Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/Swwj6ryYXrmarJepsF679a-wcHU.roa
File:                     Swwj6ryYXrmarJepsF679a-wcHU.roa (raw, json)
Hash identifier:          9MDY2pAfCKEDkyHG9Gikt+gDhr2nX87p6ZrKY3OJ7qY=
Subject key identifier:   4B:0C:23:EA:BC:98:5E:B9:9A:AC:97:A9:B0:5E:BB:F5:AF:B0:70:75
Certificate issuer:       /CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
Certificate serial:       018A4904C7010876B48F0E2445E87C577836
Authority key identifier: 60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/Swwj6ryYXrmarJepsF679a-wcHU.roa
Signing time:             Thu 31 Aug 2023 00:36:04 +0000
ROA not before:           Thu 31 Aug 2023 00:36:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     46562
IP address blocks:        45.156.220.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:49:04:c7:01:08:76:b4:8f:0e:24:45:e8:7c:57:78:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
        Validity
            Not Before: Aug 31 00:36:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b0c23eabc985eb99aac97a9b05ebbf5afb07075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:a4:ff:d6:87:5d:e3:85:d0:79:39:0f:3d:
                    c3:f1:1b:a8:6b:60:49:a3:27:b1:33:0b:fb:6c:6f:
                    51:af:43:18:4b:83:dd:23:f3:cc:7c:df:50:9a:0b:
                    d9:cf:34:7e:4a:10:90:54:a8:12:32:20:89:c5:f2:
                    56:db:cc:a7:0c:9c:97:1c:13:43:d3:6a:f8:4d:90:
                    d6:75:18:08:a4:18:c4:d4:61:8e:7d:00:9b:df:62:
                    ce:52:2c:28:b3:cb:65:b1:c3:3a:06:1e:ce:11:3a:
                    be:8a:1f:33:42:2e:14:0a:14:b7:f2:85:30:45:dc:
                    f5:21:d9:40:b8:4b:9a:16:97:29:aa:43:35:17:3a:
                    a8:94:18:35:ea:ce:52:fe:2f:d5:0b:3f:49:2c:5e:
                    bd:2b:ca:17:c7:af:d0:5f:d5:74:fa:7d:f2:db:cb:
                    90:10:ba:ef:57:97:b9:c3:bb:90:3b:5a:5e:72:35:
                    00:fc:38:e1:e4:c4:a1:6a:38:a8:77:c2:cb:a9:09:
                    ac:7c:0d:1a:7f:36:ff:e7:6f:61:1f:68:52:e4:90:
                    e6:4e:79:84:54:14:4b:60:ee:89:40:16:82:75:3a:
                    3d:bc:6f:cf:0e:9a:57:38:33:db:e9:93:d9:67:d2:
                    71:96:c1:c5:1b:2b:4c:40:21:fc:6a:4d:3e:69:12:
                    88:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:0C:23:EA:BC:98:5E:B9:9A:AC:97:A9:B0:5E:BB:F5:AF:B0:70:75
            X509v3 Authority Key Identifier:
                keyid:60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/Swwj6ryYXrmarJepsF679a-wcHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/YMmqi3HlSL11ZbpmP6MvfRrsQas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:d8:33:11:82:9d:bb:14:41:0f:e1:d5:83:8a:a1:77:a4:6b:
         4d:20:ed:88:d8:91:00:fb:62:1f:f7:15:d7:32:3c:8d:56:18:
         e9:1e:fc:60:d5:94:c0:98:d0:49:91:c1:3d:f8:9d:d6:ed:a2:
         f7:b3:05:74:48:a2:d2:0c:8b:97:32:29:03:2f:60:68:84:dc:
         1f:37:bb:e1:89:0e:bb:1a:a9:95:15:fe:69:4f:f7:b9:d5:8d:
         c9:99:b0:95:9e:c9:70:33:d0:32:49:b4:13:b3:d0:78:37:dc:
         aa:90:3f:31:0e:2b:57:96:5a:1a:61:b9:e2:d4:e6:ec:eb:b6:
         f8:cd:ba:6e:bf:74:fd:a0:e2:59:66:19:68:6c:39:2b:1c:5f:
         85:29:56:be:58:0f:94:df:63:e7:2c:b9:16:cf:92:9b:4f:75:
         a5:ae:1b:21:e8:f4:c1:8e:18:95:62:61:ff:b8:c1:d7:f3:85:
         2b:46:3c:d4:3e:68:d7:93:cd:96:b9:2a:a1:7a:5b:ff:48:ac:
         79:73:16:73:a8:2f:30:c3:97:60:3c:8e:c2:7b:99:78:68:f2:
         81:f5:47:a6:1f:bd:fc:79:7d:c2:43:00:ef:71:a2:2b:e8:83:
         f1:76:6b:67:ae:46:b7:99:98:e1:be:f1:1d:e8:82:e2:fd:04:
         28:f7:68:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYpJBMcBCHa0jw4kReh8V3g2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzlhYThiNzFlNTQ4YmQ3NTY1YmE2NjNmYTMyZjdkMWFl
YzQxYWIwHhcNMjMwODMxMDAzNjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjBjMjNlYWJjOTg1ZWI5OWFhYzk3YTliMDVlYmJmNWFmYjA3MDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS6k/9aHXeOF0Hk5Dz3D8Ruoa2BJ
oyexMwv7bG9Rr0MYS4PdI/PMfN9QmgvZzzR+ShCQVKgSMiCJxfJW28ynDJyXHBND
02r4TZDWdRgIpBjE1GGOfQCb32LOUiwos8tlscM6Bh7OETq+ih8zQi4UChS38oUw
Rdz1IdlAuEuaFpcpqkM1FzqolBg16s5S/i/VCz9JLF69K8oXx6/QX9V0+n3y28uQ
ELrvV5e5w7uQO1pecjUA/Djh5MShajiod8LLqQmsfA0afzb/529hH2hS5JDmTnmE
VBRLYO6JQBaCdTo9vG/PDppXODPb6ZPZZ9JxlsHFGytMQCH8ak0+aRKI/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsMI+q8mF65mqyXqbBeu/WvsHB1MB8GA1UdIwQY
MBaAFGDJqotx5Ui9dWW6Zj+jL30a7EGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTIt
YzhhY2NlMTU2ZjBkLzEvU3d3ajZyeVlYcm1hckplcHNGNjc5YS13Y0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTItYzhhY2NlMTU2ZjBk
LzEvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzcMA0G
CSqGSIb3DQEBCwUAA4IBAQC62DMRgp27FEEP4dWDiqF3pGtNIO2I2JEA+2If9xXX
MjyNVhjpHvxg1ZTAmNBJkcE9+J3W7aL3swV0SKLSDIuXMikDL2BohNwfN7vhiQ67
GqmVFf5pT/e51Y3JmbCVnslwM9AySbQTs9B4N9yqkD8xDitXlloaYbni1Obs67b4
zbpuv3T9oOJZZhlobDkrHF+FKVa+WA+U32PnLLkWz5KbT3Wlrhsh6PTBjhiVYmH/
uMHX84UrRjzUPmjXk82WuSqhelv/SKx5cxZzqC8ww5dgPI7Ce5l4aPKB9UemH738
eX3CQwDvcaIr6IPxdmtnrka3mZjhvvEd6ILi/QQo92hM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:10 2024 by rpki-client on console-fra.rpki-client.org