:
         6c:b3:65:55:1c:ad:38:28:b2:28:35:a0:11:fb:b2:8d:11:dd:
         06:31:7e:70:1d:8c:fc:8a:f4:8d:29:c8:a9:3c:05:85:f6:82:
         06:7a:aa:5a:ff:05:70:ac:96:41:d4:da:14:fa:5b:50:63:a2:
         c1:af:38:aa:c2:5d:f3:7d:1e:4e:99:f7:cc:94:91:5d:41:cb:
         fe:3e:c0:6c:ba:4e:11:92:9a:c0:02:8f:97:2a:fc:74:04:68:
         33:ec:6f:bb
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBk357DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OTI0ZTdlYzNmNDNhOTExYWIxNTk2M2FlMTMwNGE5YTJiZmRkOGI0MB4XDTIyMDEw
MTEzMDEyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTI1NWU4ZTkyY2Vk
YmEyMmFhNDQxYWFmMDFhYTVhZDZlNDVhM2NiNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKcFCi8nZuDMq2HAXTn2BlHXQsP+xCVZK7IIoyXBACs6wTXo
rNxzFS2V67ZYxX8gzjNFEMV7RFpICuAUSelw81+lLlcBta97WepA9OotI3DtGZ8K
BKGUTYQAI+v/CQoRY22htGHnRRS0kwqZRNXKwZCNA4AqEkhoitir3ezXF8Wo6EB3
FXYjfYiek4XSg6tFB/zBRHZKhUNOGn/ipls/X5hHnwvE3CDkIBS+b+sjly9rqiNr
mRZos3vBNBQsrWVDKAzam5jMxBgRNrgG623n+7v118qZ9SzFW2O14i+iS1xfk99X
gD7xzR94GKZ/nHXV5yD8YrpNAPspMyS3x6dN6jMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSSVejpLO26IqpEGq8BqlrW5Fo8tTAfBgNVHSMEGDAWgBQ5JOfsP0OpEasV
ljrhMEqaK/3YtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09TVG43RDlEcVJHckZaWTY0VEJLbWl2OTJMUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDEvOWEyOTNkLWFkNzItNDQ3NC04NTIyLTY3NzRkZjUwMTFhNS8x
L2tsWG82U3p0dWlLcVJCcXZBYXBhMXVSYVBMVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEv
OWEyOTNkLWFkNzItNDQ3NC04NTIyLTY3NzRkZjUwMTFhNS8xL09TVG43RDlEcVJH
ckZaWTY0VEJLbWl2OTJMUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvVUTANBgkqhkiG9w0BAQsFAAOC
AQEAEKeOULN4ZvuF1HcpGheXQ1++UWgYbt/J2/wJLUaIJC9ccsbpDjXQ3/JUrYY/
uqIfcBnLbUZuCgcBFLH0PaiS8YBz0oSdf0UriGzR2rUQUGNqYzv/V9gmuBmqck9r
YtbGpW5sB2CCpCeCJ6h/5qu955h7yZNVPGFtyAPv8iGgPBdY0YM1KyCSAgStcKpI
/yVNjvOSqziclzwp7Z5U+IXqo/jZbLNlVRytOCiyKDWgEfuyjRHdBjF+cB2M/Ir0
jSnIqTwFhfaCBnqqWv8FcKyWQdTaFPpbUGOiwa84qsJd830eTpn3zJSRXUHL/j7A
bLpOEZKawAKPlyr8dARoM+xvuw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:07 2023 by rpki-client on console-fra.rpki-client.org