Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/yBMnZ-pSjXgc3dN1PJT1Gu3kK-4.roa
File:                     yBMnZ-pSjXgc3dN1PJT1Gu3kK-4.roa (raw, json)
Hash identifier:          kuAWYHfk5gi00wY9rOHUHIU2XIrMaEuMpfUMLjO5QlA=
Subject key identifier:   C8:13:27:67:EA:52:8D:78:1C:DD:D3:75:3C:94:F5:1A:ED:E4:2B:EE
Certificate issuer:       /CN=20a9a34cbd15c2038ff6f1f7110819889217fa4d
Certificate serial:       01856BEEBF0B835EE66EA29725E10E69DF31
Authority key identifier: 20:A9:A3:4C:BD:15:C2:03:8F:F6:F1:F7:11:08:19:88:92:17:FA:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IKmjTL0VwgOP9vH3EQgZiJIX-k0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/yBMnZ-pSjXgc3dN1PJT1Gu3kK-4.roa
Signing time:             Sun 01 Jan 2023 06:04:46 +0000
ROA not before:           Sun 01 Jan 2023 06:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211509
IP address blocks:        2001:678:3f4::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ee:bf:0b:83:5e:e6:6e:a2:97:25:e1:0e:69:df:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20a9a34cbd15c2038ff6f1f7110819889217fa4d
        Validity
            Not Before: Jan  1 06:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c8132767ea528d781cddd3753c94f51aede42bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c3:61:13:75:a5:5a:b4:df:df:f0:49:72:2f:
                    90:48:86:1e:44:d6:8f:25:05:1c:58:4b:5a:fe:08:
                    79:dd:75:20:9c:da:df:e0:91:e2:0d:02:b0:04:39:
                    13:7a:87:8b:30:b2:15:e5:31:21:60:09:8a:e9:7e:
                    26:a7:c4:b6:26:1b:36:cb:c0:af:61:6c:54:19:1b:
                    f0:9f:a9:27:f5:19:93:10:02:0a:08:a6:83:d9:bb:
                    a2:b9:68:20:92:e3:3e:f6:3e:c7:30:5c:21:5f:52:
                    36:51:3f:98:15:e4:ec:60:e6:b4:33:4b:7b:d6:49:
                    18:e8:9d:f3:ce:35:63:f4:d7:8d:d7:a1:83:64:f4:
                    35:d8:5d:6f:c8:90:f0:a4:26:f9:27:d9:7e:80:b6:
                    50:9a:a7:58:1e:b4:6d:f7:01:85:52:fd:0a:8d:49:
                    42:cf:d9:30:35:d0:99:19:12:14:84:bc:ad:7c:99:
                    aa:9a:51:c7:c6:61:6d:32:af:d9:9d:22:9f:37:63:
                    92:73:68:73:e3:c1:6a:9d:3d:a3:95:34:72:b9:97:
                    39:9b:55:74:66:6b:8c:3d:3d:f1:e4:be:bc:27:b1:
                    96:85:4f:93:49:85:3f:46:f0:5b:1c:48:aa:85:73:
                    fd:23:36:51:0b:81:53:9b:54:79:21:ed:7d:b8:64:
                    c4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:13:27:67:EA:52:8D:78:1C:DD:D3:75:3C:94:F5:1A:ED:E4:2B:EE
            X509v3 Authority Key Identifier:
                keyid:20:A9:A3:4C:BD:15:C2:03:8F:F6:F1:F7:11:08:19:88:92:17:FA:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKmjTL0VwgOP9vH3EQgZiJIX-k0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/yBMnZ-pSjXgc3dN1PJT1Gu3kK-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/IKmjTL0VwgOP9vH3EQgZiJIX-k0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:56:f9:af:49:cb:7b:e4:ac:09:d2:6f:58:a4:68:67:a8:94:
         76:fa:67:77:d1:28:50:fa:41:3b:d1:86:0b:cf:50:ef:dd:b7:
         c2:e0:75:de:55:2a:2f:aa:78:ed:9f:81:5f:70:a6:6e:cf:8b:
         2b:4c:6e:57:1b:bd:6b:9b:15:0b:81:a7:6a:e7:a4:97:f5:e5:
         91:52:cb:23:73:34:66:3c:95:f6:21:f1:db:95:af:d8:8e:e1:
         56:7f:f4:f6:36:f9:cb:16:21:b7:c2:5c:74:b4:4a:ff:5b:51:
         50:ec:bc:60:fe:35:c3:21:ad:07:a1:e6:a7:d3:14:37:27:36:
         b2:3a:30:17:80:22:ff:e7:63:82:84:59:36:06:0e:06:4e:a8:
         4b:c4:02:d4:71:2f:fa:2e:71:07:52:ff:1a:6f:6c:45:7b:39:
         8a:11:d8:00:c4:d2:f8:7f:c2:0a:21:86:98:f9:bc:b9:90:bd:
         a4:f9:e1:38:e2:61:c5:0d:5c:57:ff:5e:ca:40:9f:88:50:79:
         3f:4b:27:19:e2:ac:6a:53:2e:0a:6a:8e:de:15:de:1b:cc:0b:
         80:f3:76:71:7a:77:57:4a:91:47:4b:58:ab:20:e9:b6:ba:aa:
         e2:21:c6:16:34:d7:8c:d4:14:65:f1:78:da:b0:f7:5b:0a:01:
         f3:34:1f:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVr7r8Lg17mbqKXJeEOad8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYTlhMzRjYmQxNWMyMDM4ZmY2ZjFmNzExMDgxOTg4OTIx
N2ZhNGQwHhcNMjMwMTAxMDYwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODEzMjc2N2VhNTI4ZDc4MWNkZGQzNzUzYzk0ZjUxYWVkZTQyYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8NhE3WlWrTf3/BJci+QSIYeRNaP
JQUcWEta/gh53XUgnNrf4JHiDQKwBDkTeoeLMLIV5TEhYAmK6X4mp8S2Jhs2y8Cv
YWxUGRvwn6kn9RmTEAIKCKaD2buiuWggkuM+9j7HMFwhX1I2UT+YFeTsYOa0M0t7
1kkY6J3zzjVj9NeN16GDZPQ12F1vyJDwpCb5J9l+gLZQmqdYHrRt9wGFUv0KjUlC
z9kwNdCZGRIUhLytfJmqmlHHxmFtMq/ZnSKfN2OSc2hz48FqnT2jlTRyuZc5m1V0
ZmuMPT3x5L68J7GWhU+TSYU/RvBbHEiqhXP9IzZRC4FTm1R5Ie19uGTEVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMgTJ2fqUo14HN3TdTyU9Rrt5CvuMB8GA1UdIwQY
MBaAFCCpo0y9FcIDj/bx9xEIGYiSF/pNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUttalRMMFZ3Z09QOXZIM0VRZ1ppSklYLWswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9lZThiNDctZTk4Yy00YzZkLWE3M2Ut
NDNjYTM2NDZhNWE5LzEveUJNblotcFNqWGdjM2ROMVBKVDFHdTNrSy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9lZThiNDctZTk4Yy00YzZkLWE3M2UtNDNjYTM2NDZhNWE5
LzEvSUttalRMMFZ3Z09QOXZIM0VRZ1ppSklYLWswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAP0
MA0GCSqGSIb3DQEBCwUAA4IBAQA5VvmvSct75KwJ0m9YpGhnqJR2+md30ShQ+kE7
0YYLz1Dv3bfC4HXeVSovqnjtn4FfcKZuz4srTG5XG71rmxULgadq56SX9eWRUssj
czRmPJX2IfHbla/YjuFWf/T2NvnLFiG3wlx0tEr/W1FQ7Lxg/jXDIa0Hoean0xQ3
JzayOjAXgCL/52OChFk2Bg4GTqhLxALUcS/6LnEHUv8ab2xFezmKEdgAxNL4f8IK
IYaY+by5kL2k+eE44mHFDVxX/17KQJ+IUHk/SycZ4qxqUy4Kao7eFd4bzAuA83Zx
endXSpFHS1irIOm2uqriIcYWNNeM1BRl8XjasPdbCgHzNB8z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:58 2024 by rpki-client on console-fra.rpki-client.org