Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0c03a7-4bc5-4a46-8f02-d3dd0938f927/1/AeTFu5TnMK3r-u4JVl68-YS3g-E.roa
File:                     AeTFu5TnMK3r-u4JVl68-YS3g-E.roa (raw, json)
Hash identifier:          ooucI8fJ6asit/VsqnyqkbQn+jBXcjyCnRCA9YYpzAM=
Subject key identifier:   01:E4:C5:BB:94:E7:30:AD:EB:FA:EE:09:56:5E:BC:F9:84:B7:83:E1
Certificate issuer:       /CN=a19a39c349f9b85a7d25505f5a4103715c5aa5ac
Certificate serial:       0187ED15DB83F0A492393246ED12D491E1B3
Authority key identifier: A1:9A:39:C3:49:F9:B8:5A:7D:25:50:5F:5A:41:03:71:5C:5A:A5:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZo5w0n5uFp9JVBfWkEDcVxapaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/0c03a7-4bc5-4a46-8f02-d3dd0938f927/1/AeTFu5TnMK3r-u4JVl68-YS3g-E.roa
Signing time:             Fri 05 May 2023 18:04:05 +0000
ROA not before:           Fri 05 May 2023 18:04:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        37.140.221.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ed:15:db:83:f0:a4:92:39:32:46:ed:12:d4:91:e1:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19a39c349f9b85a7d25505f5a4103715c5aa5ac
        Validity
            Not Before: May  5 18:04:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=01e4c5bb94e730adebfaee09565ebcf984b783e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ca:3a:59:c7:4f:24:ad:ab:37:4f:9e:c2:0d:
                    b3:76:50:5c:aa:02:ef:3a:f7:1a:f5:2c:88:a2:12:
                    52:9c:51:c5:84:2b:2d:ba:fa:5d:31:fc:9c:85:19:
                    ee:e8:29:f8:b2:be:0f:2e:57:55:8b:e2:d6:d3:ce:
                    f2:66:aa:c1:fc:6a:23:2f:fa:8b:24:06:ba:21:26:
                    1d:b1:a1:a8:75:92:f3:82:ca:2d:9f:61:a2:9c:9c:
                    59:bf:e8:32:6a:d9:bc:a5:76:37:72:d1:81:ff:6e:
                    fe:84:a2:26:46:34:ce:88:ac:9f:89:91:d2:4f:9e:
                    64:5b:45:ab:d3:d1:12:94:ca:77:f8:68:26:84:3a:
                    af:58:e9:97:bf:51:8e:1b:16:18:aa:d3:3c:5a:99:
                    8d:18:0c:c9:1c:e1:5d:01:3d:90:d8:0a:e6:a9:69:
                    92:c1:76:ce:a3:04:86:ea:72:e4:d1:da:b5:10:e9:
                    86:11:34:09:a9:11:c2:de:e0:6e:e2:f6:35:e8:94:
                    59:8a:16:00:d7:25:bb:e9:a9:21:b0:9f:b7:e7:63:
                    04:a1:11:3b:7f:f2:ec:4d:5a:63:65:a8:b5:5c:da:
                    c0:11:9f:8b:46:07:11:22:57:54:88:ab:3f:5f:8e:
                    0d:b4:48:c1:ad:8f:aa:6b:de:92:bd:b2:c1:91:94:
                    fb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E4:C5:BB:94:E7:30:AD:EB:FA:EE:09:56:5E:BC:F9:84:B7:83:E1
            X509v3 Authority Key Identifier:
                keyid:A1:9A:39:C3:49:F9:B8:5A:7D:25:50:5F:5A:41:03:71:5C:5A:A5:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZo5w0n5uFp9JVBfWkEDcVxapaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0c03a7-4bc5-4a46-8f02-d3dd0938f927/1/AeTFu5TnMK3r-u4JVl68-YS3g-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0c03a7-4bc5-4a46-8f02-d3dd0938f927/1/oZo5w0n5uFp9JVBfWkEDcVxapaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:75:dd:d3:26:49:ea:ac:3a:46:9f:41:9f:99:ae:0f:dd:f2:
         cf:43:03:0b:e9:94:21:56:9f:3a:09:6c:20:40:41:62:4f:96:
         bb:ae:f2:e5:c1:7e:3d:2f:02:b5:77:69:f3:2c:2b:80:06:de:
         3f:ec:e7:0c:37:55:39:2c:38:ad:17:4a:1f:c1:02:cb:2a:89:
         07:51:25:f4:37:b4:ad:b4:d2:86:db:08:92:bc:b2:9d:36:13:
         a1:55:a2:e8:41:a1:52:27:74:0d:c0:29:3c:cd:98:cd:0b:62:
         83:3b:34:3d:3e:8d:d8:1d:bb:f2:09:11:5a:c3:67:0c:88:68:
         f9:ae:df:54:fb:26:ea:6b:44:22:41:f4:75:df:42:05:76:c2:
         61:da:3e:d4:16:04:dd:62:6f:20:79:38:a2:7b:b5:11:da:be:
         b6:c6:87:0b:1d:5f:fe:f4:5e:1d:af:92:a4:fc:81:bd:4d:75:
         82:f8:1d:d4:7c:86:61:e6:5c:24:17:9c:2e:f1:81:46:9f:c5:
         9a:a9:10:6c:9a:5a:f4:aa:fb:60:b8:5c:d3:b4:94:79:ad:b7:
         fd:90:ea:40:7c:e5:83:11:c5:35:c3:24:df:1b:f3:91:4e:88:
         cf:bc:db:8d:56:56:ca:7f:b3:09:a0:3a:43:84:b6:cf:6d:06:
         bd:86:47:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYftFduD8KSSOTJG7RLUkeGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOWEzOWMzNDlmOWI4NWE3ZDI1NTA1ZjVhNDEwMzcxNWM1
YWE1YWMwHhcNMjMwNTA1MTgwNDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWU0YzViYjk0ZTczMGFkZWJmYWVlMDk1NjVlYmNmOTg0Yjc4M2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqso6WcdPJK2rN0+ewg2zdlBcqgLv
Ovca9SyIohJSnFHFhCstuvpdMfychRnu6Cn4sr4PLldVi+LW087yZqrB/GojL/qL
JAa6ISYdsaGodZLzgsotn2GinJxZv+gyatm8pXY3ctGB/27+hKImRjTOiKyfiZHS
T55kW0Wr09ESlMp3+GgmhDqvWOmXv1GOGxYYqtM8WpmNGAzJHOFdAT2Q2ArmqWmS
wXbOowSG6nLk0dq1EOmGETQJqRHC3uBu4vY16JRZihYA1yW76akhsJ+352MEoRE7
f/LsTVpjZai1XNrAEZ+LRgcRIldUiKs/X44NtEjBrY+qa96SvbLBkZT7mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHkxbuU5zCt6/ruCVZevPmEt4PhMB8GA1UdIwQY
MBaAFKGaOcNJ+bhafSVQX1pBA3FcWqWsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1pvNXcwbjV1RnA5SlZCZldrRURjVnhhcGF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wYzAzYTctNGJjNS00YTQ2LThmMDIt
ZDNkZDA5MzhmOTI3LzEvQWVURnU1VG5NSzNyLXU0SlZsNjgtWVMzZy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wYzAzYTctNGJjNS00YTQ2LThmMDItZDNkZDA5MzhmOTI3
LzEvb1pvNXcwbjV1RnA5SlZCZldrRURjVnhhcGF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYzdMA0G
CSqGSIb3DQEBCwUAA4IBAQBQdd3TJknqrDpGn0Gfma4P3fLPQwML6ZQhVp86CWwg
QEFiT5a7rvLlwX49LwK1d2nzLCuABt4/7OcMN1U5LDitF0ofwQLLKokHUSX0N7St
tNKG2wiSvLKdNhOhVaLoQaFSJ3QNwCk8zZjNC2KDOzQ9Po3YHbvyCRFaw2cMiGj5
rt9U+ybqa0QiQfR130IFdsJh2j7UFgTdYm8geTiie7UR2r62xocLHV/+9F4dr5Kk
/IG9TXWC+B3UfIZh5lwkF5wu8YFGn8WaqRBsmlr0qvtguFzTtJR5rbf9kOpAfOWD
EcU1wyTfG/ORTojPvNuNVlbKf7MJoDpDhLbPbQa9hkf4
-----END CERTIFICATE-----
Generated at Wed Aug 23 08:33:52 2023 by rpki-client on console-ams.rpki-client.org