Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/c81669-2519-4da5-bd5d-1c2626590d28/1/yeXFMkmnE8t8BmUP6uQToebkAa8.roa
File:                     yeXFMkmnE8t8BmUP6uQToebkAa8.roa (raw, json)
Hash identifier:          cXB0XqHcX+qGmKbycI9KsPjtlU6yWvwTmMtQ/QWI7G8=
Subject key identifier:   C9:E5:C5:32:49:A7:13:CB:7C:06:65:0F:EA:E4:13:A1:E6:E4:01:AF
Certificate issuer:       /CN=d53ece71ef6ebf55bb7b87e50665ba11fdc77f08
Certificate serial:       01856BAEA9FF20CC41A1229F40F89979898E
Authority key identifier: D5:3E:CE:71:EF:6E:BF:55:BB:7B:87:E5:06:65:BA:11:FD:C7:7F:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1T7Oce9uv1W7e4flBmW6Ef3Hfwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/c81669-2519-4da5-bd5d-1c2626590d28/1/yeXFMkmnE8t8BmUP6uQToebkAa8.roa
Signing time:             Sun 01 Jan 2023 04:54:46 +0000
ROA not before:           Sun 01 Jan 2023 04:54:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211237
IP address blocks:        31.6.61.0/24 maxlen: 24
                          31.6.2.0/24 maxlen: 24
                          31.6.20.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ae:a9:ff:20:cc:41:a1:22:9f:40:f8:99:79:89:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d53ece71ef6ebf55bb7b87e50665ba11fdc77f08
        Validity
            Not Before: Jan  1 04:54:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c9e5c53249a713cb7c06650feae413a1e6e401af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c1:fc:b1:2b:dd:a7:88:fd:49:e7:54:fa:fa:
                    3b:35:2d:fa:b4:82:e0:d5:59:fd:4e:60:4f:fe:a6:
                    e0:58:28:9a:d1:8b:79:d6:80:9a:38:6b:5e:b8:d5:
                    6a:2c:ed:74:fc:0c:b7:51:18:02:28:0d:15:c8:a0:
                    bb:35:17:2b:12:ff:a7:be:e5:30:41:2d:1c:85:43:
                    f5:90:6b:47:86:f6:40:e1:52:bf:b4:98:2f:26:63:
                    b9:fd:a9:27:7a:80:72:29:39:95:ff:40:c4:64:35:
                    e1:54:a9:84:fa:8c:e3:22:9f:65:55:74:0b:74:d4:
                    00:c0:29:ed:5f:4d:02:d7:6b:81:fb:ce:80:11:fa:
                    6b:fd:55:9c:b5:4e:1e:5c:4d:b2:ed:11:a2:6d:99:
                    ae:cf:fa:ad:f4:2d:87:a5:d7:bd:32:09:b6:95:7e:
                    03:13:cc:89:cd:35:aa:13:9a:5a:38:72:29:92:71:
                    9b:79:12:80:ca:06:d6:0f:04:28:ba:d2:6c:d6:78:
                    56:25:a9:a4:d3:ce:72:0a:68:42:a7:90:90:fc:8d:
                    65:a6:69:6f:74:ee:45:f5:c9:08:a9:ab:df:21:c8:
                    bd:b6:a4:b6:77:60:75:ec:e6:6c:38:33:e5:f0:e3:
                    84:d8:5d:c2:69:64:e7:93:35:85:15:2b:02:e8:30:
                    0e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E5:C5:32:49:A7:13:CB:7C:06:65:0F:EA:E4:13:A1:E6:E4:01:AF
            X509v3 Authority Key Identifier:
                keyid:D5:3E:CE:71:EF:6E:BF:55:BB:7B:87:E5:06:65:BA:11:FD:C7:7F:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1T7Oce9uv1W7e4flBmW6Ef3Hfwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/c81669-2519-4da5-bd5d-1c2626590d28/1/yeXFMkmnE8t8BmUP6uQToebkAa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/c81669-2519-4da5-bd5d-1c2626590d28/1/1T7Oce9uv1W7e4flBmW6Ef3Hfwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.2.0/24
                  31.6.20.0/24
                  31.6.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:73:e3:fa:1b:ec:de:a2:11:cd:24:34:92:e7:fe:63:6c:48:
         3b:83:8a:f8:98:a6:d9:57:9f:2f:91:d7:2a:fc:6a:68:09:2a:
         a6:b8:e5:69:f1:a0:f8:bf:92:9d:d3:6a:2a:23:85:d0:a2:64:
         74:30:a9:d6:75:03:3f:d1:1a:e1:6d:46:db:76:e4:9c:5b:2e:
         b3:9e:a6:e1:1e:bb:4d:2b:7d:36:ba:10:04:a7:6f:e6:27:82:
         ec:85:6a:7a:7b:02:12:df:48:eb:72:b2:cd:e7:05:82:01:f6:
         33:bb:e2:dc:73:30:9c:97:50:47:94:b1:3c:89:c5:fd:63:1d:
         39:68:24:e0:e2:d6:a3:e8:a7:16:d0:f5:3f:cd:6c:1e:27:01:
         20:e4:20:58:00:62:7c:01:b0:e0:fb:b1:e0:2c:e6:dc:7c:ef:
         24:32:c9:cb:9a:d1:1f:a8:ad:3e:63:98:4d:df:84:5e:44:18:
         3e:9d:e7:2e:90:51:9a:6d:5d:38:bd:d7:a3:b8:e9:06:bc:a3:
         b2:54:7c:ff:39:94:8e:81:50:82:c2:46:66:c0:b6:42:12:2a:
         01:d5:75:1b:cd:0a:b1:00:cd:fc:40:60:95:28:32:a5:4a:5d:
         5c:76:bd:31:61:92:04:b5:df:16:91:f7:2c:35:88:b4:c3:c6:
         94:90:96:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVrrqn/IMxBoSKfQPiZeYmOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1M2VjZTcxZWY2ZWJmNTViYjdiODdlNTA2NjViYTExZmRj
NzdmMDgwHhcNMjMwMTAxMDQ1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU1YzUzMjQ5YTcxM2NiN2MwNjY1MGZlYWU0MTNhMWU2ZTQwMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8H8sSvdp4j9SedU+vo7NS36tILg
1Vn9TmBP/qbgWCia0Yt51oCaOGteuNVqLO10/Ay3URgCKA0VyKC7NRcrEv+nvuUw
QS0chUP1kGtHhvZA4VK/tJgvJmO5/akneoByKTmV/0DEZDXhVKmE+ozjIp9lVXQL
dNQAwCntX00C12uB+86AEfpr/VWctU4eXE2y7RGibZmuz/qt9C2Hpde9Mgm2lX4D
E8yJzTWqE5paOHIpknGbeRKAygbWDwQoutJs1nhWJamk085yCmhCp5CQ/I1lpmlv
dO5F9ckIqavfIci9tqS2d2B17OZsODPl8OOE2F3CaWTnkzWFFSsC6DAONQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMnlxTJJpxPLfAZlD+rkE6Hm5AGvMB8GA1UdIwQY
MBaAFNU+znHvbr9Vu3uH5QZluhH9x38IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVQ3T2NlOXV2MVc3ZTRmbEJtVzZFZjNIZndnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9jODE2NjktMjUxOS00ZGE1LWJkNWQt
MWMyNjI2NTkwZDI4LzEveWVYRk1rbW5FOHQ4Qm1VUDZ1UVRvZWJrQWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9jODE2NjktMjUxOS00ZGE1LWJkNWQtMWMyNjI2NTkwZDI4
LzEvMVQ3T2NlOXV2MVc3ZTRmbEJtVzZFZjNIZndnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHwYCAwQA
HwYUAwQAHwY9MA0GCSqGSIb3DQEBCwUAA4IBAQCec+P6G+zeohHNJDSS5/5jbEg7
g4r4mKbZV58vkdcq/GpoCSqmuOVp8aD4v5Kd02oqI4XQomR0MKnWdQM/0RrhbUbb
duScWy6znqbhHrtNK302uhAEp2/mJ4LshWp6ewIS30jrcrLN5wWCAfYzu+LcczCc
l1BHlLE8icX9Yx05aCTg4taj6KcW0PU/zWweJwEg5CBYAGJ8AbDg+7HgLObcfO8k
MsnLmtEfqK0+Y5hN34ReRBg+necukFGabV04vdejuOkGvKOyVHz/OZSOgVCCwkZm
wLZCEioB1XUbzQqxAM38QGCVKDKlSl1cdr0xYZIEtd8WkfcsNYi0w8aUkJb4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:08 2024 by rpki-client on console-ams.rpki-client.org