Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/NX1i_LGq0gblWnqIV5LjYFC5xCw.roa
File:                     NX1i_LGq0gblWnqIV5LjYFC5xCw.roa (raw, json)
Hash identifier:          udSGXJvGkkySW2pGS8ns6npqEKMW/3zF4+L7NMWRAQc=
Subject key identifier:   35:7D:62:FC:B1:AA:D2:06:E5:5A:7A:88:57:92:E3:60:50:B9:C4:2C
Certificate issuer:       /CN=4a80bbd08403871068fdf1fcb5e1012147f61619
Certificate serial:       018E763A702646CEE0C2EF43F9AD940C158A
Authority key identifier: 4A:80:BB:D0:84:03:87:10:68:FD:F1:FC:B5:E1:01:21:47:F6:16:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SoC70IQDhxBo_fH8teEBIUf2Fhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/NX1i_LGq0gblWnqIV5LjYFC5xCw.roa
Signing time:             Mon 25 Mar 2024 15:28:44 +0000
ROA not before:           Mon 25 Mar 2024 15:28:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56798
IP address blocks:        91.200.144.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:3a:70:26:46:ce:e0:c2:ef:43:f9:ad:94:0c:15:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a80bbd08403871068fdf1fcb5e1012147f61619
        Validity
            Not Before: Mar 25 15:28:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=357d62fcb1aad206e55a7a885792e36050b9c42c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:eb:19:0e:36:90:13:42:f0:83:47:db:47:cc:
                    77:e7:04:f6:e5:f5:38:a5:72:60:91:d1:7a:10:83:
                    50:d2:02:7f:53:8f:21:b3:fe:8a:1f:9a:33:85:c2:
                    9d:db:28:df:95:e1:5e:6e:79:3a:8f:8a:21:b7:7d:
                    7b:9a:4e:cd:ba:2f:10:0b:e5:8f:de:5a:45:cd:ab:
                    93:90:21:30:75:aa:a5:0c:03:7c:2e:8f:e3:26:1c:
                    ef:4f:17:52:89:22:37:88:11:dd:3e:54:47:41:87:
                    e8:0a:6f:f2:24:22:0e:42:dc:21:21:9b:1a:a7:43:
                    dd:6d:7c:65:06:e4:c7:b1:40:9a:fa:f6:67:e3:70:
                    d9:1b:83:79:74:e1:8a:59:be:0f:aa:60:79:49:ce:
                    34:09:98:ee:9c:85:fc:a0:ab:7e:fb:d2:62:bf:2e:
                    0b:7f:ed:08:de:21:a2:d8:1c:93:6f:73:01:80:26:
                    6a:8d:4b:db:ea:64:6f:26:9a:82:45:d5:c4:b6:3c:
                    a2:aa:29:88:d1:04:a8:13:46:00:56:00:03:db:25:
                    df:91:79:86:b2:3e:47:8e:26:16:33:60:68:ce:91:
                    1d:0a:d0:15:c2:bb:69:bb:e7:0b:03:69:aa:88:db:
                    02:b6:fc:a6:8b:03:d2:10:77:75:31:83:c6:91:e8:
                    6e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:7D:62:FC:B1:AA:D2:06:E5:5A:7A:88:57:92:E3:60:50:B9:C4:2C
            X509v3 Authority Key Identifier:
                keyid:4A:80:BB:D0:84:03:87:10:68:FD:F1:FC:B5:E1:01:21:47:F6:16:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SoC70IQDhxBo_fH8teEBIUf2Fhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/NX1i_LGq0gblWnqIV5LjYFC5xCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/SoC70IQDhxBo_fH8teEBIUf2Fhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:9e:c9:43:70:f4:0e:08:ee:07:ff:93:b6:03:39:57:f0:3c:
         f4:c1:e2:2f:79:3d:05:44:36:cf:67:17:f2:71:7d:e3:4f:7a:
         46:81:e2:85:30:31:fc:40:ba:d0:d4:83:ea:e3:80:e7:eb:d1:
         24:54:1e:a3:f9:19:f1:94:dd:cd:a5:39:00:37:75:c9:fc:53:
         47:09:e8:ed:c3:34:07:0a:58:b5:61:50:23:36:75:a6:c1:59:
         75:33:99:cf:16:97:7f:82:a1:18:41:c4:17:c0:b8:98:de:4a:
         8a:84:4a:2b:9c:4a:b8:2f:32:25:03:0a:65:4f:8a:3c:9c:ab:
         76:92:ef:e5:4d:ba:4c:a8:4e:bf:a2:0f:17:15:d1:24:13:44:
         1a:1f:22:f2:6d:a6:59:e7:c9:5c:90:e8:9f:5e:a7:c6:6c:bc:
         43:68:f9:92:4e:ab:e3:86:cb:2e:98:b6:da:96:6d:4c:12:55:
         e9:a2:36:d8:63:24:be:69:0c:bd:73:8e:bf:47:35:5e:d8:ba:
         ff:2b:21:ab:a7:f2:61:11:a8:46:3e:81:9b:42:31:89:0b:1d:
         8d:66:77:c7:aa:95:e5:69:b9:73:c9:1b:28:8b:b7:e8:c4:29:
         87:87:e1:2e:19:66:b3:ee:79:e7:aa:93:72:2b:ff:a5:96:2d:
         e6:9b:9f:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52OnAmRs7gwu9D+a2UDBWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhODBiYmQwODQwMzg3MTA2OGZkZjFmY2I1ZTEwMTIxNDdm
NjE2MTkwHhcNMjQwMzI1MTUyODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTdkNjJmY2IxYWFkMjA2ZTU1YTdhODg1NzkyZTM2MDUwYjljNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmesZDjaQE0Lwg0fbR8x35wT25fU4
pXJgkdF6EINQ0gJ/U48hs/6KH5ozhcKd2yjfleFebnk6j4oht317mk7Nui8QC+WP
3lpFzauTkCEwdaqlDAN8Lo/jJhzvTxdSiSI3iBHdPlRHQYfoCm/yJCIOQtwhIZsa
p0PdbXxlBuTHsUCa+vZn43DZG4N5dOGKWb4PqmB5Sc40CZjunIX8oKt++9Jivy4L
f+0I3iGi2ByTb3MBgCZqjUvb6mRvJpqCRdXEtjyiqimI0QSoE0YAVgAD2yXfkXmG
sj5HjiYWM2BozpEdCtAVwrtpu+cLA2mqiNsCtvymiwPSEHd1MYPGkehu4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDV9YvyxqtIG5Vp6iFeS42BQucQsMB8GA1UdIwQY
MBaAFEqAu9CEA4cQaP3x/LXhASFH9hYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU29DNzBJUURoeEJvX2ZIOHRlRUJJVWYyRmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kNGRmZDYtZDI0MC00YjBlLTlhMDEt
ZTFkNjlmYTkwOGNhLzEvTlgxaV9MR3EwZ2JsV25xSVY1TGpZRkM1eEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kNGRmZDYtZDI0MC00YjBlLTlhMDEtZTFkNjlmYTkwOGNh
LzEvU29DNzBJUURoeEJvX2ZIOHRlRUJJVWYyRmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8iQMA0G
CSqGSIb3DQEBCwUAA4IBAQAjnslDcPQOCO4H/5O2AzlX8Dz0weIveT0FRDbPZxfy
cX3jT3pGgeKFMDH8QLrQ1IPq44Dn69EkVB6j+RnxlN3NpTkAN3XJ/FNHCejtwzQH
Cli1YVAjNnWmwVl1M5nPFpd/gqEYQcQXwLiY3kqKhEornEq4LzIlAwplT4o8nKt2
ku/lTbpMqE6/og8XFdEkE0QaHyLybaZZ58lckOifXqfGbLxDaPmSTqvjhssumLba
lm1MElXpojbYYyS+aQy9c46/RzVe2Lr/KyGrp/JhEahGPoGbQjGJCx2NZnfHqpXl
ablzyRsoi7foxCmHh+EuGWaz7nnnqpNyK/+lli3mm5/W
-----END CERTIFICATE-----
Generated at Tue Jun 11 12:41:28 2024 by rpki-client on console-ams.rpki-client.org