Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/b6ec6b-b9b5-463f-81a1-389669483cce/1/B4hJlUyQMMpMvss7-Qv0gm3QkFI.roa
File:                     B4hJlUyQMMpMvss7-Qv0gm3QkFI.roa (raw, json)
Hash identifier:          bWfDkgZgN+alhDA5zHRmvw4z1n5AU7QzCJnXfgfv3aE=
Subject key identifier:   07:88:49:95:4C:90:30:CA:4C:BE:CB:3B:F9:0B:F4:82:6D:D0:90:52
Certificate issuer:       /CN=3d86ea38e021f0a960152cfb7010b4b0e2e9f9e7
Certificate serial:       05295070
Authority key identifier: 3D:86:EA:38:E0:21:F0:A9:60:15:2C:FB:70:10:B4:B0:E2:E9:F9:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYbqOOAh8KlgFSz7cBC0sOLp-ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/b6ec6b-b9b5-463f-81a1-389669483cce/1/B4hJlUyQMMpMvss7-Qv0gm3QkFI.roa
Signing time:             Sat 01 Jan 2022 13:07:09 +0000
ROA not before:           Sat 01 Jan 2022 13:07:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     53856
IP address blocks:        91.223.133.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 86593648 (0x5295070)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d86ea38e021f0a960152cfb7010b4b0e2e9f9e7
        Validity
            Not Before: Jan  1 13:07:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=078849954c9030ca4cbecb3bf90bf4826dd09052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:01:38:bf:75:97:74:37:17:52:3e:2a:38:4a:
                    18:05:5d:e2:f3:a5:b0:df:a4:d1:2d:50:5a:bd:c6:
                    b9:84:d4:66:02:b2:2d:bf:61:8f:78:fb:e8:b8:d2:
                    0d:d3:90:05:b8:08:ac:6c:19:26:20:f6:6b:00:4e:
                    96:1f:f5:1b:35:d6:50:74:cb:3f:22:45:e8:ed:75:
                    a5:2f:5a:c5:74:65:8d:63:d6:05:8e:bd:2a:34:b1:
                    47:0f:79:b8:9a:34:51:a0:79:e3:3a:ad:b2:77:d8:
                    0c:6e:ba:2a:03:04:f4:5a:25:b8:ab:d3:d2:33:24:
                    81:ed:65:f5:57:03:e4:29:ad:a5:22:5e:07:25:91:
                    ff:eb:05:e4:e6:92:cf:94:e7:02:c7:65:06:fc:0d:
                    e2:bd:00:07:ed:e3:59:10:ce:63:b0:5a:bd:e4:e3:
                    29:cc:d7:76:6c:b1:b9:be:90:e4:ac:6c:4c:45:af:
                    f1:fc:c9:93:a5:be:83:6c:ec:2d:67:01:6b:88:77:
                    b8:9a:48:c4:96:f2:83:73:71:84:23:0a:fa:d8:10:
                    7c:75:3e:36:e2:ff:34:ee:4d:b3:06:dc:a0:28:3b:
                    31:04:af:2c:f6:c7:6c:48:f0:25:9b:c9:bc:5b:49:
                    9b:77:01:23:76:cc:c7:eb:3c:59:45:49:e5:88:06:
                    96:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:88:49:95:4C:90:30:CA:4C:BE:CB:3B:F9:0B:F4:82:6D:D0:90:52
            X509v3 Authority Key Identifier:
                keyid:3D:86:EA:38:E0:21:F0:A9:60:15:2C:FB:70:10:B4:B0:E2:E9:F9:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYbqOOAh8KlgFSz7cBC0sOLp-ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b6ec6b-b9b5-463f-81a1-389669483cce/1/B4hJlUyQMMpMvss7-Qv0gm3QkFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b6ec6b-b9b5-463f-81a1-389669483cce/1/PYbqOOAh8KlgFSz7cBC0sOLp-ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f1:a3:f9:a5:32:94:43:40:d7:26:b5:94:e0:31:b7:8e:7b:
         da:d9:b3:64:a8:ba:6a:4a:85:f1:59:7b:89:3f:70:9a:94:bd:
         6a:1c:66:69:6c:bc:3f:64:53:e9:3a:5f:be:6a:3e:df:fb:60:
         35:08:9c:fa:3d:38:76:f9:42:99:55:34:c7:3c:fb:df:6b:38:
         ef:b3:a1:d1:de:62:fc:88:f2:a0:16:8b:53:fd:25:a3:5d:d2:
         5b:d1:88:13:08:3d:ce:f1:43:3e:82:ff:73:4b:c7:0b:f0:db:
         55:97:1d:8d:cb:b2:e1:12:c8:17:37:ec:cc:21:56:38:49:eb:
         e7:02:b8:69:5a:a0:6c:b9:1e:20:cf:47:7b:d1:aa:94:a1:b9:
         17:6c:79:45:f5:03:36:e6:2e:2f:11:c4:e3:de:ac:c9:33:78:
         ef:65:94:fe:c5:6f:b3:92:3b:7e:26:ae:9e:5b:4e:64:ff:f9:
         e5:e4:e2:97:20:56:b9:04:71:0f:97:c4:ad:bc:82:45:0e:54:
         0a:8e:2f:ba:bf:ab:57:26:5d:c6:d8:a9:92:72:07:18:f9:d1:
         22:1d:11:60:d5:65:0e:7f:d2:cd:89:9a:a9:b0:e1:db:35:13:
         21:fe:ec:2b:a1:f7:4f:57:1e:e5:d9:49:75:65:51:61:31:7c:
         0a:89:bc:80
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBSlQcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZDg2ZWEzOGUwMjFmMGE5NjAxNTJjZmI3MDEwYjRiMGUyZTlmOWU3MB4XDTIyMDEw
MTEzMDcwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDc4ODQ5OTU0Yzkw
MzBjYTRjYmVjYjNiZjkwYmY0ODI2ZGQwOTA1MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM0BOL91l3Q3F1I+KjhKGAVd4vOlsN+k0S1QWr3GuYTUZgKy
Lb9hj3j76LjSDdOQBbgIrGwZJiD2awBOlh/1GzXWUHTLPyJF6O11pS9axXRljWPW
BY69KjSxRw95uJo0UaB54zqtsnfYDG66KgME9FoluKvT0jMkge1l9VcD5CmtpSJe
ByWR/+sF5OaSz5TnAsdlBvwN4r0AB+3jWRDOY7BaveTjKczXdmyxub6Q5KxsTEWv
8fzJk6W+g2zsLWcBa4h3uJpIxJbyg3NxhCMK+tgQfHU+NuL/NO5NswbcoCg7MQSv
LPbHbEjwJZvJvFtJm3cBI3bMx+s8WUVJ5YgGlq8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQHiEmVTJAwyky+yzv5C/SCbdCQUjAfBgNVHSMEGDAWgBQ9huo44CHwqWAV
LPtwELSw4un55zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BZYnFPT0FoOEtsZ0ZTejdjQkMwc09McC1lYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODQvYjZlYzZiLWI5YjUtNDYzZi04MWExLTM4OTY2OTQ4M2NjZS8x
L0I0aEpsVXlRTU1wTXZzczctUXYwZ20zUWtGSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQv
YjZlYzZiLWI5YjUtNDYzZi04MWExLTM4OTY2OTQ4M2NjZS8xL1BZYnFPT0FoOEts
Z0ZTejdjQkMwc09McC1lYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvfhTANBgkqhkiG9w0BAQsFAAOC
AQEAf/Gj+aUylENA1ya1lOAxt4572tmzZKi6akqF8Vl7iT9wmpS9ahxmaWy8P2RT
6Tpfvmo+3/tgNQic+j04dvlCmVU0xzz732s477Oh0d5i/IjyoBaLU/0lo13SW9GI
Ewg9zvFDPoL/c0vHC/DbVZcdjcuy4RLIFzfszCFWOEnr5wK4aVqgbLkeIM9He9Gq
lKG5F2x5RfUDNuYuLxHE496syTN472WU/sVvs5I7fiaunltOZP/55eTilyBWuQRx
D5fErbyCRQ5UCo4vur+rVyZdxtipknIHGPnRIh0RYNVlDn/SzYmaqbDh2zUTIf7s
K6H3T1ce5dlJdWVRYTF8Com8gA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:27 2023 by rpki-client on console-ams.rpki-client.org