Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/b50d8f-a95f-4eca-a822-658bc41b10fa/1/OKNMinHAr4l-xoafNYcpbJEJZHQ.roa
File:                     OKNMinHAr4l-xoafNYcpbJEJZHQ.roa (raw, json)
Hash identifier:          dLBHlFWIhK5IFDmQXwDrGhLOfkK9eOnHoB/6xPgyhM0=
Subject key identifier:   38:A3:4C:8A:71:C0:AF:89:7E:C6:86:9F:35:87:29:6C:91:09:64:74
Certificate issuer:       /CN=33518bbf7115cd8573e0deb8ebe675848f25bdfb
Certificate serial:       018805C978479FD60131ECDCA1E66DAB47D9
Authority key identifier: 33:51:8B:BF:71:15:CD:85:73:E0:DE:B8:EB:E6:75:84:8F:25:BD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M1GLv3EVzYVz4N646-Z1hI8lvfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/b50d8f-a95f-4eca-a822-658bc41b10fa/1/OKNMinHAr4l-xoafNYcpbJEJZHQ.roa
Signing time:             Wed 10 May 2023 13:11:09 +0000
ROA not before:           Wed 10 May 2023 13:11:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5511
IP address blocks:        62.233.52.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:05:c9:78:47:9f:d6:01:31:ec:dc:a1:e6:6d:ab:47:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33518bbf7115cd8573e0deb8ebe675848f25bdfb
        Validity
            Not Before: May 10 13:11:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38a34c8a71c0af897ec6869f3587296c91096474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:16:54:4c:80:55:4c:17:d8:9c:a7:1d:5c:da:
                    96:59:5b:7e:12:bc:43:b7:5f:64:ab:45:08:1b:af:
                    c0:a8:57:c1:55:58:83:32:e3:06:14:8e:59:c3:80:
                    0a:84:54:97:f1:af:1d:74:20:4e:57:1e:e8:5d:f5:
                    74:be:9e:cd:6a:31:f6:29:b6:70:d7:a3:fb:bd:c0:
                    f2:2e:a1:58:0a:6d:72:be:c2:57:2e:53:2e:b7:ec:
                    d1:90:83:17:a7:31:d3:06:c1:3c:24:7c:dd:93:2f:
                    8d:2d:7a:cd:34:fa:89:cf:74:b8:3e:a3:6a:a4:e8:
                    95:7d:9f:6f:46:c9:01:f3:e8:26:34:f0:60:b3:40:
                    5f:cc:64:2f:7f:25:e4:9f:ba:8e:b6:1f:fa:9f:36:
                    36:08:a4:2e:27:01:e7:25:aa:7b:46:7d:04:ae:2c:
                    72:66:cb:35:ed:4b:fd:ec:fa:e2:83:1c:62:f1:c7:
                    0c:7a:03:06:b3:7c:cc:a4:27:7b:d6:c6:f9:38:50:
                    0a:1b:25:48:ce:84:08:1c:70:95:5c:28:b4:3f:fc:
                    a4:ec:c3:bb:2c:80:bd:18:20:d3:c4:9f:8f:70:ed:
                    f4:b1:39:7d:60:78:29:d0:f2:9b:56:26:de:ee:dc:
                    18:a1:aa:e2:e2:d8:b6:f0:13:bc:83:a1:77:6e:df:
                    ff:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:A3:4C:8A:71:C0:AF:89:7E:C6:86:9F:35:87:29:6C:91:09:64:74
            X509v3 Authority Key Identifier:
                keyid:33:51:8B:BF:71:15:CD:85:73:E0:DE:B8:EB:E6:75:84:8F:25:BD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M1GLv3EVzYVz4N646-Z1hI8lvfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/b50d8f-a95f-4eca-a822-658bc41b10fa/1/OKNMinHAr4l-xoafNYcpbJEJZHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/b50d8f-a95f-4eca-a822-658bc41b10fa/1/M1GLv3EVzYVz4N646-Z1hI8lvfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c0:b7:b0:9e:b0:fc:20:9b:a9:58:72:60:3e:8d:6d:31:11:
         9f:80:80:44:c8:f9:ef:52:ff:ee:02:5c:a3:1c:26:eb:ac:ef:
         5c:a2:4e:0f:e0:e9:73:13:66:3a:06:78:b8:77:e1:84:ac:39:
         ed:56:b1:86:0b:5c:de:77:d1:ce:da:21:f8:da:f2:7d:2a:1e:
         48:4d:8d:4c:e5:ff:14:c9:fb:fc:a6:24:40:4e:d8:61:77:bb:
         c0:a2:2a:79:29:d4:9a:03:0a:f8:03:d9:8e:71:3f:38:9b:54:
         de:58:c5:7a:8e:ee:41:16:03:e2:ca:c7:60:58:ef:59:87:dd:
         41:42:09:95:a3:d2:c4:9a:7b:32:f0:2d:68:46:cc:b7:c3:fe:
         0f:1a:84:45:c2:5e:8b:81:1d:e0:a5:c4:4d:23:6e:92:69:fc:
         44:5a:91:a9:51:16:87:1c:13:83:ad:39:91:e2:ee:6f:f3:42:
         e0:be:cb:40:3b:fa:61:d1:02:2d:92:90:17:57:a4:a1:e4:3a:
         55:f0:59:79:d2:ad:d3:9a:af:fc:70:6e:bc:42:6b:7d:22:7d:
         ca:62:6c:af:2f:6b:13:70:20:d2:ff:34:23:6d:b7:17:ee:6d:
         d7:64:69:2b:0f:52:d9:7d:fb:1f:dc:32:34:6f:b8:7c:97:8d:
         80:cf:4f:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYgFyXhHn9YBMezcoeZtq0fZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNTE4YmJmNzExNWNkODU3M2UwZGViOGViZTY3NTg0OGYy
NWJkZmIwHhcNMjMwNTEwMTMxMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGEzNGM4YTcxYzBhZjg5N2VjNjg2OWYzNTg3Mjk2YzkxMDk2NDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhZUTIBVTBfYnKcdXNqWWVt+ErxD
t19kq0UIG6/AqFfBVViDMuMGFI5Zw4AKhFSX8a8ddCBOVx7oXfV0vp7NajH2KbZw
16P7vcDyLqFYCm1yvsJXLlMut+zRkIMXpzHTBsE8JHzdky+NLXrNNPqJz3S4PqNq
pOiVfZ9vRskB8+gmNPBgs0BfzGQvfyXkn7qOth/6nzY2CKQuJwHnJap7Rn0Erixy
Zss17Uv97Prigxxi8ccMegMGs3zMpCd71sb5OFAKGyVIzoQIHHCVXCi0P/yk7MO7
LIC9GCDTxJ+PcO30sTl9YHgp0PKbVibe7twYoari4ti28BO8g6F3bt//ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDijTIpxwK+JfsaGnzWHKWyRCWR0MB8GA1UdIwQY
MBaAFDNRi79xFc2Fc+DeuOvmdYSPJb37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTFHTHYzRVZ6WVZ6NE42NDYtWjFoSThsdmZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iNTBkOGYtYTk1Zi00ZWNhLWE4MjIt
NjU4YmM0MWIxMGZhLzEvT0tOTWluSEFyNGwteG9hZk5ZY3BiSkVKWkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iNTBkOGYtYTk1Zi00ZWNhLWE4MjItNjU4YmM0MWIxMGZh
LzEvTTFHTHYzRVZ6WVZ6NE42NDYtWjFoSThsdmZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuk0MA0G
CSqGSIb3DQEBCwUAA4IBAQAjwLewnrD8IJupWHJgPo1tMRGfgIBEyPnvUv/uAlyj
HCbrrO9cok4P4OlzE2Y6Bni4d+GErDntVrGGC1zed9HO2iH42vJ9Kh5ITY1M5f8U
yfv8piRATthhd7vAoip5KdSaAwr4A9mOcT84m1TeWMV6ju5BFgPiysdgWO9Zh91B
QgmVo9LEmnsy8C1oRsy3w/4PGoRFwl6LgR3gpcRNI26SafxEWpGpURaHHBODrTmR
4u5v80LgvstAO/ph0QItkpAXV6Sh5DpV8Fl50q3Tmq/8cG68Qmt9In3KYmyvL2sT
cCDS/zQjbbcX7m3XZGkrD1LZffsf3DI0b7h8l42Az0+L
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:01 2024 by rpki-client on console-fra.rpki-client.org