Route Origin Authorization

$ rpki-client -vvf rpki1.terratransit.de/repo/TerraTransit/2/34352e382e3134382e302f32332d3233203d3e2033333536.roa
File:                     34352e382e3134382e302f32332d3233203d3e2033333536.roa (raw, json)
Hash identifier:          lMnM8mL0uQ0CgM3BnFwu76ioWm53Ez2dB2JhPILT/mI=
Subject key identifier:   21:E0:44:5C:79:47:D5:38:5D:A0:B4:EB:DE:FE:6D:5E:2D:E0:46:58
Certificate issuer:       /CN=07a8af2b5fe831ff589eb38ae3c025ce871f23e7
Certificate serial:       20CE4C9816565E4D495C63C07E58889EF18E4B16
Authority key identifier: 07:A8:AF:2B:5F:E8:31:FF:58:9E:B3:8A:E3:C0:25:CE:87:1F:23:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6ivK1_oMf9YnrOK48AlzocfI-c.cer
Subject info access:      rsync://rpki1.terratransit.de/repo/TerraTransit/2/34352e382e3134382e302f32332d3233203d3e2033333536.roa
Signing time:             Tue 28 Jun 2022 04:41:13 +0000
ROA not before:           Tue 28 Jun 2022 04:36:13 +0000
ROA not after:            Tue 27 Jun 2023 04:41:13 +0000
asID:                     3356
IP address blocks:        45.8.148.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:ce:4c:98:16:56:5e:4d:49:5c:63:c0:7e:58:88:9e:f1:8e:4b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a8af2b5fe831ff589eb38ae3c025ce871f23e7
        Validity
            Not Before: Jun 28 04:36:13 2022 GMT
            Not After : Jun 27 04:41:13 2023 GMT
        Subject: CN=21E0445C7947D5385DA0B4EBDEFE6D5E2DE04658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ff:2d:71:9f:95:69:ca:95:48:1e:b4:37:9e:
                    d8:2d:b1:59:ea:d7:33:78:e7:1d:95:ef:69:ab:a1:
                    30:d4:47:99:e7:4e:bf:2b:53:1d:fd:ef:21:8a:c3:
                    6d:9e:86:e0:81:81:37:be:48:a9:5a:17:42:ed:b5:
                    32:19:9b:fa:12:f5:91:99:08:63:38:7b:90:5a:0f:
                    fb:f6:54:fe:9b:c2:ac:36:44:5a:33:e6:3d:13:85:
                    42:c9:b7:5e:47:f8:2f:d0:36:d6:af:93:f7:60:59:
                    11:70:55:9e:3d:93:23:d0:12:02:15:59:67:f4:eb:
                    2b:3e:86:d8:68:3e:16:70:c6:05:49:11:ee:16:d4:
                    19:65:ed:21:31:4e:e6:bd:62:6e:03:83:7d:3a:c9:
                    45:57:60:c6:bf:0c:86:da:1d:df:96:2b:84:17:8e:
                    e2:d3:84:90:b6:70:95:7b:14:1b:dd:98:d2:6e:b1:
                    6d:b9:07:a4:d3:d0:13:1d:f8:a2:92:3b:67:9b:3f:
                    e9:63:d7:76:e7:d3:cb:f6:a0:ad:81:71:ef:38:5f:
                    12:ef:3d:2a:6b:d1:17:47:19:ec:b2:c8:86:68:60:
                    ce:7a:03:3d:62:03:89:af:c3:4d:75:1f:82:86:92:
                    f5:4a:8d:cf:a9:f8:c9:93:04:4c:52:93:28:a8:9e:
                    e1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E0:44:5C:79:47:D5:38:5D:A0:B4:EB:DE:FE:6D:5E:2D:E0:46:58
            X509v3 Authority Key Identifier:
                keyid:07:A8:AF:2B:5F:E8:31:FF:58:9E:B3:8A:E3:C0:25:CE:87:1F:23:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki1.terratransit.de/repo/TerraTransit/2/07A8AF2B5FE831FF589EB38AE3C025CE871F23E7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6ivK1_oMf9YnrOK48AlzocfI-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki1.terratransit.de/repo/TerraTransit/2/34352e382e3134382e302f32332d3233203d3e2033333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:0c:50:23:bd:aa:17:00:4f:97:4b:b5:33:f0:0e:29:d3:19:
         c2:cf:49:b2:a1:7b:fe:2e:e6:c6:2a:71:e3:ce:f1:26:d5:20:
         58:b3:0c:dd:49:52:06:79:9f:fe:75:6a:fb:77:57:be:5d:f3:
         14:e5:39:a3:9b:52:cd:13:aa:ad:4a:5c:e3:7b:b9:f8:7b:a3:
         84:a8:b8:d4:89:1d:9a:1f:8e:bc:82:58:5d:44:57:da:2d:e3:
         37:d3:51:7f:2b:8f:a0:4d:aa:9d:21:a5:dc:7a:ec:cb:0e:85:
         3a:f6:c4:3a:3d:ea:55:e4:28:1e:d9:12:76:e7:cd:33:cd:86:
         f7:94:31:1e:64:98:aa:28:c5:63:0c:91:cf:a9:4d:7e:5f:00:
         2d:e6:42:f0:61:65:2f:57:75:90:27:30:fc:3f:dd:3e:59:22:
         e5:06:00:ff:cc:fc:89:3d:8e:f2:72:51:57:c3:8e:e4:59:7b:
         4a:25:d9:ad:c7:e6:a1:c3:5e:c5:b1:f5:b7:8d:e0:df:3d:9a:
         23:5b:95:37:f1:bf:cf:2b:3f:bc:52:47:b0:d2:62:ed:25:9d:
         41:00:f7:ca:6c:04:c3:2d:04:16:b2:e1:c3:c1:84:37:81:f1:
         0e:5c:a6:fc:6e:a6:c7:f7:a7:91:fb:2a:23:49:77:1d:13:fc:
         e0:5d:45:01
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUIM5MmBZWXk1JXGPAfliInvGOSxYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDdhOGFmMmI1ZmU4MzFmZjU4OWViMzhhZTNjMDI1Y2U4
NzFmMjNlNzAeFw0yMjA2MjgwNDM2MTNaFw0yMzA2MjcwNDQxMTNaMDMxMTAvBgNV
BAMTKDIxRTA0NDVDNzk0N0Q1Mzg1REEwQjRFQkRFRkU2RDVFMkRFMDQ2NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq/y1xn5VpypVIHrQ3ntgtsVnq
1zN45x2V72mroTDUR5nnTr8rUx397yGKw22ehuCBgTe+SKlaF0LttTIZm/oS9ZGZ
CGM4e5BaD/v2VP6bwqw2RFoz5j0ThULJt15H+C/QNtavk/dgWRFwVZ49kyPQEgIV
WWf06ys+hthoPhZwxgVJEe4W1Bll7SExTua9Ym4Dg306yUVXYMa/DIbaHd+WK4QX
juLThJC2cJV7FBvdmNJusW25B6TT0BMd+KKSO2ebP+lj13bn08v2oK2Bce84XxLv
PSpr0RdHGeyyyIZoYM56Az1iA4mvw011H4KGkvVKjc+p+MmTBExSkyionuERAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUIeBEXHlH1ThdoLTr3v5tXi3gRlgwHwYDVR0j
BBgwFoAUB6ivK1/oMf9YnrOK48AlzocfI+cwDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnBraTEudGVycmF0cmFuc2l0LmRlL3JlcG8v
VGVycmFUcmFuc2l0LzIvMDdBOEFGMkI1RkU4MzFGRjU4OUVCMzhBRTNDMDI1Q0U4
NzFGMjNFNy5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0I2aXZLMV9vTWY5WW5y
T0s0OEFsem9jZkktYy5jZXIwgYIGCCsGAQUFBwELBHYwdDByBggrBgEFBQcwC4Zm
cnN5bmM6Ly9ycGtpMS50ZXJyYXRyYW5zaXQuZGUvcmVwby9UZXJyYVRyYW5zaXQv
Mi8zNDM1MmUzODJlMzEzNDM4MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzMzMzM1
MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAEtCJQwDQYJKoZIhvcNAQELBQADggEBAGAMUCO9qhcAT5dL
tTPwDinTGcLPSbKhe/4u5sYqcePO8SbVIFizDN1JUgZ5n/51avt3V75d8xTlOaOb
Us0Tqq1KXON7ufh7o4SouNSJHZofjryCWF1EV9ot4zfTUX8rj6BNqp0hpdx67MsO
hTr2xDo96lXkKB7ZEnbnzTPNhveUMR5kmKooxWMMkc+pTX5fAC3mQvBhZS9XdZAn
MPw/3T5ZIuUGAP/M/Ik9jvJyUVfDjuRZe0ol2a3H5qHDXsWx9beN4N89miNblTfx
v88rP7xSR7DSYu0lnUEA98psBMMtBBay4cPBhDeB8Q5cpvxupsf3p5H7KiNJdx0T
/OBdRQE=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:47 2023 by rpki-client on console-fra.rpki-client.org