Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/e55af7-b7fb-40f3-bad3-203d5e009223/1/CD9LB9BqWOomCT8VaqZqQEWgdig.roa
File:                     CD9LB9BqWOomCT8VaqZqQEWgdig.roa (raw, json)
Hash identifier:          S6r9ZxIDlak0/nH9/fsPUHGrjb97YxJIYVyrk1fh/II=
Subject key identifier:   08:3F:4B:07:D0:6A:58:EA:26:09:3F:15:6A:A6:6A:40:45:A0:76:28
Certificate issuer:       /CN=a35daae54836813feb72d5b45ed4042237aa0bd6
Certificate serial:       01856C53AC7CF35FD9492E84D4C712DF7DF4
Authority key identifier: A3:5D:AA:E5:48:36:81:3F:EB:72:D5:B4:5E:D4:04:22:37:AA:0B:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o12q5Ug2gT_rctW0XtQEIjeqC9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/e55af7-b7fb-40f3-bad3-203d5e009223/1/CD9LB9BqWOomCT8VaqZqQEWgdig.roa
Signing time:             Sun 01 Jan 2023 07:55:00 +0000
ROA not before:           Sun 01 Jan 2023 07:55:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200424
IP address blocks:        45.128.240.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:ac:7c:f3:5f:d9:49:2e:84:d4:c7:12:df:7d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a35daae54836813feb72d5b45ed4042237aa0bd6
        Validity
            Not Before: Jan  1 07:55:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=083f4b07d06a58ea26093f156aa66a4045a07628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5f:48:55:e7:63:69:d5:63:8b:a5:c1:4b:13:
                    d4:47:95:bf:1d:46:a1:ea:0e:6d:74:7a:2d:91:48:
                    56:08:cc:e8:03:32:eb:b7:09:3c:a7:b1:41:88:d5:
                    83:35:db:d0:1d:22:70:66:4a:ea:0a:7f:d9:42:a5:
                    4e:37:89:a9:f6:09:59:09:67:43:36:25:20:68:04:
                    9a:d5:09:7e:cf:06:ae:6b:c5:15:8e:b7:91:e0:9b:
                    20:d0:56:f5:50:71:98:26:18:54:db:24:7a:e8:5e:
                    67:04:18:c7:9e:78:43:17:ba:db:15:64:b3:a3:0d:
                    66:92:f7:f3:36:51:bb:cb:e6:2e:ac:f0:3b:c0:2e:
                    6a:73:95:1c:8e:1e:88:97:13:3f:a9:d8:7d:78:82:
                    9c:32:23:9b:8b:82:52:6e:b3:e9:ac:ee:b8:e5:8a:
                    79:ef:95:03:07:8c:64:ab:63:59:13:03:86:8b:13:
                    10:fa:32:ad:48:ca:ea:6c:23:ee:8d:72:d7:5a:8f:
                    77:05:13:2d:bf:98:98:1b:ab:22:10:05:61:98:f6:
                    30:69:15:49:21:e7:41:8b:d3:17:d2:1a:ea:66:20:
                    36:3b:cc:f1:6a:85:81:5a:e4:6f:e0:4e:32:d6:18:
                    75:f9:af:a2:12:1e:cc:05:92:9d:73:39:7e:76:71:
                    21:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3F:4B:07:D0:6A:58:EA:26:09:3F:15:6A:A6:6A:40:45:A0:76:28
            X509v3 Authority Key Identifier:
                keyid:A3:5D:AA:E5:48:36:81:3F:EB:72:D5:B4:5E:D4:04:22:37:AA:0B:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o12q5Ug2gT_rctW0XtQEIjeqC9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/e55af7-b7fb-40f3-bad3-203d5e009223/1/CD9LB9BqWOomCT8VaqZqQEWgdig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/e55af7-b7fb-40f3-bad3-203d5e009223/1/o12q5Ug2gT_rctW0XtQEIjeqC9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:cb:d6:d8:64:9c:6e:73:cd:b7:2f:f6:e3:7f:c6:78:40:9e:
         53:93:6a:05:4a:5a:c8:3e:76:fa:60:d6:fa:9c:f1:af:46:a9:
         58:c0:1b:09:6a:44:fb:af:b9:3d:2d:3f:4a:80:87:71:1f:ca:
         51:c0:bf:75:53:4a:e9:75:09:da:f0:f1:4d:58:12:b8:67:3b:
         04:c5:9c:8b:ce:cf:dd:64:95:e5:e1:6a:5d:6b:1d:e9:bb:cd:
         66:cb:64:39:c9:77:4c:50:60:1b:a1:20:51:fe:a6:2b:f7:30:
         ab:9a:49:74:f8:5b:e0:16:40:57:ac:c3:27:34:0a:05:cd:7b:
         bf:86:5f:dd:75:04:2a:67:ba:53:54:13:12:20:7f:d8:5e:91:
         5c:16:c6:c5:50:54:ea:6d:01:84:51:67:d1:9b:a3:a4:ac:b8:
         54:89:42:dc:f7:25:2c:77:c7:68:4e:dc:cc:07:f7:aa:90:ce:
         0c:a8:d6:f4:ad:c9:ef:4c:c5:fa:77:8e:6e:fe:fd:4d:21:46:
         96:91:4d:0f:2b:1d:e1:58:7a:6f:6f:89:1b:eb:21:c4:20:9a:
         a1:98:2c:0f:e9:4f:f1:5e:24:4b:0b:a5:61:ff:ee:18:9a:22:
         48:10:b1:a4:61:8d:5d:c5:cd:9a:48:7e:a9:8a:c3:02:e2:e1:
         ab:0d:77:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsU6x881/ZSS6E1McS3330MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNWRhYWU1NDgzNjgxM2ZlYjcyZDViNDVlZDQwNDIyMzdh
YTBiZDYwHhcNMjMwMTAxMDc1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNmNGIwN2QwNmE1OGVhMjYwOTNmMTU2YWE2NmE0MDQ1YTA3NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj19IVedjadVji6XBSxPUR5W/HUah
6g5tdHotkUhWCMzoAzLrtwk8p7FBiNWDNdvQHSJwZkrqCn/ZQqVON4mp9glZCWdD
NiUgaASa1Ql+zwaua8UVjreR4Jsg0Fb1UHGYJhhU2yR66F5nBBjHnnhDF7rbFWSz
ow1mkvfzNlG7y+YurPA7wC5qc5Ucjh6IlxM/qdh9eIKcMiObi4JSbrPprO645Yp5
75UDB4xkq2NZEwOGixMQ+jKtSMrqbCPujXLXWo93BRMtv5iYG6siEAVhmPYwaRVJ
IedBi9MX0hrqZiA2O8zxaoWBWuRv4E4y1hh1+a+iEh7MBZKdczl+dnEhwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg/SwfQaljqJgk/FWqmakBFoHYoMB8GA1UdIwQY
MBaAFKNdquVINoE/63LVtF7UBCI3qgvWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzEycTVVZzJnVF9yY3RXMFh0UUVJamVxQzlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9lNTVhZjctYjdmYi00MGYzLWJhZDMt
MjAzZDVlMDA5MjIzLzEvQ0Q5TEI5QnFXT29tQ1Q4VmFxWnFRRVdnZGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9lNTVhZjctYjdmYi00MGYzLWJhZDMtMjAzZDVlMDA5MjIz
LzEvbzEycTVVZzJnVF9yY3RXMFh0UUVJamVxQzlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYDwMA0G
CSqGSIb3DQEBCwUAA4IBAQBEy9bYZJxuc823L/bjf8Z4QJ5Tk2oFSlrIPnb6YNb6
nPGvRqlYwBsJakT7r7k9LT9KgIdxH8pRwL91U0rpdQna8PFNWBK4ZzsExZyLzs/d
ZJXl4Wpdax3pu81my2Q5yXdMUGAboSBR/qYr9zCrmkl0+FvgFkBXrMMnNAoFzXu/
hl/ddQQqZ7pTVBMSIH/YXpFcFsbFUFTqbQGEUWfRm6OkrLhUiULc9yUsd8doTtzM
B/eqkM4MqNb0rcnvTMX6d45u/v1NIUaWkU0PKx3hWHpvb4kb6yHEIJqhmCwP6U/x
XiRLC6Vh/+4YmiJIELGkYY1dxc2aSH6pisMC4uGrDXeS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:22 2024 by rpki-client on console-fra.rpki-client.org