Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/7e993e-b01e-4a95-a4a2-ba7c456a667f/1/kHNCNg8qmcwQ_qjmqw6TCVz1UfA.roa
File:                     kHNCNg8qmcwQ_qjmqw6TCVz1UfA.roa (raw, json)
Hash identifier:          Vk36DBi96VDaJmni5MxSX6R/V320dxrk+vQi7QeQyPk=
Subject key identifier:   90:73:42:36:0F:2A:99:CC:10:FE:A8:E6:AB:0E:93:09:5C:F5:51:F0
Certificate issuer:       /CN=7f5ded3c0fd8a7d659b3edc54529cb6db7a85a45
Certificate serial:       018CC56EAEA4EB44D17CA62F348BA289B54E
Authority key identifier: 7F:5D:ED:3C:0F:D8:A7:D6:59:B3:ED:C5:45:29:CB:6D:B7:A8:5A:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f13tPA_Yp9ZZs-3FRSnLbbeoWkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/7e993e-b01e-4a95-a4a2-ba7c456a667f/1/kHNCNg8qmcwQ_qjmqw6TCVz1UfA.roa
Signing time:             Mon 01 Jan 2024 14:30:14 +0000
ROA not before:           Mon 01 Jan 2024 14:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211500
IP address blocks:        45.136.109.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ae:a4:eb:44:d1:7c:a6:2f:34:8b:a2:89:b5:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f5ded3c0fd8a7d659b3edc54529cb6db7a85a45
        Validity
            Not Before: Jan  1 14:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=907342360f2a99cc10fea8e6ab0e93095cf551f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4b:a1:fd:88:de:57:c9:76:25:2d:25:7b:61:
                    16:20:c4:f8:84:3a:65:2a:90:09:af:54:c7:8e:40:
                    84:97:47:42:88:ce:c6:57:a9:66:5d:eb:b4:7a:d7:
                    ff:bb:0e:a7:27:79:cb:6c:a9:87:7c:b3:b3:c7:28:
                    48:84:e0:b8:c7:4f:31:8c:4c:cc:99:e9:df:6a:cb:
                    6a:fe:42:13:71:e2:a9:e9:cc:fc:c1:11:75:37:12:
                    10:68:e0:8f:cb:47:38:3c:b0:ae:7b:41:4c:05:69:
                    f7:9b:df:a5:69:64:d0:29:3d:f4:18:a2:a6:97:52:
                    6a:36:e4:68:1d:e1:da:ae:d9:a3:27:c3:bf:2b:08:
                    1a:4c:2e:16:2f:43:64:9b:be:4c:28:e7:7c:04:d8:
                    14:ad:1b:f4:77:63:14:66:b0:6d:1c:ea:b1:c3:b2:
                    bb:4d:8c:38:db:18:d1:b7:40:aa:c9:cc:95:b0:14:
                    22:1d:b0:66:62:a6:db:39:4a:a5:51:36:12:62:53:
                    fa:9a:37:9a:3e:d4:ae:6d:31:a9:ce:b9:ba:6d:39:
                    33:c5:7c:0f:d9:af:a5:99:69:10:97:72:7e:ce:41:
                    c8:51:2b:75:b6:32:e3:9f:6a:54:b4:8e:91:53:1d:
                    67:c3:f9:47:13:cc:67:f7:13:5e:b9:65:9b:11:df:
                    20:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:73:42:36:0F:2A:99:CC:10:FE:A8:E6:AB:0E:93:09:5C:F5:51:F0
            X509v3 Authority Key Identifier:
                keyid:7F:5D:ED:3C:0F:D8:A7:D6:59:B3:ED:C5:45:29:CB:6D:B7:A8:5A:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f13tPA_Yp9ZZs-3FRSnLbbeoWkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/7e993e-b01e-4a95-a4a2-ba7c456a667f/1/kHNCNg8qmcwQ_qjmqw6TCVz1UfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/7e993e-b01e-4a95-a4a2-ba7c456a667f/1/f13tPA_Yp9ZZs-3FRSnLbbeoWkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:57:12:1a:ee:b8:ec:03:88:c2:fa:0b:68:4e:e1:9b:fe:7b:
         9d:4d:6e:33:0a:76:bb:82:80:2c:56:60:a2:0f:94:b6:a1:d1:
         c9:08:9b:db:ca:e3:2c:51:6e:23:31:0d:4f:df:14:e5:41:dc:
         a6:2d:9c:0f:c5:1d:96:59:31:b4:81:7a:b7:06:74:8a:b7:08:
         f3:73:3b:02:6f:12:09:9a:10:aa:c1:ae:e5:cc:b7:8f:9b:b2:
         42:2f:48:f4:b4:dc:f9:37:51:33:ca:88:b5:d2:fc:fc:70:28:
         ad:c5:1f:35:17:7f:1b:79:e7:46:d4:68:1b:b7:1c:4e:b3:a8:
         56:f7:95:9f:75:26:48:ff:c7:70:81:37:88:ba:35:0f:bc:ec:
         49:91:3a:d7:ec:d9:30:31:40:06:4a:bb:95:82:37:c1:b2:33:
         6c:5c:f4:dd:98:b8:c6:a6:2f:35:73:61:ac:cf:9e:fe:0d:bf:
         1c:c4:73:53:d5:f2:55:bb:fc:39:76:32:48:26:61:bb:dd:d8:
         61:73:25:81:ae:81:1d:bb:81:dd:30:b2:40:de:5c:84:f1:9b:
         30:a7:89:c4:28:7e:d3:30:f9:4c:f4:e6:d4:02:a5:62:d9:92:
         0f:d4:55:7e:97:32:cf:bd:a4:da:54:f9:b8:e6:f9:e6:b8:3d:
         d2:f1:72:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbq6k60TRfKYvNIuiibVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNWRlZDNjMGZkOGE3ZDY1OWIzZWRjNTQ1MjljYjZkYjdh
ODVhNDUwHhcNMjQwMTAxMTQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDczNDIzNjBmMmE5OWNjMTBmZWE4ZTZhYjBlOTMwOTVjZjU1MWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkuh/YjeV8l2JS0le2EWIMT4hDpl
KpAJr1THjkCEl0dCiM7GV6lmXeu0etf/uw6nJ3nLbKmHfLOzxyhIhOC4x08xjEzM
menfastq/kITceKp6cz8wRF1NxIQaOCPy0c4PLCue0FMBWn3m9+laWTQKT30GKKm
l1JqNuRoHeHartmjJ8O/KwgaTC4WL0Nkm75MKOd8BNgUrRv0d2MUZrBtHOqxw7K7
TYw42xjRt0CqycyVsBQiHbBmYqbbOUqlUTYSYlP6mjeaPtSubTGpzrm6bTkzxXwP
2a+lmWkQl3J+zkHIUSt1tjLjn2pUtI6RUx1nw/lHE8xn9xNeuWWbEd8gsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBzQjYPKpnMEP6o5qsOkwlc9VHwMB8GA1UdIwQY
MBaAFH9d7TwP2KfWWbPtxUUpy223qFpFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjEzdFBBX1lwOVpacy0zRlJTbkxiYmVvV2tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS83ZTk5M2UtYjAxZS00YTk1LWE0YTIt
YmE3YzQ1NmE2NjdmLzEva0hOQ05nOHFtY3dRX3FqbXF3NlRDVnoxVWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS83ZTk5M2UtYjAxZS00YTk1LWE0YTItYmE3YzQ1NmE2Njdm
LzEvZjEzdFBBX1lwOVpacy0zRlJTbkxiYmVvV2tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYhtMA0G
CSqGSIb3DQEBCwUAA4IBAQCNVxIa7rjsA4jC+gtoTuGb/nudTW4zCna7goAsVmCi
D5S2odHJCJvbyuMsUW4jMQ1P3xTlQdymLZwPxR2WWTG0gXq3BnSKtwjzczsCbxIJ
mhCqwa7lzLePm7JCL0j0tNz5N1Ezyoi10vz8cCitxR81F38beedG1GgbtxxOs6hW
95WfdSZI/8dwgTeIujUPvOxJkTrX7NkwMUAGSruVgjfBsjNsXPTdmLjGpi81c2Gs
z57+Db8cxHNT1fJVu/w5djJIJmG73dhhcyWBroEdu4HdMLJA3lyE8Zswp4nEKH7T
MPlM9ObUAqVi2ZIP1FV+lzLPvaTaVPm45vnmuD3S8XJe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org