Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/984602-4a90-4551-bf49-2edbdfaff47e/1/pziRjDzxN3fVIH1Gl8rVS285vhk.roa
File:                     pziRjDzxN3fVIH1Gl8rVS285vhk.roa (raw, json)
Hash identifier:          kIe47+wdeASSkM5THivfRhoBiE8jizIR/+ZSEZXL2lU=
Subject key identifier:   A7:38:91:8C:3C:F1:37:77:D5:20:7D:46:97:CA:D5:4B:6F:39:BE:19
Certificate issuer:       /CN=647c0936487ec5d803e4d5a9a5100c4651f45437
Certificate serial:       01859C24D8D0C4E9610DB45C711FB99C34D7
Authority key identifier: 64:7C:09:36:48:7E:C5:D8:03:E4:D5:A9:A5:10:0C:46:51:F4:54:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZHwJNkh-xdgD5NWppRAMRlH0VDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/984602-4a90-4551-bf49-2edbdfaff47e/1/pziRjDzxN3fVIH1Gl8rVS285vhk.roa
Signing time:             Tue 10 Jan 2023 14:45:38 +0000
ROA not before:           Tue 10 Jan 2023 14:45:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        185.64.78.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:9c:24:d8:d0:c4:e9:61:0d:b4:5c:71:1f:b9:9c:34:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=647c0936487ec5d803e4d5a9a5100c4651f45437
        Validity
            Not Before: Jan 10 14:45:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a738918c3cf13777d5207d4697cad54b6f39be19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6f:14:a0:61:7f:e2:aa:20:8a:c4:83:1d:36:
                    a4:ce:d9:e0:c2:d7:10:c9:1d:d4:77:66:05:28:88:
                    fd:c8:fa:79:14:16:65:59:08:1c:1d:92:e7:ca:e7:
                    6d:59:46:d1:1f:92:d0:d6:44:cd:7d:43:f9:82:b5:
                    18:b9:49:31:45:ca:a7:15:f2:29:b1:55:ba:92:e9:
                    23:46:be:af:36:c2:34:89:7c:a2:6f:97:c9:11:d7:
                    1b:5a:77:be:eb:7c:6f:7c:a3:5c:bc:29:07:63:3c:
                    c8:85:86:69:b7:6d:4b:de:22:1b:ec:63:1b:90:3a:
                    a7:0f:cb:ae:1a:48:ac:3d:2b:f7:4e:55:c5:ab:9a:
                    06:79:17:b5:41:8a:8c:6b:44:46:5c:53:bf:5f:bf:
                    7e:a7:2d:9e:30:5c:a4:93:e3:28:39:bb:36:a0:b1:
                    7d:b9:4f:f1:89:2a:06:58:d5:8d:d1:d2:41:a2:63:
                    57:0b:2c:ac:71:1e:14:94:6f:5a:7c:b5:be:69:79:
                    87:ce:6e:59:f8:02:12:16:a6:b0:7a:f0:fd:00:b2:
                    0c:01:d2:b6:94:39:ff:dc:d5:4a:65:c6:1f:a6:e0:
                    84:c5:c1:6b:2c:49:ad:b8:a0:07:5e:f1:a7:4c:8b:
                    f1:d5:87:ad:de:3d:f8:c5:56:df:81:a7:60:c5:78:
                    39:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:38:91:8C:3C:F1:37:77:D5:20:7D:46:97:CA:D5:4B:6F:39:BE:19
            X509v3 Authority Key Identifier:
                keyid:64:7C:09:36:48:7E:C5:D8:03:E4:D5:A9:A5:10:0C:46:51:F4:54:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZHwJNkh-xdgD5NWppRAMRlH0VDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/984602-4a90-4551-bf49-2edbdfaff47e/1/pziRjDzxN3fVIH1Gl8rVS285vhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/984602-4a90-4551-bf49-2edbdfaff47e/1/ZHwJNkh-xdgD5NWppRAMRlH0VDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:2d:06:1d:6c:39:8e:68:1a:cd:37:87:c2:ca:59:8c:c2:7b:
         f4:98:36:a1:68:f5:8d:10:67:94:ea:0a:6e:a2:95:88:b1:37:
         bb:80:af:3d:21:93:ab:5c:13:00:de:40:cf:d1:67:56:20:7a:
         e8:37:87:74:fc:b4:d3:fc:14:f0:03:e8:9e:18:be:2f:3b:55:
         76:18:75:f5:f2:92:c9:da:f0:a0:ac:e9:4b:64:ba:db:ef:8f:
         4b:60:cc:b7:03:a6:63:fe:23:f6:95:28:1c:5c:a4:6f:9a:e5:
         05:e5:59:cb:4f:2b:5c:9e:e8:c4:e2:44:84:f6:06:2a:87:4d:
         9b:3c:ff:2c:5f:c4:78:ad:2b:7f:85:39:37:7a:48:98:cb:de:
         95:56:37:8c:ae:f9:62:be:a9:7c:26:ed:1e:c8:29:0a:82:e9:
         ef:4f:ed:c8:51:f0:6a:d8:77:f2:2f:9b:9f:be:57:d6:01:ed:
         3c:01:5f:1f:b4:5a:d2:9c:b5:25:fb:e5:7e:6a:02:5e:a3:fe:
         76:93:65:52:79:b9:1f:26:74:25:42:c1:b2:79:09:3f:90:1c:
         84:ca:1e:b9:f2:21:bd:87:54:44:46:41:53:0f:fb:45:f0:ea:
         a5:22:70:12:33:8a:a5:a5:b7:83:f5:30:38:61:10:24:70:c3:
         c5:16:62:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWcJNjQxOlhDbRccR+5nDTXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0N2MwOTM2NDg3ZWM1ZDgwM2U0ZDVhOWE1MTAwYzQ2NTFm
NDU0MzcwHhcNMjMwMTEwMTQ0NTM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzM4OTE4YzNjZjEzNzc3ZDUyMDdkNDY5N2NhZDU0YjZmMzliZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAom8UoGF/4qogisSDHTakztngwtcQ
yR3Ud2YFKIj9yPp5FBZlWQgcHZLnyudtWUbRH5LQ1kTNfUP5grUYuUkxRcqnFfIp
sVW6kukjRr6vNsI0iXyib5fJEdcbWne+63xvfKNcvCkHYzzIhYZpt21L3iIb7GMb
kDqnD8uuGkisPSv3TlXFq5oGeRe1QYqMa0RGXFO/X79+py2eMFykk+MoObs2oLF9
uU/xiSoGWNWN0dJBomNXCyyscR4UlG9afLW+aXmHzm5Z+AISFqawevD9ALIMAdK2
lDn/3NVKZcYfpuCExcFrLEmtuKAHXvGnTIvx1Yet3j34xVbfgadgxXg5dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKc4kYw88Td31SB9RpfK1UtvOb4ZMB8GA1UdIwQY
MBaAFGR8CTZIfsXYA+TVqaUQDEZR9FQ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkh3Sk5raC14ZGdENU5XcHBSQU1SbEgwVkRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ODQ2MDItNGE5MC00NTUxLWJmNDkt
MmVkYmRmYWZmNDdlLzEvcHppUmpEenhOM2ZWSUgxR2w4clZTMjg1dmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ODQ2MDItNGE5MC00NTUxLWJmNDktMmVkYmRmYWZmNDdl
LzEvWkh3Sk5raC14ZGdENU5XcHBSQU1SbEgwVkRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUBOMA0G
CSqGSIb3DQEBCwUAA4IBAQDRLQYdbDmOaBrNN4fCylmMwnv0mDahaPWNEGeU6gpu
opWIsTe7gK89IZOrXBMA3kDP0WdWIHroN4d0/LTT/BTwA+ieGL4vO1V2GHX18pLJ
2vCgrOlLZLrb749LYMy3A6Zj/iP2lSgcXKRvmuUF5VnLTytcnujE4kSE9gYqh02b
PP8sX8R4rSt/hTk3ekiYy96VVjeMrvlivql8Ju0eyCkKgunvT+3IUfBq2HfyL5uf
vlfWAe08AV8ftFrSnLUl++V+agJeo/52k2VSebkfJnQlQsGyeQk/kByEyh658iG9
h1RERkFTD/tF8OqlInASM4qlpbeD9TA4YRAkcMPFFmJH
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:58:29 2023 by rpki-client on console-fra.rpki-client.org