Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/SYcHBuuDaE7wuk1k9dQMwc1htN0.roa
File:                     SYcHBuuDaE7wuk1k9dQMwc1htN0.roa (raw, json)
Hash identifier:          JqWufOmRFZXEzcMjYAIxfjA7lyftS7ZxsP9l8EwROaY=
Subject key identifier:   49:87:07:06:EB:83:68:4E:F0:BA:4D:64:F5:D4:0C:C1:CD:61:B4:DD
Certificate issuer:       /CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
Certificate serial:       0189DAE6AE4713885C42CAC46FA2EFCE41DD
Authority key identifier: 60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/SYcHBuuDaE7wuk1k9dQMwc1htN0.roa
Signing time:             Wed 09 Aug 2023 15:24:58 +0000
ROA not before:           Wed 09 Aug 2023 15:24:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62904
IP address blocks:        45.156.220.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:da:e6:ae:47:13:88:5c:42:ca:c4:6f:a2:ef:ce:41:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
        Validity
            Not Before: Aug  9 15:24:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49870706eb83684ef0ba4d64f5d40cc1cd61b4dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:b1:21:db:ce:f7:f9:9d:43:b2:ea:91:a2:
                    49:69:b0:86:31:39:6d:58:56:c7:cf:89:2a:eb:c2:
                    43:d3:25:22:48:02:ee:20:c7:c0:61:ea:5a:d6:a8:
                    8b:51:01:70:13:0e:17:f2:ac:f7:00:b5:ab:aa:74:
                    5b:2e:d1:ef:ca:ce:75:bf:6e:5a:6c:27:c6:48:7d:
                    44:36:c9:53:17:22:fe:89:cf:cd:41:fa:0d:b0:87:
                    4b:8c:0b:83:94:5e:cd:b1:e7:e5:cb:75:34:7c:79:
                    97:4f:e4:03:5c:4a:58:19:35:a2:90:81:a1:35:85:
                    98:0f:4b:6b:db:53:a5:a8:76:59:e0:da:cd:25:d4:
                    dd:b9:e3:4c:fe:87:ae:bc:52:91:d5:89:18:3b:c0:
                    d1:7a:dc:fd:9c:38:52:f1:35:4d:c9:e9:c1:d4:87:
                    33:d7:e9:ef:7a:d8:2f:06:f2:a7:42:40:38:27:16:
                    86:4e:b0:2a:fb:ec:ff:6f:e8:c8:8d:09:f2:5e:17:
                    62:17:ec:a4:d7:69:f7:54:59:ec:03:c1:5e:e6:ba:
                    8f:21:8f:39:45:46:16:dc:53:72:a4:5a:a9:3a:ef:
                    c3:a5:3c:19:43:94:f4:f3:23:48:f6:e6:08:5a:30:
                    ba:6b:1c:6e:64:a5:30:25:f2:eb:40:a8:68:96:80:
                    17:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:87:07:06:EB:83:68:4E:F0:BA:4D:64:F5:D4:0C:C1:CD:61:B4:DD
            X509v3 Authority Key Identifier:
                keyid:60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/SYcHBuuDaE7wuk1k9dQMwc1htN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/YMmqi3HlSL11ZbpmP6MvfRrsQas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:78:49:0a:18:39:f5:e7:81:57:08:80:7d:67:d9:4d:51:ce:
         30:56:4a:1a:fa:74:0f:9d:96:4b:ba:5b:47:52:17:fe:62:4c:
         6d:d2:a8:3e:47:04:11:18:ff:50:21:64:09:91:0e:94:17:cc:
         15:b8:a4:e5:5a:4f:d7:95:56:81:c0:20:c3:d9:46:3d:c0:9a:
         ef:0c:24:97:3e:95:5f:b7:b8:6a:53:72:64:dc:76:eb:2d:32:
         5a:00:bb:cf:40:6d:52:1b:38:25:3b:f8:55:ff:74:a2:2c:81:
         00:cd:81:c6:77:48:a8:a7:86:f9:ea:a3:c8:a0:dc:81:dc:5c:
         71:24:db:d4:40:3c:94:06:cf:fc:2c:54:44:45:c3:67:04:57:
         96:bc:78:d9:2b:10:02:8c:b3:fa:99:26:ff:ec:c8:af:4a:ac:
         e8:3c:0d:48:86:69:91:e0:65:1b:40:cf:49:9a:15:ca:30:13:
         9d:b8:3f:aa:b4:12:25:f7:7b:9d:0d:b9:01:57:da:71:05:93:
         16:fd:ab:95:8b:55:78:48:43:b0:99:bb:a4:cb:a5:b0:a1:24:
         c6:9e:1f:3c:59:c0:4f:26:be:29:d2:80:8d:d1:cb:35:33:b3:
         86:50:33:3a:bc:31:8b:a3:c7:32:51:7f:0f:7a:31:cd:27:ef:
         4c:b9:ae:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYna5q5HE4hcQsrEb6LvzkHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzlhYThiNzFlNTQ4YmQ3NTY1YmE2NjNmYTMyZjdkMWFl
YzQxYWIwHhcNMjMwODA5MTUyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTg3MDcwNmViODM2ODRlZjBiYTRkNjRmNWQ0MGNjMWNkNjFiNGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnGxIdvO9/mdQ7LqkaJJabCGMTlt
WFbHz4kq68JD0yUiSALuIMfAYepa1qiLUQFwEw4X8qz3ALWrqnRbLtHvys51v25a
bCfGSH1ENslTFyL+ic/NQfoNsIdLjAuDlF7Nsefly3U0fHmXT+QDXEpYGTWikIGh
NYWYD0tr21OlqHZZ4NrNJdTdueNM/oeuvFKR1YkYO8DRetz9nDhS8TVNyenB1Icz
1+nvetgvBvKnQkA4JxaGTrAq++z/b+jIjQnyXhdiF+yk12n3VFnsA8Fe5rqPIY85
RUYW3FNypFqpOu/DpTwZQ5T08yNI9uYIWjC6axxuZKUwJfLrQKholoAXsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmHBwbrg2hO8LpNZPXUDMHNYbTdMB8GA1UdIwQY
MBaAFGDJqotx5Ui9dWW6Zj+jL30a7EGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTIt
YzhhY2NlMTU2ZjBkLzEvU1ljSEJ1dURhRTd3dWsxazlkUU13YzFodE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTItYzhhY2NlMTU2ZjBk
LzEvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzcMA0G
CSqGSIb3DQEBCwUAA4IBAQAyeEkKGDn154FXCIB9Z9lNUc4wVkoa+nQPnZZLultH
Uhf+Ykxt0qg+RwQRGP9QIWQJkQ6UF8wVuKTlWk/XlVaBwCDD2UY9wJrvDCSXPpVf
t7hqU3Jk3HbrLTJaALvPQG1SGzglO/hV/3SiLIEAzYHGd0iop4b56qPIoNyB3Fxx
JNvUQDyUBs/8LFRERcNnBFeWvHjZKxACjLP6mSb/7MivSqzoPA1IhmmR4GUbQM9J
mhXKMBOduD+qtBIl93udDbkBV9pxBZMW/auVi1V4SEOwmbuky6WwoSTGnh88WcBP
Jr4p0oCN0cs1M7OGUDM6vDGLo8cyUX8PejHNJ+9Mua6S
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:10 2024 by rpki-client on console-fra.rpki-client.org