Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/11362c-0ca8-4123-9b3c-3ca54d5c6f4f/1/KfrOSpLOpLaHSCVeSozyS0lAM6U.roa
File:                     KfrOSpLOpLaHSCVeSozyS0lAM6U.roa (raw, json)
Hash identifier:          wAVPVHcn/JJDiM0FlH0msK5bCrUCEScuSm70Tsv/138=
Subject key identifier:   29:FA:CE:4A:92:CE:A4:B6:87:48:25:5E:4A:8C:F2:4B:49:40:33:A5
Certificate issuer:       /CN=f62cb707c297f0bce43af4f4cbacbb8a636ccc61
Certificate serial:       0187572E43007EFC61BED76E59B86E1679F4
Authority key identifier: F6:2C:B7:07:C2:97:F0:BC:E4:3A:F4:F4:CB:AC:BB:8A:63:6C:CC:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9iy3B8KX8LzkOvT0y6y7imNszGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/11362c-0ca8-4123-9b3c-3ca54d5c6f4f/1/KfrOSpLOpLaHSCVeSozyS0lAM6U.roa
Signing time:             Thu 06 Apr 2023 15:27:42 +0000
ROA not before:           Thu 06 Apr 2023 15:27:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15083
IP address blocks:        185.248.135.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:57:2e:43:00:7e:fc:61:be:d7:6e:59:b8:6e:16:79:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62cb707c297f0bce43af4f4cbacbb8a636ccc61
        Validity
            Not Before: Apr  6 15:27:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29face4a92cea4b68748255e4a8cf24b494033a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b6:de:04:8e:da:3a:d5:fc:cf:c4:51:76:66:
                    7e:0d:5a:4c:9c:70:58:42:f0:1b:9e:36:3a:98:bb:
                    7a:9e:8a:ef:11:a4:cb:7d:d9:cf:64:c1:6b:e5:09:
                    46:06:94:b9:cf:aa:dc:df:46:a0:b5:99:fe:c9:cc:
                    4a:b8:9c:d6:0a:07:63:c6:dc:70:6d:5c:31:72:5f:
                    5a:d6:08:f2:17:08:0d:60:23:9e:f5:38:7a:73:db:
                    45:8d:b7:ad:d7:d6:bf:e0:a6:4f:6b:8b:63:c7:f4:
                    9a:20:f7:44:14:5b:1f:97:fb:e2:bd:05:d5:e8:05:
                    59:5f:4b:23:6a:1d:6d:35:16:e4:73:b5:85:dc:af:
                    03:04:de:af:d2:3c:bc:5e:41:7b:b5:5c:a0:88:dc:
                    25:9f:de:dd:25:7e:b3:10:30:43:9d:96:8c:9d:f2:
                    70:34:be:a5:da:42:07:41:2b:b8:db:ac:de:26:db:
                    91:cb:f6:a9:f9:6d:1f:58:ea:f8:5b:fd:48:8e:09:
                    6d:a3:e9:ab:84:7e:a0:35:69:e6:3a:a4:db:ec:40:
                    13:16:c3:7a:af:e5:09:21:4d:5d:96:20:7e:20:45:
                    90:88:29:76:f7:ca:23:36:56:9c:ed:af:70:a8:dc:
                    f7:50:b5:88:13:37:03:d8:34:6a:87:0f:92:b0:1b:
                    51:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FA:CE:4A:92:CE:A4:B6:87:48:25:5E:4A:8C:F2:4B:49:40:33:A5
            X509v3 Authority Key Identifier:
                keyid:F6:2C:B7:07:C2:97:F0:BC:E4:3A:F4:F4:CB:AC:BB:8A:63:6C:CC:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9iy3B8KX8LzkOvT0y6y7imNszGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/11362c-0ca8-4123-9b3c-3ca54d5c6f4f/1/KfrOSpLOpLaHSCVeSozyS0lAM6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/11362c-0ca8-4123-9b3c-3ca54d5c6f4f/1/9iy3B8KX8LzkOvT0y6y7imNszGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:39:d3:aa:05:04:d5:85:8b:e2:24:93:63:db:9a:09:39:02:
         ea:47:be:2a:3b:e6:2d:fe:97:58:36:e5:5e:bc:37:79:61:d1:
         16:12:64:4a:7a:7d:22:f4:41:b2:5c:cf:cf:41:5b:a6:22:bf:
         ca:52:89:f5:17:b7:e5:3c:e7:8d:8a:c3:fb:72:fc:3c:ee:01:
         88:7c:57:d9:69:9b:50:cf:68:f8:02:1e:bf:56:e5:f5:df:ce:
         66:20:e1:3f:9b:76:1a:66:cb:dd:9a:5d:99:86:92:8c:51:e6:
         4a:3e:ec:cc:65:1b:b8:bf:26:86:ec:a0:5e:62:56:22:2f:78:
         74:a8:be:28:d3:d7:a2:64:89:61:b5:5e:f1:1d:e3:3e:7c:19:
         8b:c3:a4:36:8a:a6:af:06:5c:b7:5e:cb:f3:23:de:4f:09:f4:
         fc:82:e7:da:bc:63:90:98:2d:05:ca:43:b9:7a:ea:70:82:fa:
         41:93:2a:cf:21:4e:0e:a3:03:01:a7:36:40:f1:4b:2b:a4:1a:
         be:75:2b:c5:24:c8:18:9f:cf:d4:c6:0f:fd:9f:b0:be:db:fa:
         76:4e:35:7d:b5:bb:89:80:b1:ad:02:ff:34:61:9b:13:f4:bb:
         bc:b0:b6:49:5e:2f:9e:bf:9b:16:ba:03:13:f3:96:a0:a2:4b:
         44:40:84:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdXLkMAfvxhvtduWbhuFnn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmNiNzA3YzI5N2YwYmNlNDNhZjRmNGNiYWNiYjhhNjM2
Y2NjNjEwHhcNMjMwNDA2MTUyNzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWZhY2U0YTkyY2VhNGI2ODc0ODI1NWU0YThjZjI0YjQ5NDAzM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrbeBI7aOtX8z8RRdmZ+DVpMnHBY
QvAbnjY6mLt6norvEaTLfdnPZMFr5QlGBpS5z6rc30agtZn+ycxKuJzWCgdjxtxw
bVwxcl9a1gjyFwgNYCOe9Th6c9tFjbet19a/4KZPa4tjx/SaIPdEFFsfl/vivQXV
6AVZX0sjah1tNRbkc7WF3K8DBN6v0jy8XkF7tVygiNwln97dJX6zEDBDnZaMnfJw
NL6l2kIHQSu426zeJtuRy/ap+W0fWOr4W/1Ijglto+mrhH6gNWnmOqTb7EATFsN6
r+UJIU1dliB+IEWQiCl298ojNlac7a9wqNz3ULWIEzcD2DRqhw+SsBtRWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn6zkqSzqS2h0glXkqM8ktJQDOlMB8GA1UdIwQY
MBaAFPYstwfCl/C85Dr09Musu4pjbMxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWl5M0I4S1g4THprT3ZUMHk2eTdpbU5zekdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8xMTM2MmMtMGNhOC00MTIzLTliM2Mt
M2NhNTRkNWM2ZjRmLzEvS2ZyT1NwTE9wTGFIU0NWZVNvenlTMGxBTTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8xMTM2MmMtMGNhOC00MTIzLTliM2MtM2NhNTRkNWM2ZjRm
LzEvOWl5M0I4S1g4THprT3ZUMHk2eTdpbU5zekdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufiHMA0G
CSqGSIb3DQEBCwUAA4IBAQCgOdOqBQTVhYviJJNj25oJOQLqR74qO+Yt/pdYNuVe
vDd5YdEWEmRKen0i9EGyXM/PQVumIr/KUon1F7flPOeNisP7cvw87gGIfFfZaZtQ
z2j4Ah6/VuX1385mIOE/m3YaZsvdml2ZhpKMUeZKPuzMZRu4vyaG7KBeYlYiL3h0
qL4o09eiZIlhtV7xHeM+fBmLw6Q2iqavBly3XsvzI95PCfT8gufavGOQmC0FykO5
eupwgvpBkyrPIU4OowMBpzZA8UsrpBq+dSvFJMgYn8/Uxg/9n7C+2/p2TjV9tbuJ
gLGtAv80YZsT9Lu8sLZJXi+ev5sWugMT85agoktEQIT1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:53 2024 by rpki-client on console-fra.rpki-client.org