Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/6788f7-d58f-4835-8522-984a08898459/1/F3JsGQjn9MNZ3mJQyJRbxGy0E-Q.roa
File:                     F3JsGQjn9MNZ3mJQyJRbxGy0E-Q.roa (raw, json)
Hash identifier:          4sPZeawt3QziTxotpJJb5mG/8Ab1vQ+Mdzz+VZEG+Ws=
Subject key identifier:   17:72:6C:19:08:E7:F4:C3:59:DE:62:50:C8:94:5B:C4:6C:B4:13:E4
Certificate issuer:       /CN=0012b9dc976d7ce807e46fea4936c726b0c4a206
Certificate serial:       018ACAAEA336D5C7C4022484E705813188E7
Authority key identifier: 00:12:B9:DC:97:6D:7C:E8:07:E4:6F:EA:49:36:C7:26:B0:C4:A2:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ABK53JdtfOgH5G_qSTbHJrDEogY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/6788f7-d58f-4835-8522-984a08898459/1/F3JsGQjn9MNZ3mJQyJRbxGy0E-Q.roa
Signing time:             Mon 25 Sep 2023 04:52:37 +0000
ROA not before:           Mon 25 Sep 2023 04:52:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2a13:bb40::/29 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ca:ae:a3:36:d5:c7:c4:02:24:84:e7:05:81:31:88:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0012b9dc976d7ce807e46fea4936c726b0c4a206
        Validity
            Not Before: Sep 25 04:52:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17726c1908e7f4c359de6250c8945bc46cb413e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a0:4c:0c:84:cb:c8:a0:bb:c6:b4:f4:5e:4d:
                    1a:b6:5d:17:d2:84:48:99:6c:89:4a:c5:f4:d0:7b:
                    f6:4c:96:6d:a6:63:9f:69:26:bf:ca:15:ce:25:05:
                    b6:55:df:a4:61:3b:52:82:0c:6c:7e:19:1a:d7:f4:
                    3f:40:fc:12:eb:96:12:c3:d2:ad:a4:5d:2c:26:01:
                    89:dc:4d:3d:4f:2e:47:e3:be:1d:74:16:38:bf:6f:
                    01:8d:d3:12:6d:ec:a5:df:9f:17:05:78:bf:d0:4d:
                    fb:a0:97:74:c1:3f:b2:5e:72:39:34:42:04:1c:3f:
                    67:d5:71:b8:e5:61:82:82:42:40:ab:c7:51:dd:a7:
                    9d:c2:0b:e6:1d:b6:e4:47:46:29:fa:f9:2f:b4:29:
                    d8:40:5b:ee:61:79:89:04:a4:17:f1:34:1d:6e:50:
                    94:28:77:24:13:41:0d:47:51:33:ce:9a:9d:d9:c9:
                    4b:55:cc:68:f9:82:07:27:3d:95:a7:85:fe:10:9b:
                    48:c7:0f:09:08:e6:06:65:06:c4:47:e3:c6:5f:76:
                    91:3d:ad:97:b0:e3:13:00:d2:7b:79:18:e9:1d:81:
                    00:05:1a:91:ae:51:df:c0:0b:7b:6e:8a:c8:13:31:
                    e9:e0:aa:cf:d7:72:0f:99:5d:3a:81:e5:60:d7:ad:
                    81:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:72:6C:19:08:E7:F4:C3:59:DE:62:50:C8:94:5B:C4:6C:B4:13:E4
            X509v3 Authority Key Identifier:
                keyid:00:12:B9:DC:97:6D:7C:E8:07:E4:6F:EA:49:36:C7:26:B0:C4:A2:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ABK53JdtfOgH5G_qSTbHJrDEogY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6788f7-d58f-4835-8522-984a08898459/1/F3JsGQjn9MNZ3mJQyJRbxGy0E-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6788f7-d58f-4835-8522-984a08898459/1/ABK53JdtfOgH5G_qSTbHJrDEogY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:38:9f:a4:d4:00:d8:f1:ee:b1:44:96:10:2f:5a:46:a8:af:
         7a:61:0d:b4:9e:b6:e4:26:fd:b2:bc:76:fb:9a:71:bb:aa:75:
         bc:e1:25:53:05:36:e7:44:79:89:05:87:1e:aa:7f:ef:10:9b:
         85:a4:79:07:89:d2:d7:03:12:9e:68:8a:36:4e:28:28:73:39:
         a0:72:87:a8:c6:78:0c:70:12:bd:4f:34:e6:7e:7d:3a:30:56:
         97:0f:2c:ba:1c:a9:f1:37:36:67:b2:75:fe:3e:a9:e6:b3:a5:
         8c:2d:e9:c9:d5:69:77:4c:1c:dd:de:10:16:bd:b4:86:1b:71:
         30:56:3e:6e:97:27:09:77:18:e9:61:6c:0b:51:a9:64:cd:2e:
         04:e6:c9:94:c4:73:0f:79:2d:b0:4f:a7:f2:7b:ec:37:76:bc:
         b3:27:43:6a:fe:76:c4:48:32:80:50:02:c1:66:a3:f5:3b:61:
         ef:53:b8:de:3d:3b:0e:98:26:93:e8:e3:39:e6:e0:85:04:64:
         0a:0b:b7:5f:9c:76:8c:6e:8e:88:4d:61:6e:ac:69:9b:32:0d:
         22:e5:cf:5f:28:d0:14:79:da:97:10:1c:5d:cc:f2:b8:ce:9d:
         63:b7:2d:32:cb:0b:3c:21:bf:99:93:b8:c2:67:a0:1d:44:ae:
         aa:8d:53:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYrKrqM21cfEAiSE5wWBMYjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMTJiOWRjOTc2ZDdjZTgwN2U0NmZlYTQ5MzZjNzI2YjBj
NGEyMDYwHhcNMjMwOTI1MDQ1MjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzcyNmMxOTA4ZTdmNGMzNTlkZTYyNTBjODk0NWJjNDZjYjQxM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaBMDITLyKC7xrT0Xk0atl0X0oRI
mWyJSsX00Hv2TJZtpmOfaSa/yhXOJQW2Vd+kYTtSggxsfhka1/Q/QPwS65YSw9Kt
pF0sJgGJ3E09Ty5H474ddBY4v28BjdMSbeyl358XBXi/0E37oJd0wT+yXnI5NEIE
HD9n1XG45WGCgkJAq8dR3aedwgvmHbbkR0Yp+vkvtCnYQFvuYXmJBKQX8TQdblCU
KHckE0ENR1Ezzpqd2clLVcxo+YIHJz2Vp4X+EJtIxw8JCOYGZQbER+PGX3aRPa2X
sOMTANJ7eRjpHYEABRqRrlHfwAt7borIEzHp4KrP13IPmV06geVg162B/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBdybBkI5/TDWd5iUMiUW8RstBPkMB8GA1UdIwQY
MBaAFAASudyXbXzoB+Rv6kk2xyawxKIGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUJLNTNKZHRmT2dINUdfcVNUYkhKckRFb2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82Nzg4ZjctZDU4Zi00ODM1LTg1MjIt
OTg0YTA4ODk4NDU5LzEvRjNKc0dRam45TU5aM21KUXlKUmJ4R3kwRS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82Nzg4ZjctZDU4Zi00ODM1LTg1MjItOTg0YTA4ODk4NDU5
LzEvQUJLNTNKZHRmT2dINUdfcVNUYkhKckRFb2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO7QDAN
BgkqhkiG9w0BAQsFAAOCAQEAHzifpNQA2PHusUSWEC9aRqivemENtJ625Cb9srx2
+5pxu6p1vOElUwU250R5iQWHHqp/7xCbhaR5B4nS1wMSnmiKNk4oKHM5oHKHqMZ4
DHASvU805n59OjBWlw8suhyp8Tc2Z7J1/j6p5rOljC3pydVpd0wc3d4QFr20hhtx
MFY+bpcnCXcY6WFsC1GpZM0uBObJlMRzD3ktsE+n8nvsN3a8sydDav52xEgygFAC
wWaj9Tth71O43j07Dpgmk+jjOebghQRkCgu3X5x2jG6OiE1hbqxpmzINIuXPXyjQ
FHnalxAcXczyuM6dY7ctMssLPCG/mZO4wmegHUSuqo1T4g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:29 2024 by rpki-client on console-fra.rpki-client.org