Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b7aa7b-97c2-4bd8-8caa-dcce28e9346a/1/MkvbdJw7Ez52e9GW7R8_DvYIxrI.roa
File:                     MkvbdJw7Ez52e9GW7R8_DvYIxrI.roa (raw, json)
Hash identifier:          4lv0kXY3L3x4oIO86M+kMf+z0bebYnRzLIVP2RGGF3I=
Subject key identifier:   32:4B:DB:74:9C:3B:13:3E:76:7B:D1:96:ED:1F:3F:0E:F6:08:C6:B2
Certificate issuer:       /CN=006e643d0b67f4b333feacdc4616d4e4f3de32cd
Certificate serial:       0188777D978FCC5C1E67F05068809BD12E79
Authority key identifier: 00:6E:64:3D:0B:67:F4:B3:33:FE:AC:DC:46:16:D4:E4:F3:DE:32:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AG5kPQtn9LMz_qzcRhbU5PPeMs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b7aa7b-97c2-4bd8-8caa-dcce28e9346a/1/MkvbdJw7Ez52e9GW7R8_DvYIxrI.roa
Signing time:             Thu 01 Jun 2023 15:04:59 +0000
ROA not before:           Thu 01 Jun 2023 15:04:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204703
IP address blocks:        2a0c:f280::/29 maxlen: 128

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:77:7d:97:8f:cc:5c:1e:67:f0:50:68:80:9b:d1:2e:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=006e643d0b67f4b333feacdc4616d4e4f3de32cd
        Validity
            Not Before: Jun  1 15:04:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=324bdb749c3b133e767bd196ed1f3f0ef608c6b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:cc:10:88:b8:2a:dd:85:da:1e:f3:3e:d7:90:
                    d2:5f:f4:ca:a5:99:48:ae:64:d6:37:2e:6b:ab:53:
                    8f:bf:2a:2d:4d:5a:43:d4:ea:66:13:28:ef:01:cf:
                    dc:84:0f:83:68:cb:61:78:e3:4a:19:0f:de:5f:86:
                    e8:c5:22:1b:c5:5d:49:af:52:e6:c1:85:60:8d:5b:
                    ba:7a:61:69:5a:93:ee:b2:e4:40:7a:b3:bd:c2:4c:
                    2f:41:c1:0f:72:dc:cf:75:21:c6:a8:16:8b:d8:fd:
                    fb:7c:2f:c1:02:88:5f:9d:1a:63:f3:7e:b6:87:63:
                    41:18:1c:a7:1d:1f:77:43:5d:24:b9:1d:db:87:da:
                    60:5c:15:dd:a1:8c:c3:4b:7e:42:e9:6d:0f:37:cf:
                    4d:46:a8:8c:2f:ef:a1:75:a4:36:98:ff:46:43:4b:
                    c4:3b:23:15:9d:c8:7b:d4:9c:c7:87:b4:0d:3a:be:
                    37:af:44:1e:bd:f6:dd:24:4b:64:2f:50:fd:2d:fa:
                    c4:a1:bf:3a:b9:87:c6:5c:0d:08:0e:70:f6:4d:eb:
                    2b:07:40:0a:ae:d8:02:c7:47:05:6a:2d:65:5d:1c:
                    8e:49:49:0c:e2:95:40:28:93:67:5d:db:d6:88:f9:
                    7a:6a:bb:ba:9d:7d:a0:59:e2:b1:9e:3b:c4:76:0a:
                    76:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4B:DB:74:9C:3B:13:3E:76:7B:D1:96:ED:1F:3F:0E:F6:08:C6:B2
            X509v3 Authority Key Identifier:
                keyid:00:6E:64:3D:0B:67:F4:B3:33:FE:AC:DC:46:16:D4:E4:F3:DE:32:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AG5kPQtn9LMz_qzcRhbU5PPeMs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b7aa7b-97c2-4bd8-8caa-dcce28e9346a/1/MkvbdJw7Ez52e9GW7R8_DvYIxrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b7aa7b-97c2-4bd8-8caa-dcce28e9346a/1/AG5kPQtn9LMz_qzcRhbU5PPeMs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f280::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:6f:45:e4:8a:f0:17:2f:61:0a:8c:e5:b5:98:57:46:62:25:
         16:ec:88:c6:57:37:95:6a:73:1e:9a:b4:af:dc:3b:2a:99:50:
         1a:bc:9b:db:d2:08:9f:2f:bc:f7:81:81:9e:06:5c:ab:a3:c2:
         22:a4:34:b1:b3:9b:d9:0c:57:00:a5:ee:15:fd:68:85:8c:b4:
         92:1d:a3:34:00:27:dd:16:48:f6:28:58:f3:4d:fd:80:98:be:
         ab:e3:05:6b:84:f7:9e:30:0a:7e:c9:4d:5b:7d:de:b3:13:ba:
         63:c7:1a:f2:e6:60:dc:3a:a3:f5:8c:5d:fc:f8:f0:d2:b8:13:
         f4:f6:97:70:6a:e7:bf:02:19:6d:f6:04:4c:ec:85:79:46:44:
         76:1e:20:d1:b4:55:e7:5f:50:b3:42:b5:44:08:bb:32:2a:0a:
         66:f4:9f:9b:94:17:c9:04:c6:c3:09:c4:16:f7:b9:cd:a4:3d:
         a4:9f:15:e2:cb:92:81:a4:5e:58:4b:b0:6a:33:89:b3:a0:48:
         0f:2b:c7:94:a6:39:b9:ba:03:4e:c9:72:95:be:93:a3:71:5a:
         f6:57:99:db:56:51:92:5b:b6:b4:1c:b1:76:da:d3:ba:5c:7f:
         16:e7:82:64:a2:49:01:18:c8:1d:ea:0f:90:31:dd:34:d3:70:
         a3:7c:15:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYh3fZePzFweZ/BQaICb0S55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNmU2NDNkMGI2N2Y0YjMzM2ZlYWNkYzQ2MTZkNGU0ZjNk
ZTMyY2QwHhcNMjMwNjAxMTUwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRiZGI3NDljM2IxMzNlNzY3YmQxOTZlZDFmM2YwZWY2MDhjNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlswQiLgq3YXaHvM+15DSX/TKpZlI
rmTWNy5rq1OPvyotTVpD1OpmEyjvAc/chA+DaMtheONKGQ/eX4boxSIbxV1Jr1Lm
wYVgjVu6emFpWpPusuRAerO9wkwvQcEPctzPdSHGqBaL2P37fC/BAohfnRpj8362
h2NBGBynHR93Q10kuR3bh9pgXBXdoYzDS35C6W0PN89NRqiML++hdaQ2mP9GQ0vE
OyMVnch71JzHh7QNOr43r0QevfbdJEtkL1D9LfrEob86uYfGXA0IDnD2TesrB0AK
rtgCx0cFai1lXRyOSUkM4pVAKJNnXdvWiPl6aru6nX2gWeKxnjvEdgp2TwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDJL23ScOxM+dnvRlu0fPw72CMayMB8GA1UdIwQY
MBaAFABuZD0LZ/SzM/6s3EYW1OTz3jLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUc1a1BRdG45TE16X3F6Y1JoYlU1UFBlTXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iN2FhN2ItOTdjMi00YmQ4LThjYWEt
ZGNjZTI4ZTkzNDZhLzEvTWt2YmRKdzdFejUyZTlHVzdSOF9EdllJeHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iN2FhN2ItOTdjMi00YmQ4LThjYWEtZGNjZTI4ZTkzNDZh
LzEvQUc1a1BRdG45TE16X3F6Y1JoYlU1UFBlTXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgzygDAN
BgkqhkiG9w0BAQsFAAOCAQEAGW9F5IrwFy9hCozltZhXRmIlFuyIxlc3lWpzHpq0
r9w7KplQGryb29IIny+894GBngZcq6PCIqQ0sbOb2QxXAKXuFf1ohYy0kh2jNAAn
3RZI9ihY8039gJi+q+MFa4T3njAKfslNW33esxO6Y8ca8uZg3Dqj9Yxd/Pjw0rgT
9PaXcGrnvwIZbfYETOyFeUZEdh4g0bRV519Qs0K1RAi7MioKZvSfm5QXyQTGwwnE
Fve5zaQ9pJ8V4suSgaReWEuwajOJs6BIDyvHlKY5uboDTslylb6To3Fa9leZ21ZR
klu2tByxdtrTulx/FueCZKJJARjIHeoPkDHdNNNwo3wVbQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:58 2024 by rpki-client on console-ams.rpki-client.org