Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a04b28-3918-4259-bd25-73d8df5eb288/1/KLRDwAvDAX8tYEYsC1u2gAFTQ9U.roa
File:                     KLRDwAvDAX8tYEYsC1u2gAFTQ9U.roa (raw, json)
Hash identifier:          d/d09bo0wBOoO6EsR9FX7pRvS/FLWxQaiBao1yXST88=
Subject key identifier:   28:B4:43:C0:0B:C3:01:7F:2D:60:46:2C:0B:5B:B6:80:01:53:43:D5
Certificate issuer:       /CN=0b0262eb9b43781af47bfd833d7b2a8ed5bd69c0
Certificate serial:       018A0218593272746A7D071A22E50060B18B
Authority key identifier: 0B:02:62:EB:9B:43:78:1A:F4:7B:FD:83:3D:7B:2A:8E:D5:BD:69:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CwJi65tDeBr0e_2DPXsqjtW9acA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a04b28-3918-4259-bd25-73d8df5eb288/1/KLRDwAvDAX8tYEYsC1u2gAFTQ9U.roa
Signing time:             Thu 17 Aug 2023 06:04:24 +0000
ROA not before:           Thu 17 Aug 2023 06:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        31.41.249.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:02:18:59:32:72:74:6a:7d:07:1a:22:e5:00:60:b1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b0262eb9b43781af47bfd833d7b2a8ed5bd69c0
        Validity
            Not Before: Aug 17 06:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28b443c00bc3017f2d60462c0b5bb680015343d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2c:60:a3:c7:79:52:57:31:f7:c6:e2:91:4d:
                    f8:ae:54:2c:7e:ac:1a:ab:a2:61:3a:f0:19:38:72:
                    fb:10:0d:16:9c:79:eb:2e:04:b0:11:6d:ea:92:c9:
                    e6:f5:2b:03:eb:eb:49:c6:7c:e0:18:d9:3d:13:6d:
                    52:27:de:6e:82:92:19:a1:5d:4e:7a:11:b6:25:0e:
                    17:6c:24:e6:63:7f:85:5f:c4:f9:84:60:87:02:45:
                    cb:48:d4:e1:55:ec:9f:05:f2:0a:a2:79:fb:e0:1c:
                    db:5f:27:5a:7f:ec:12:d5:e7:76:94:ce:cf:93:b7:
                    94:25:5f:d1:8e:27:be:4f:55:9d:9a:d7:11:65:6a:
                    c2:4a:b4:7d:f1:21:75:9c:e8:57:e3:a3:b8:2d:4c:
                    fa:a0:67:a0:7a:b1:f6:29:39:29:cb:18:c1:5f:1f:
                    57:07:5e:ff:b6:66:f7:41:2b:21:34:11:6f:df:0d:
                    18:f1:b5:48:37:dd:a8:5d:ad:85:6f:d3:2e:d9:29:
                    2d:62:b1:cc:1d:75:c1:d7:b0:ce:96:29:4f:2c:c9:
                    8f:ee:ad:3a:c0:5b:de:8d:ea:20:33:4e:d3:52:f6:
                    8c:9c:1b:1f:c5:be:9f:f2:f2:40:82:a7:10:0b:22:
                    b3:bc:ae:78:7e:90:f5:d4:ef:43:13:c7:81:48:9c:
                    e2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B4:43:C0:0B:C3:01:7F:2D:60:46:2C:0B:5B:B6:80:01:53:43:D5
            X509v3 Authority Key Identifier:
                keyid:0B:02:62:EB:9B:43:78:1A:F4:7B:FD:83:3D:7B:2A:8E:D5:BD:69:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CwJi65tDeBr0e_2DPXsqjtW9acA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a04b28-3918-4259-bd25-73d8df5eb288/1/KLRDwAvDAX8tYEYsC1u2gAFTQ9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a04b28-3918-4259-bd25-73d8df5eb288/1/CwJi65tDeBr0e_2DPXsqjtW9acA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:e5:c5:aa:9e:0b:86:87:64:f6:34:a9:6e:0c:6a:6a:21:97:
         6b:dd:15:af:fe:df:c9:94:0c:a6:3f:b6:f2:73:bf:2a:12:fd:
         19:11:ba:57:7c:14:57:f2:ee:34:4c:6e:d2:df:cb:b4:1c:b7:
         f8:19:be:1f:c9:44:1c:f6:5e:89:bf:c0:92:62:07:df:6c:7e:
         f7:80:6a:73:e0:e3:76:5a:32:05:ad:f8:aa:f4:a5:f3:ab:5d:
         a0:37:2a:9d:36:ca:d9:3b:b3:01:54:d4:91:0a:de:a7:15:4e:
         3e:1d:99:ee:6e:2d:78:7d:2b:b5:3b:ec:89:c8:12:6b:4a:33:
         9d:d4:f8:3b:90:27:9f:e7:30:46:79:fd:c9:5b:23:d3:24:7f:
         ba:44:a8:26:aa:a1:13:93:69:e6:10:a1:e6:40:1a:77:24:99:
         6f:26:e2:72:72:ec:a8:15:b0:e9:4c:7f:ca:4d:3e:e8:cb:c7:
         75:ab:24:ad:9e:76:4b:ba:48:44:85:83:ef:fd:87:3c:d2:6a:
         63:79:de:ff:d9:12:d2:35:3a:de:eb:74:2e:85:dc:9f:5a:c2:
         64:b9:70:42:9b:97:2c:b6:77:cc:f1:bb:d3:4f:1b:5d:9f:47:
         fd:8e:2d:dd:9b:93:1d:5e:af:fb:1c:b2:e8:fb:54:5e:ef:12:
         f1:6b:93:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYoCGFkycnRqfQcaIuUAYLGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMDI2MmViOWI0Mzc4MWFmNDdiZmQ4MzNkN2IyYThlZDVi
ZDY5YzAwHhcNMjMwODE3MDYwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI0NDNjMDBiYzMwMTdmMmQ2MDQ2MmMwYjViYjY4MDAxNTM0M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyxgo8d5Ulcx98bikU34rlQsfqwa
q6JhOvAZOHL7EA0WnHnrLgSwEW3qksnm9SsD6+tJxnzgGNk9E21SJ95ugpIZoV1O
ehG2JQ4XbCTmY3+FX8T5hGCHAkXLSNThVeyfBfIKonn74BzbXydaf+wS1ed2lM7P
k7eUJV/Rjie+T1WdmtcRZWrCSrR98SF1nOhX46O4LUz6oGegerH2KTkpyxjBXx9X
B17/tmb3QSshNBFv3w0Y8bVIN92oXa2Fb9Mu2SktYrHMHXXB17DOlilPLMmP7q06
wFvejeogM07TUvaMnBsfxb6f8vJAgqcQCyKzvK54fpD11O9DE8eBSJziCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCi0Q8ALwwF/LWBGLAtbtoABU0PVMB8GA1UdIwQY
MBaAFAsCYuubQ3ga9Hv9gz17Ko7VvWnAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3dKaTY1dERlQnIwZV8yRFBYc3FqdFc5YWNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hMDRiMjgtMzkxOC00MjU5LWJkMjUt
NzNkOGRmNWViMjg4LzEvS0xSRHdBdkRBWDh0WUVZc0MxdTJnQUZUUTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hMDRiMjgtMzkxOC00MjU5LWJkMjUtNzNkOGRmNWViMjg4
LzEvQ3dKaTY1dERlQnIwZV8yRFBYc3FqdFc5YWNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyn5MA0G
CSqGSIb3DQEBCwUAA4IBAQA95cWqnguGh2T2NKluDGpqIZdr3RWv/t/JlAymP7by
c78qEv0ZEbpXfBRX8u40TG7S38u0HLf4Gb4fyUQc9l6Jv8CSYgffbH73gGpz4ON2
WjIFrfiq9KXzq12gNyqdNsrZO7MBVNSRCt6nFU4+HZnubi14fSu1O+yJyBJrSjOd
1Pg7kCef5zBGef3JWyPTJH+6RKgmqqETk2nmEKHmQBp3JJlvJuJycuyoFbDpTH/K
TT7oy8d1qyStnnZLukhEhYPv/Yc80mpjed7/2RLSNTre63QuhdyfWsJkuXBCm5cs
tnfM8bvTTxtdn0f9ji3dm5MdXq/7HLLo+1Re7xLxa5Pb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:20 2024 by rpki-client on console-fra.rpki-client.org