Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/3b91a6-1f94-40b9-99eb-4204922cf203/1/etAl57WRlxmGSQYuaKaHjITyoQ0.roa
File:                     etAl57WRlxmGSQYuaKaHjITyoQ0.roa (raw, json)
Hash identifier:          bjl+0dsZO9hGcljlb42TvaoO5zKJgxvIcIVRwAXAli0=
Subject key identifier:   7A:D0:25:E7:B5:91:97:19:86:49:06:2E:68:A6:87:8C:84:F2:A1:0D
Certificate issuer:       /CN=42d395fdc17645ef5c34ad8e531d1224d3146453
Certificate serial:       018AB818C4C45B2250E423A7E85E79831E85
Authority key identifier: 42:D3:95:FD:C1:76:45:EF:5C:34:AD:8E:53:1D:12:24:D3:14:64:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QtOV_cF2Re9cNK2OUx0SJNMUZFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/3b91a6-1f94-40b9-99eb-4204922cf203/1/etAl57WRlxmGSQYuaKaHjITyoQ0.roa
Signing time:             Thu 21 Sep 2023 14:15:45 +0000
ROA not before:           Thu 21 Sep 2023 14:15:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43278
IP address blocks:        5.42.211.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b8:18:c4:c4:5b:22:50:e4:23:a7:e8:5e:79:83:1e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42d395fdc17645ef5c34ad8e531d1224d3146453
        Validity
            Not Before: Sep 21 14:15:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ad025e7b59197198649062e68a6878c84f2a10d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f7:35:0b:8d:72:0b:fe:fc:85:55:d2:3f:ec:
                    93:cc:1c:ea:a6:02:69:7d:f8:71:71:24:af:0d:b6:
                    b1:5b:57:9e:3a:14:f1:af:8c:18:5d:e8:0e:0a:2b:
                    b8:b0:4d:59:e6:a9:a2:45:da:81:3b:19:cf:3a:3a:
                    d6:2c:0e:2e:fd:1d:f4:da:a1:00:cd:e7:e3:79:23:
                    ed:02:cf:20:f9:05:7b:bf:fc:2a:d6:28:32:49:e9:
                    30:42:b5:c4:80:f4:54:a8:87:9b:4b:9b:3c:1a:7a:
                    92:f2:8d:dc:56:da:42:91:c8:b4:92:e4:cf:b6:25:
                    00:57:b5:cb:1c:f4:05:14:d9:d7:c6:6f:a6:0a:06:
                    b0:44:e4:75:04:eb:cb:da:2a:85:38:31:d7:25:dc:
                    54:3a:97:59:42:6b:6c:15:8f:53:8f:52:57:b3:1f:
                    9e:c1:5e:f6:3f:48:0e:d7:07:09:0e:7f:26:45:89:
                    63:7c:19:c6:71:18:ad:63:5b:fb:c7:62:dd:d6:a4:
                    c6:4f:a5:eb:fd:51:0b:f0:13:34:de:3d:08:6c:0c:
                    d0:eb:99:f1:51:d9:98:01:a9:67:88:4e:9d:b6:aa:
                    f9:48:4b:ef:d8:a0:85:11:04:aa:d4:e3:ec:8c:00:
                    f1:60:42:ea:66:b7:46:ad:4f:11:ff:80:f7:bb:25:
                    cf:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:D0:25:E7:B5:91:97:19:86:49:06:2E:68:A6:87:8C:84:F2:A1:0D
            X509v3 Authority Key Identifier:
                keyid:42:D3:95:FD:C1:76:45:EF:5C:34:AD:8E:53:1D:12:24:D3:14:64:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QtOV_cF2Re9cNK2OUx0SJNMUZFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/3b91a6-1f94-40b9-99eb-4204922cf203/1/etAl57WRlxmGSQYuaKaHjITyoQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/3b91a6-1f94-40b9-99eb-4204922cf203/1/QtOV_cF2Re9cNK2OUx0SJNMUZFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:15:f2:47:2c:71:82:26:30:2b:46:34:c6:33:99:81:1b:d2:
         19:03:53:33:cf:6d:cd:08:6b:ba:93:59:fe:d0:23:48:3b:e5:
         59:8b:48:b9:52:25:e3:a8:8b:4f:50:0b:f4:37:b2:91:00:1b:
         a9:19:98:fd:a9:5e:7d:96:d5:aa:8d:5c:73:96:09:43:1c:ec:
         a4:f9:d3:e2:09:4d:3b:e5:a5:a6:f8:18:4c:e4:62:1c:08:0e:
         77:73:1e:22:77:85:b3:72:b6:3a:1b:7d:33:e6:03:b5:9c:22:
         f9:11:b9:8e:9a:3e:ef:d3:81:3a:b0:8e:bd:d2:bc:ba:84:a6:
         cf:2d:31:78:34:ce:1c:c2:ba:54:45:81:0c:4e:a1:41:85:57:
         52:8c:5d:dd:ec:18:d7:36:70:c9:b8:1b:d1:31:ad:94:9b:3d:
         ad:b4:61:79:db:32:e1:e6:8f:bc:fc:1b:ac:9b:8a:8c:bb:ce:
         35:39:db:b1:4c:0b:dd:ca:53:70:0b:93:d2:94:07:0e:b3:e0:
         4d:fb:f5:4d:9e:46:7a:b7:44:75:a0:5c:3e:98:95:7d:1f:a8:
         67:ae:da:b5:9a:76:22:cc:1d:fc:3b:0d:fd:5e:57:4f:e3:bf:
         4b:dd:e8:3a:3d:82:b2:d6:ae:56:49:ac:ca:b0:36:eb:96:ac:
         c5:15:11:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYq4GMTEWyJQ5COn6F55gx6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZDM5NWZkYzE3NjQ1ZWY1YzM0YWQ4ZTUzMWQxMjI0ZDMx
NDY0NTMwHhcNMjMwOTIxMTQxNTQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWQwMjVlN2I1OTE5NzE5ODY0OTA2MmU2OGE2ODc4Yzg0ZjJhMTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvc1C41yC/78hVXSP+yTzBzqpgJp
ffhxcSSvDbaxW1eeOhTxr4wYXegOCiu4sE1Z5qmiRdqBOxnPOjrWLA4u/R302qEA
zefjeSPtAs8g+QV7v/wq1igySekwQrXEgPRUqIebS5s8GnqS8o3cVtpCkci0kuTP
tiUAV7XLHPQFFNnXxm+mCgawROR1BOvL2iqFODHXJdxUOpdZQmtsFY9Tj1JXsx+e
wV72P0gO1wcJDn8mRYljfBnGcRitY1v7x2Ld1qTGT6Xr/VEL8BM03j0IbAzQ65nx
UdmYAalniE6dtqr5SEvv2KCFEQSq1OPsjADxYELqZrdGrU8R/4D3uyXP2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrQJee1kZcZhkkGLmimh4yE8qENMB8GA1UdIwQY
MBaAFELTlf3BdkXvXDStjlMdEiTTFGRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXRPVl9jRjJSZTljTksyT1V4MFNKTk1VWkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zYjkxYTYtMWY5NC00MGI5LTk5ZWIt
NDIwNDkyMmNmMjAzLzEvZXRBbDU3V1JseG1HU1FZdWFLYUhqSVR5b1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zYjkxYTYtMWY5NC00MGI5LTk5ZWItNDIwNDkyMmNmMjAz
LzEvUXRPVl9jRjJSZTljTksyT1V4MFNKTk1VWkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrTMA0G
CSqGSIb3DQEBCwUAA4IBAQAzFfJHLHGCJjArRjTGM5mBG9IZA1Mzz23NCGu6k1n+
0CNIO+VZi0i5UiXjqItPUAv0N7KRABupGZj9qV59ltWqjVxzlglDHOyk+dPiCU07
5aWm+BhM5GIcCA53cx4id4WzcrY6G30z5gO1nCL5EbmOmj7v04E6sI690ry6hKbP
LTF4NM4cwrpURYEMTqFBhVdSjF3d7BjXNnDJuBvRMa2Umz2ttGF52zLh5o+8/Bus
m4qMu841OduxTAvdylNwC5PSlAcOs+BN+/VNnkZ6t0R1oFw+mJV9H6hnrtq1mnYi
zB38Ow39XldP479L3eg6PYKy1q5WSazKsDbrlqzFFRH8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:13 2024 by rpki-client on console-ams.rpki-client.org