Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/Hn_1rK96FEov3-WACPeKxfKTBHA.roa
File:                     Hn_1rK96FEov3-WACPeKxfKTBHA.roa (raw, json)
Hash identifier:          nl3fKt/sF05rG/76b6erUwhVs64irALy4NvmFDE77NA=
Subject key identifier:   1E:7F:F5:AC:AF:7A:14:4A:2F:DF:E5:80:08:F7:8A:C5:F2:93:04:70
Certificate issuer:       /CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
Certificate serial:       0188FA96F52402CC91876467644E5D2269AC
Authority key identifier: 60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/Hn_1rK96FEov3-WACPeKxfKTBHA.roa
Signing time:             Tue 27 Jun 2023 02:02:57 +0000
ROA not before:           Tue 27 Jun 2023 02:02:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40065
IP address blocks:        45.156.221.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fa:96:f5:24:02:cc:91:87:64:67:64:4e:5d:22:69:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
        Validity
            Not Before: Jun 27 02:02:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e7ff5acaf7a144a2fdfe58008f78ac5f2930470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ae:44:5b:56:a4:db:77:06:07:30:e2:68:84:
                    88:b1:e0:53:c0:a1:50:06:8f:d7:04:74:99:70:53:
                    d9:3c:8d:fe:60:e0:75:c0:82:9e:af:df:42:fe:05:
                    90:4e:17:26:6d:e4:04:7f:f7:59:35:76:ec:fa:a8:
                    5d:13:40:48:aa:f2:28:a4:c1:76:62:d0:43:2d:b1:
                    98:99:8a:51:5c:44:ab:10:e9:a0:fa:91:6b:b8:f5:
                    5f:32:9d:73:69:95:3c:99:c1:ed:63:30:d9:fb:d0:
                    a9:b1:82:03:46:15:f3:a1:4b:55:7c:25:0d:24:7c:
                    bd:19:c5:d1:d5:c6:e7:81:ee:43:fd:25:13:e1:1c:
                    6e:bd:b3:3b:83:05:30:d7:d7:1f:74:bb:6a:75:b9:
                    c5:83:a7:d6:84:e7:24:be:fe:d2:27:05:f6:b5:32:
                    9a:7e:47:fb:b2:fb:8f:85:49:a4:f5:75:81:77:da:
                    19:ef:a7:09:52:a3:cf:e1:18:db:40:f3:ce:d5:6a:
                    99:96:88:04:94:2d:63:e6:2c:60:a8:09:a4:c6:a3:
                    44:c3:50:56:0f:d1:f9:75:12:1b:94:bc:0e:f2:81:
                    b5:bd:1f:16:af:f8:3d:c0:86:c0:73:b1:cb:96:10:
                    82:6e:3e:9f:c5:cf:ed:7e:80:ab:75:4b:58:88:5c:
                    a8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:7F:F5:AC:AF:7A:14:4A:2F:DF:E5:80:08:F7:8A:C5:F2:93:04:70
            X509v3 Authority Key Identifier:
                keyid:60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/Hn_1rK96FEov3-WACPeKxfKTBHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/YMmqi3HlSL11ZbpmP6MvfRrsQas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:58:d3:fc:e1:a2:93:e2:e4:91:4c:fd:7c:87:02:a9:65:05:
         91:4c:a8:37:35:24:07:54:2c:0a:e6:f8:08:c9:96:b9:93:55:
         af:0d:50:a6:44:8d:f1:38:6b:53:cf:9e:7d:c4:94:f9:73:e1:
         53:08:3c:22:20:53:64:4d:67:21:06:65:5e:55:7c:4c:65:5b:
         8b:1d:b5:1f:37:b7:24:05:39:cf:5a:64:f2:88:8c:8f:02:f7:
         a1:45:e3:38:88:84:1a:6e:a8:31:71:f2:fc:c6:2b:7d:f0:b0:
         11:a0:2f:38:42:15:f4:37:bd:d2:0a:21:95:92:68:18:9b:dc:
         73:03:a1:26:61:bf:1e:a3:4b:79:de:1d:ae:27:f0:f5:bf:13:
         62:4b:ac:7d:32:84:13:c3:83:9a:d4:71:e4:97:06:6e:2f:a3:
         e3:3e:f7:67:2f:37:05:f1:39:c9:31:29:79:d9:dd:79:51:c7:
         49:c5:82:50:56:02:a5:d3:d8:43:71:ac:e7:62:ad:9a:c0:c7:
         74:78:cd:0a:b8:47:ba:79:fd:96:ea:72:cb:3c:45:e5:e2:c9:
         3f:9e:ee:5e:1e:a4:57:7a:c8:39:6f:d5:1c:72:5c:75:4f:3f:
         5a:9c:23:e4:1a:62:24:5e:e3:e7:19:bc:16:9e:79:56:59:34:
         30:bb:4d:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYj6lvUkAsyRh2RnZE5dImmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzlhYThiNzFlNTQ4YmQ3NTY1YmE2NjNmYTMyZjdkMWFl
YzQxYWIwHhcNMjMwNjI3MDIwMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTdmZjVhY2FmN2ExNDRhMmZkZmU1ODAwOGY3OGFjNWYyOTMwNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArq5EW1ak23cGBzDiaISIseBTwKFQ
Bo/XBHSZcFPZPI3+YOB1wIKer99C/gWQThcmbeQEf/dZNXbs+qhdE0BIqvIopMF2
YtBDLbGYmYpRXESrEOmg+pFruPVfMp1zaZU8mcHtYzDZ+9CpsYIDRhXzoUtVfCUN
JHy9GcXR1cbnge5D/SUT4RxuvbM7gwUw19cfdLtqdbnFg6fWhOckvv7SJwX2tTKa
fkf7svuPhUmk9XWBd9oZ76cJUqPP4RjbQPPO1WqZlogElC1j5ixgqAmkxqNEw1BW
D9H5dRIblLwO8oG1vR8Wr/g9wIbAc7HLlhCCbj6fxc/tfoCrdUtYiFyoBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5/9ayvehRKL9/lgAj3isXykwRwMB8GA1UdIwQY
MBaAFGDJqotx5Ui9dWW6Zj+jL30a7EGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTIt
YzhhY2NlMTU2ZjBkLzEvSG5fMXJLOTZGRW92My1XQUNQZUt4ZktUQkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTItYzhhY2NlMTU2ZjBk
LzEvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzdMA0G
CSqGSIb3DQEBCwUAA4IBAQA8WNP84aKT4uSRTP18hwKpZQWRTKg3NSQHVCwK5vgI
yZa5k1WvDVCmRI3xOGtTz559xJT5c+FTCDwiIFNkTWchBmVeVXxMZVuLHbUfN7ck
BTnPWmTyiIyPAvehReM4iIQabqgxcfL8xit98LARoC84QhX0N73SCiGVkmgYm9xz
A6EmYb8eo0t53h2uJ/D1vxNiS6x9MoQTw4Oa1HHklwZuL6PjPvdnLzcF8TnJMSl5
2d15UcdJxYJQVgKl09hDcaznYq2awMd0eM0KuEe6ef2W6nLLPEXl4sk/nu5eHqRX
esg5b9Ucclx1Tz9anCPkGmIkXuPnGbwWnnlWWTQwu01+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:37 2024 by rpki-client on console-ams.rpki-client.org