Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/i152ISnDYUwJ39X0x6p0qwLTK44.roa
File:                     i152ISnDYUwJ39X0x6p0qwLTK44.roa (raw, json)
Hash identifier:          zgd82AinZJu6Mg/+FdLotJBwJehP8Mgp94WoLM5pY+s=
Subject key identifier:   8B:5E:76:21:29:C3:61:4C:09:DF:D5:F4:C7:AA:74:AB:02:D3:2B:8E
Certificate issuer:       /CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
Certificate serial:       018B92F4C4333EBDD563E009D91F28D8FE2E
Authority key identifier: 60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/i152ISnDYUwJ39X0x6p0qwLTK44.roa
Signing time:             Fri 03 Nov 2023 02:13:16 +0000
ROA not before:           Fri 03 Nov 2023 02:13:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216047
IP address blocks:        45.156.221.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:92:f4:c4:33:3e:bd:d5:63:e0:09:d9:1f:28:d8:fe:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c9aa8b71e548bd7565ba663fa32f7d1aec41ab
        Validity
            Not Before: Nov  3 02:13:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b5e762129c3614c09dfd5f4c7aa74ab02d32b8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f0:2a:22:eb:b8:5a:59:11:32:58:b2:9b:f9:
                    7f:75:b1:bc:7b:96:4e:31:b2:3b:f1:8e:20:04:60:
                    cc:1d:e1:8e:08:27:3a:6e:f4:43:e2:8d:a1:4f:d9:
                    67:29:f7:c4:c2:96:44:fd:ee:4d:78:a6:9c:08:60:
                    8a:27:f9:2f:57:32:03:26:5b:94:8a:7c:cf:a5:9b:
                    3d:a7:3d:38:de:0d:6e:cc:db:35:76:25:98:4a:14:
                    72:26:71:c2:f1:64:ad:b9:67:68:79:09:e3:33:e5:
                    83:c4:1f:5d:29:30:db:f6:1c:92:c4:6f:d0:04:3d:
                    59:1b:37:76:36:d1:ab:c8:d6:1e:73:cd:0d:6c:23:
                    68:1a:e6:26:68:52:d6:46:62:d5:cf:51:bd:d0:4e:
                    76:78:eb:31:85:16:5c:64:b2:e4:cc:0c:e6:0a:c4:
                    e4:6b:fb:2a:5b:cb:42:3c:22:bb:b6:c6:ba:9d:77:
                    ac:e9:c3:e1:3c:6f:49:c5:02:ee:76:39:ea:81:cc:
                    9b:89:b0:09:95:c3:f5:bd:74:81:ad:2c:50:4a:4d:
                    0b:4c:26:8e:16:57:a4:20:36:77:9f:02:d1:35:14:
                    d3:8f:93:c8:99:8d:94:8d:f3:d8:50:66:1a:d6:07:
                    6f:1a:60:09:a0:37:aa:93:c2:b3:bc:6f:4a:e6:61:
                    b6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:5E:76:21:29:C3:61:4C:09:DF:D5:F4:C7:AA:74:AB:02:D3:2B:8E
            X509v3 Authority Key Identifier:
                keyid:60:C9:AA:8B:71:E5:48:BD:75:65:BA:66:3F:A3:2F:7D:1A:EC:41:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMmqi3HlSL11ZbpmP6MvfRrsQas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/i152ISnDYUwJ39X0x6p0qwLTK44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/38b542-4677-4a7e-b212-c8acce156f0d/1/YMmqi3HlSL11ZbpmP6MvfRrsQas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:72:8e:e0:2e:9b:03:06:01:2e:05:1c:bf:6f:fd:9e:c6:33:
         c1:54:e9:f1:00:bd:8b:4d:8c:05:d1:dc:52:4b:ea:c3:20:0c:
         db:99:09:76:bd:f1:95:d7:b1:a3:73:41:df:68:9e:0d:b8:52:
         78:79:c1:b5:d3:2f:5e:b4:51:a7:ad:69:34:aa:9d:6b:f9:19:
         9b:3a:20:3c:af:ec:06:e0:9e:55:23:9a:72:86:69:7e:28:b7:
         a8:1b:ea:e7:d1:92:df:4d:c6:e2:4c:4d:5f:94:4e:c2:5d:b5:
         ee:bc:6a:4c:57:d3:65:d8:d9:d2:f8:af:99:ae:75:85:42:8f:
         19:46:d3:ef:f8:71:5d:66:11:1a:12:6b:07:2a:be:71:bd:8d:
         59:16:71:17:72:93:4d:ad:d6:40:dc:0e:b2:cf:fe:f5:b9:37:
         b5:b7:4c:44:a2:3f:11:5f:74:28:b4:39:74:ab:83:05:64:a2:
         3a:33:63:5b:25:91:a1:ce:9e:58:d5:fc:81:b8:c2:fc:c4:3f:
         c5:54:c1:0c:de:66:28:ff:f4:ff:e6:63:51:ef:76:f0:e7:e4:
         35:4f:72:d8:95:b7:ad:90:95:78:e4:87:73:41:63:9b:26:ed:
         91:4b:3c:ff:1c:5e:37:5e:43:59:20:ad:16:52:36:c7:a8:dc:
         00:af:e6:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYuS9MQzPr3VY+AJ2R8o2P4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzlhYThiNzFlNTQ4YmQ3NTY1YmE2NjNmYTMyZjdkMWFl
YzQxYWIwHhcNMjMxMTAzMDIxMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjVlNzYyMTI5YzM2MTRjMDlkZmQ1ZjRjN2FhNzRhYjAyZDMyYjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfAqIuu4WlkRMliym/l/dbG8e5ZO
MbI78Y4gBGDMHeGOCCc6bvRD4o2hT9lnKffEwpZE/e5NeKacCGCKJ/kvVzIDJluU
inzPpZs9pz043g1uzNs1diWYShRyJnHC8WStuWdoeQnjM+WDxB9dKTDb9hySxG/Q
BD1ZGzd2NtGryNYec80NbCNoGuYmaFLWRmLVz1G90E52eOsxhRZcZLLkzAzmCsTk
a/sqW8tCPCK7tsa6nXes6cPhPG9JxQLudjnqgcybibAJlcP1vXSBrSxQSk0LTCaO
FlekIDZ3nwLRNRTTj5PImY2UjfPYUGYa1gdvGmAJoDeqk8KzvG9K5mG24QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItediEpw2FMCd/V9MeqdKsC0yuOMB8GA1UdIwQY
MBaAFGDJqotx5Ui9dWW6Zj+jL30a7EGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTIt
YzhhY2NlMTU2ZjBkLzEvaTE1MklTbkRZVXdKMzlYMHg2cDBxd0xUSzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zOGI1NDItNDY3Ny00YTdlLWIyMTItYzhhY2NlMTU2ZjBk
LzEvWU1tcWkzSGxTTDExWmJwbVA2TXZmUnJzUWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZzdMA0G
CSqGSIb3DQEBCwUAA4IBAQAGco7gLpsDBgEuBRy/b/2exjPBVOnxAL2LTYwF0dxS
S+rDIAzbmQl2vfGV17Gjc0HfaJ4NuFJ4ecG10y9etFGnrWk0qp1r+RmbOiA8r+wG
4J5VI5pyhml+KLeoG+rn0ZLfTcbiTE1flE7CXbXuvGpMV9Nl2NnS+K+ZrnWFQo8Z
RtPv+HFdZhEaEmsHKr5xvY1ZFnEXcpNNrdZA3A6yz/71uTe1t0xEoj8RX3QotDl0
q4MFZKI6M2NbJZGhzp5Y1fyBuML8xD/FVMEM3mYo//T/5mNR73bw5+Q1T3LYlbet
kJV45IdzQWObJu2RSzz/HF43XkNZIK0WUjbHqNwAr+Y1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:37 2024 by rpki-client on console-ams.rpki-client.org