Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/c45a9b-5096-4e75-9389-bd9b42f48dde/1/2iw7TnJl34iqBRvBAhR-MKhe4fU.roa
File:                     2iw7TnJl34iqBRvBAhR-MKhe4fU.roa (raw, json)
Hash identifier:          7dgZR8puG8sFADo+NxaRXi+w8lVSlTVX2JkU2Au3Opk=
Subject key identifier:   DA:2C:3B:4E:72:65:DF:88:AA:05:1B:C1:02:14:7E:30:A8:5E:E1:F5
Certificate issuer:       /CN=13ecf10b887f085887de8b2db64917ee2e424545
Certificate serial:       0185714C0FB12E42FFA3C4223C2A1B59409C
Authority key identifier: 13:EC:F1:0B:88:7F:08:58:87:DE:8B:2D:B6:49:17:EE:2E:42:45:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-zxC4h_CFiH3osttkkX7i5CRUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/c45a9b-5096-4e75-9389-bd9b42f48dde/1/2iw7TnJl34iqBRvBAhR-MKhe4fU.roa
Signing time:             Mon 02 Jan 2023 07:04:48 +0000
ROA not before:           Mon 02 Jan 2023 07:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        45.65.116.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:4c:0f:b1:2e:42:ff:a3:c4:22:3c:2a:1b:59:40:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ecf10b887f085887de8b2db64917ee2e424545
        Validity
            Not Before: Jan  2 07:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da2c3b4e7265df88aa051bc102147e30a85ee1f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:66:15:f2:aa:86:b1:70:da:27:98:0a:e0:2a:
                    07:20:2f:70:df:86:df:1f:58:82:fa:2c:14:8f:41:
                    7f:9b:82:0a:46:5b:4f:88:4f:a1:ae:dd:6a:19:6c:
                    c8:7a:9d:86:c1:4f:a4:e6:ff:17:d1:3b:19:9a:18:
                    15:f7:f1:80:58:59:7a:6f:1a:f1:92:2d:ef:3b:64:
                    62:7c:f5:89:a4:96:c7:0c:01:7f:ca:59:71:e3:04:
                    d4:b9:73:ca:e3:f1:68:f8:87:95:a2:cb:92:c0:87:
                    4f:9d:3c:ec:72:eb:ae:f8:47:c6:b2:00:f9:42:bc:
                    a3:96:3a:62:3c:aa:e3:40:51:7f:45:c1:8e:7e:cf:
                    a4:75:e9:14:77:3a:5e:8f:a7:99:b3:db:0f:f4:64:
                    c8:ab:a7:07:66:bc:7b:5c:b7:54:9b:06:9e:cc:04:
                    7e:0e:3b:76:5f:3a:f1:0e:14:6d:2a:81:bd:24:aa:
                    79:a5:d3:50:82:d9:a2:c4:e3:a7:86:dd:8b:d4:ed:
                    30:bb:0a:8e:dd:7e:e6:a9:cd:84:15:14:ee:92:60:
                    14:22:e1:68:dd:d9:2f:74:72:85:16:79:d0:0b:a4:
                    87:e4:9b:b1:ec:0d:7e:fa:7d:dc:e4:cd:1f:37:d8:
                    6c:b0:99:f9:f3:f6:de:02:9f:ea:de:f4:67:21:6b:
                    df:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2C:3B:4E:72:65:DF:88:AA:05:1B:C1:02:14:7E:30:A8:5E:E1:F5
            X509v3 Authority Key Identifier:
                keyid:13:EC:F1:0B:88:7F:08:58:87:DE:8B:2D:B6:49:17:EE:2E:42:45:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-zxC4h_CFiH3osttkkX7i5CRUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/c45a9b-5096-4e75-9389-bd9b42f48dde/1/2iw7TnJl34iqBRvBAhR-MKhe4fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/c45a9b-5096-4e75-9389-bd9b42f48dde/1/E-zxC4h_CFiH3osttkkX7i5CRUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:10:a4:c8:61:9b:4f:d0:e8:56:03:b4:6c:0b:05:76:cf:7e:
         f5:bb:fb:59:ce:46:10:b4:4f:dd:7a:81:0f:ff:21:b8:bf:07:
         87:60:1f:81:01:63:41:16:cf:40:23:d5:e3:9e:d4:9a:87:70:
         5f:ff:1c:ea:e1:5f:56:1d:09:0c:93:fa:d2:8c:56:8e:c4:81:
         20:9b:f0:8a:fb:c8:50:cb:0f:0c:b1:09:93:b4:ec:0f:48:d2:
         59:9f:54:c3:ff:b8:b2:de:94:40:56:a1:0a:d0:13:6e:14:3e:
         05:4d:cc:57:78:0b:43:c7:a2:d3:c0:95:d1:a2:c1:57:29:70:
         df:5a:69:54:a5:45:69:5d:a3:28:78:a0:8e:3c:bf:60:76:ad:
         aa:89:d9:64:22:d6:e3:df:c1:f4:71:76:1b:77:63:3b:9f:82:
         41:ca:05:d8:9f:2b:a4:09:b2:bd:38:fc:b9:19:48:d3:21:50:
         a1:c6:85:7c:b2:49:d3:5d:c6:44:9f:ac:f7:37:95:58:4e:21:
         69:ec:46:98:30:8d:76:e9:b1:f5:62:5a:01:cf:90:e3:53:a3:
         f3:5a:4c:29:cf:8a:1a:e3:d5:aa:dd:67:f8:9b:8f:6d:2b:6d:
         a1:a9:4c:9c:58:89:e1:ca:13:ab:e3:64:41:aa:8e:45:fc:70:
         8b:11:62:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxTA+xLkL/o8QiPCobWUCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWNmMTBiODg3ZjA4NTg4N2RlOGIyZGI2NDkxN2VlMmU0
MjQ1NDUwHhcNMjMwMTAyMDcwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTJjM2I0ZTcyNjVkZjg4YWEwNTFiYzEwMjE0N2UzMGE4NWVlMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2YV8qqGsXDaJ5gK4CoHIC9w34bf
H1iC+iwUj0F/m4IKRltPiE+hrt1qGWzIep2GwU+k5v8X0TsZmhgV9/GAWFl6bxrx
ki3vO2RifPWJpJbHDAF/yllx4wTUuXPK4/Fo+IeVosuSwIdPnTzscuuu+EfGsgD5
QryjljpiPKrjQFF/RcGOfs+kdekUdzpej6eZs9sP9GTIq6cHZrx7XLdUmwaezAR+
Djt2XzrxDhRtKoG9JKp5pdNQgtmixOOnht2L1O0wuwqO3X7mqc2EFRTukmAUIuFo
3dkvdHKFFnnQC6SH5Jux7A1++n3c5M0fN9hssJn58/beAp/q3vRnIWvfewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNosO05yZd+IqgUbwQIUfjCoXuH1MB8GA1UdIwQY
MBaAFBPs8QuIfwhYh96LLbZJF+4uQkVFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS16eEM0aF9DRmlIM29zdHRra1g3aTVDUlVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9jNDVhOWItNTA5Ni00ZTc1LTkzODkt
YmQ5YjQyZjQ4ZGRlLzEvMml3N1RuSmwzNGlxQlJ2QkFoUi1NS2hlNGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9jNDVhOWItNTA5Ni00ZTc1LTkzODktYmQ5YjQyZjQ4ZGRl
LzEvRS16eEM0aF9DRmlIM29zdHRra1g3aTVDUlVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUF0MA0G
CSqGSIb3DQEBCwUAA4IBAQBGEKTIYZtP0OhWA7RsCwV2z371u/tZzkYQtE/deoEP
/yG4vweHYB+BAWNBFs9AI9XjntSah3Bf/xzq4V9WHQkMk/rSjFaOxIEgm/CK+8hQ
yw8MsQmTtOwPSNJZn1TD/7iy3pRAVqEK0BNuFD4FTcxXeAtDx6LTwJXRosFXKXDf
WmlUpUVpXaMoeKCOPL9gdq2qidlkItbj38H0cXYbd2M7n4JBygXYnyukCbK9OPy5
GUjTIVChxoV8sknTXcZEn6z3N5VYTiFp7EaYMI126bH1YloBz5DjU6PzWkwpz4oa
49Wq3Wf4m49tK22hqUycWInhyhOr42RBqo5F/HCLEWLg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:08 2024 by rpki-client on console-ams.rpki-client.org