Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/2tOWPhfUKvSpLEQvBwnE422rKJ0.roa
File:                     2tOWPhfUKvSpLEQvBwnE422rKJ0.roa (raw, json)
Hash identifier:          Vpv+c2aUd192wOC3pyF9FbOwJ1hTkP6BK2XvjXYyTV0=
Subject key identifier:   DA:D3:96:3E:17:D4:2A:F4:A9:2C:44:2F:07:09:C4:E3:6D:AB:28:9D
Certificate issuer:       /CN=07217c0634c102c71ba3e444f0688abdd1af4ce8
Certificate serial:       0188B90D18EB8251D5067043377BC12C798C
Authority key identifier: 07:21:7C:06:34:C1:02:C7:1B:A3:E4:44:F0:68:8A:BD:D1:AF:4C:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ByF8BjTBAscbo-RE8GiKvdGvTOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/2tOWPhfUKvSpLEQvBwnE422rKJ0.roa
Signing time:             Wed 14 Jun 2023 08:37:03 +0000
ROA not before:           Wed 14 Jun 2023 08:37:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28788
IP address blocks:        2a03:71e0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b9:0d:18:eb:82:51:d5:06:70:43:37:7b:c1:2c:79:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07217c0634c102c71ba3e444f0688abdd1af4ce8
        Validity
            Not Before: Jun 14 08:37:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dad3963e17d42af4a92c442f0709c4e36dab289d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:89:cb:8c:a5:03:5f:ff:cb:bb:6d:46:db:69:
                    ec:c9:9e:5e:d6:ea:a6:d9:ed:59:f4:32:9f:7a:46:
                    63:43:0e:eb:0d:8a:f6:17:06:56:69:ab:42:81:50:
                    0f:62:e5:e5:d4:9b:66:10:8d:2f:db:29:03:b2:a1:
                    04:de:37:3f:c1:54:49:7c:b3:81:81:54:ef:a5:72:
                    97:4f:25:83:4c:81:16:ad:bf:d2:01:0c:a4:47:4c:
                    ed:9d:9a:c3:44:aa:da:5e:cd:27:f8:63:a6:03:ad:
                    84:6e:cf:72:6c:1d:14:ff:c4:4b:5d:c1:95:3a:f1:
                    a2:b0:a7:5b:7d:2e:c5:ba:ab:6a:e6:3d:f7:4b:78:
                    b3:f5:b8:55:2b:8a:a5:54:70:f2:37:6a:b9:19:e5:
                    6d:37:5d:12:f2:27:6b:cc:e9:83:8c:24:10:e3:e3:
                    5d:f8:e0:26:72:40:35:e8:20:50:12:4f:6b:40:1d:
                    19:47:70:7d:43:6d:07:61:32:8c:fd:11:2f:4c:d2:
                    1e:44:56:61:2a:c8:39:05:54:43:72:4f:9c:75:d5:
                    45:d3:ba:fc:4c:c3:c9:76:ae:e3:92:2b:f6:ee:c2:
                    6b:e6:7c:5e:c5:e5:ef:19:66:00:a3:d5:28:b1:a8:
                    64:5c:39:0b:ad:7a:65:01:50:2d:b5:52:4a:3b:25:
                    8d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D3:96:3E:17:D4:2A:F4:A9:2C:44:2F:07:09:C4:E3:6D:AB:28:9D
            X509v3 Authority Key Identifier:
                keyid:07:21:7C:06:34:C1:02:C7:1B:A3:E4:44:F0:68:8A:BD:D1:AF:4C:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ByF8BjTBAscbo-RE8GiKvdGvTOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/2tOWPhfUKvSpLEQvBwnE422rKJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b41ad4-8500-4f26-9019-0f0bc9f629d3/1/ByF8BjTBAscbo-RE8GiKvdGvTOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:71e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:cf:bc:f7:bc:6a:0e:66:b3:4d:aa:6b:6d:ef:61:79:08:8b:
         0e:a0:96:62:27:62:a7:68:03:a4:16:73:8a:bd:13:3e:26:76:
         24:84:9e:29:b8:87:7c:da:4b:34:98:4f:51:aa:a7:df:a1:74:
         82:e4:13:68:ce:8e:62:1c:66:ec:39:2e:70:d2:f4:ae:89:fc:
         99:ed:0d:15:36:30:ca:cf:d2:ad:5b:41:d6:40:83:1e:12:5e:
         35:05:ba:4c:90:68:1d:36:d2:04:49:c7:c3:7f:e5:29:2a:14:
         d8:f8:6e:5b:79:3b:31:aa:6b:32:85:82:a7:6a:13:4c:bd:ea:
         fd:fe:cb:4a:39:96:51:9f:fb:b1:37:0a:a0:06:73:5a:03:a4:
         47:68:15:a1:e2:19:74:77:b0:e3:0c:67:fd:12:8a:4c:d8:41:
         c8:e2:b4:be:ba:b0:13:b0:1f:3d:d9:97:06:8f:db:e2:a0:8a:
         a0:0a:4d:e1:27:f2:ec:10:12:9e:d6:44:37:5f:2d:15:ae:58:
         03:aa:da:34:1e:79:2a:4a:29:da:c9:79:0e:bd:e9:66:12:f5:
         14:c2:20:3e:8f:f3:f3:f9:0f:81:e8:77:20:0d:75:77:37:13:
         e0:e7:a2:a6:33:02:5b:f3:88:41:d0:af:3e:16:02:99:90:e2:
         88:b5:6a:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYi5DRjrglHVBnBDN3vBLHmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MjE3YzA2MzRjMTAyYzcxYmEzZTQ0NGYwNjg4YWJkZDFh
ZjRjZTgwHhcNMjMwNjE0MDgzNzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQzOTYzZTE3ZDQyYWY0YTkyYzQ0MmYwNzA5YzRlMzZkYWIyODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4nLjKUDX//Lu21G22nsyZ5e1uqm
2e1Z9DKfekZjQw7rDYr2FwZWaatCgVAPYuXl1JtmEI0v2ykDsqEE3jc/wVRJfLOB
gVTvpXKXTyWDTIEWrb/SAQykR0ztnZrDRKraXs0n+GOmA62Ebs9ybB0U/8RLXcGV
OvGisKdbfS7Fuqtq5j33S3iz9bhVK4qlVHDyN2q5GeVtN10S8idrzOmDjCQQ4+Nd
+OAmckA16CBQEk9rQB0ZR3B9Q20HYTKM/REvTNIeRFZhKsg5BVRDck+cddVF07r8
TMPJdq7jkiv27sJr5nxexeXvGWYAo9UosahkXDkLrXplAVAttVJKOyWNFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNrTlj4X1Cr0qSxELwcJxONtqyidMB8GA1UdIwQY
MBaAFAchfAY0wQLHG6PkRPBoir3Rr0zoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnlGOEJqVEJBc2Niby1SRThHaUt2ZEd2VE9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iNDFhZDQtODUwMC00ZjI2LTkwMTkt
MGYwYmM5ZjYyOWQzLzEvMnRPV1BoZlVLdlNwTEVRdkJ3bkU0MjJyS0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iNDFhZDQtODUwMC00ZjI2LTkwMTktMGYwYmM5ZjYyOWQz
LzEvQnlGOEJqVEJBc2Niby1SRThHaUt2ZEd2VE9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNx4DAN
BgkqhkiG9w0BAQsFAAOCAQEAWc+897xqDmazTaprbe9heQiLDqCWYidip2gDpBZz
ir0TPiZ2JISeKbiHfNpLNJhPUaqn36F0guQTaM6OYhxm7DkucNL0ron8me0NFTYw
ys/SrVtB1kCDHhJeNQW6TJBoHTbSBEnHw3/lKSoU2PhuW3k7MaprMoWCp2oTTL3q
/f7LSjmWUZ/7sTcKoAZzWgOkR2gVoeIZdHew4wxn/RKKTNhByOK0vrqwE7AfPdmX
Bo/b4qCKoApN4Sfy7BASntZEN18tFa5YA6raNB55Kkop2sl5Dr3pZhL1FMIgPo/z
8/kPgeh3IA11dzcT4OeipjMCW/OIQdCvPhYCmZDiiLVqKA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:50 2024 by rpki-client on console-ams.rpki-client.org