Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3137382e3230382e3138372e302f32342d3234203d3e203631333137.roa
File:                     3137382e3230382e3138372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          m8bhlwr+/lak5dexkcJ7cKVNTEqk5J9N/I7047gIuvg=
Subject key identifier:   F3:10:8F:AD:83:1B:05:BB:84:27:FE:54:4A:5F:20:AE:AE:26:D2:DC
Certificate issuer:       /CN=3a96802395455ca00679c41d5c056cae95d4b57d
Certificate serial:       30A9CD081D95C614B6C5D2074CDFE36439D90D28
Authority key identifier: 3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3137382e3230382e3138372e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 22 Mar 2023 15:29:41 +0000
ROA not before:           Wed 22 Mar 2023 15:24:41 +0000
ROA not after:            Wed 20 Mar 2024 15:29:41 +0000
asID:                     61317
IP address blocks:        178.208.187.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:a9:cd:08:1d:95:c6:14:b6:c5:d2:07:4c:df:e3:64:39:d9:0d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a96802395455ca00679c41d5c056cae95d4b57d
        Validity
            Not Before: Mar 22 15:24:41 2023 GMT
            Not After : Mar 20 15:29:41 2024 GMT
        Subject: CN=F3108FAD831B05BB8427FE544A5F20AEAE26D2DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b1:19:28:b9:88:13:dc:56:01:b1:93:90:ad:
                    9b:90:5b:e9:e4:5e:68:ce:42:80:14:fb:c8:fa:ab:
                    3c:2c:5b:cc:e4:30:bb:66:96:ef:35:3d:60:a0:c1:
                    fa:c2:62:61:01:a4:31:b4:03:f4:85:0f:83:89:a0:
                    40:e3:8e:7b:a4:c3:c1:a2:b6:e6:7c:69:c8:2f:c0:
                    62:66:fd:4a:fa:65:24:5a:89:41:aa:6a:5b:7d:05:
                    05:4a:a7:8f:8e:5e:8d:23:f2:07:40:02:2c:d7:a9:
                    94:a9:74:6e:cc:04:f8:15:cb:ee:98:93:f7:0d:97:
                    3c:8b:3e:8a:9d:6b:76:d8:7c:37:4b:03:f5:7d:a6:
                    e6:b0:0b:17:d2:21:7b:ea:ce:a5:c8:7b:0c:80:34:
                    2e:2b:dd:78:ec:5d:80:43:be:1a:81:37:df:99:e0:
                    5c:c4:d6:b0:38:6e:a7:c2:74:24:79:99:5f:b2:39:
                    79:11:f6:05:76:36:bb:73:6c:02:8d:65:0d:3b:99:
                    4a:c3:02:ba:bf:27:51:ac:21:95:5b:66:6a:1b:d0:
                    e1:e5:a3:3a:0f:c2:63:e9:dd:96:4f:d8:70:cc:a3:
                    9f:00:f5:4d:68:4d:d1:b5:b5:47:c3:2d:bc:43:30:
                    d4:6c:f6:b4:6e:06:3c:95:f7:30:d4:de:f5:13:40:
                    c4:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:10:8F:AD:83:1B:05:BB:84:27:FE:54:4A:5F:20:AE:AE:26:D2:DC
            X509v3 Authority Key Identifier:
                keyid:3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3A96802395455CA00679C41D5C056CAE95D4B57D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3137382e3230382e3138372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:a1:e3:38:b2:59:ef:ad:53:41:0d:f7:5a:45:47:53:01:8e:
         1f:3f:b8:97:21:19:21:9b:c8:76:b0:75:c5:e2:19:99:7b:2f:
         a6:30:19:b9:0b:ce:5b:69:d3:75:56:3f:61:ab:e7:86:ed:10:
         a3:1e:71:4c:ee:1d:fb:04:ea:db:3e:eb:b9:37:e5:2c:b2:20:
         57:d8:79:16:43:28:34:a3:66:d9:97:e5:7b:78:fb:f4:f8:5d:
         31:e3:20:16:56:7e:b2:5f:a8:e5:6e:cb:38:8b:81:a0:f4:3e:
         4f:29:a1:79:c7:08:a7:b0:3a:a9:5a:2c:b0:74:bf:c3:72:64:
         f1:ce:77:26:e8:10:36:1d:58:81:dc:d1:9d:c9:64:7c:15:f8:
         f2:4b:86:d3:59:d3:2a:d4:70:26:93:16:7e:b9:c0:03:99:cf:
         e3:d2:7f:93:be:0f:47:40:df:dd:9f:18:5c:42:d5:e3:6e:08:
         6f:83:9d:da:14:4a:13:c8:6d:8e:57:41:38:b6:80:ec:4c:ae:
         34:83:5e:b8:5c:32:44:02:ff:69:2a:7b:50:a3:35:93:a1:f3:
         df:7b:93:05:8b:22:01:69:2b:3f:5c:b2:49:b2:46:20:26:5f:
         0f:c5:8d:29:f5:96:8d:25:cd:da:1d:8f:ec:f4:9b:c4:63:c1:
         5a:32:6d:49
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUMKnNCB2VxhS2xdIHTN/jZDnZDSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2E5NjgwMjM5NTQ1NWNhMDA2NzljNDFkNWMwNTZjYWU5
NWQ0YjU3ZDAeFw0yMzAzMjIxNTI0NDFaFw0yNDAzMjAxNTI5NDFaMDMxMTAvBgNV
BAMTKEYzMTA4RkFEODMxQjA1QkI4NDI3RkU1NDRBNUYyMEFFQUUyNkQyREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgsRkouYgT3FYBsZOQrZuQW+nk
XmjOQoAU+8j6qzwsW8zkMLtmlu81PWCgwfrCYmEBpDG0A/SFD4OJoEDjjnukw8Gi
tuZ8acgvwGJm/Ur6ZSRaiUGqalt9BQVKp4+OXo0j8gdAAizXqZSpdG7MBPgVy+6Y
k/cNlzyLPoqda3bYfDdLA/V9puawCxfSIXvqzqXIewyANC4r3XjsXYBDvhqBN9+Z
4FzE1rA4bqfCdCR5mV+yOXkR9gV2NrtzbAKNZQ07mUrDArq/J1GsIZVbZmob0OHl
ozoPwmPp3ZZP2HDMo58A9U1oTdG1tUfDLbxDMNRs9rRuBjyV9zDU3vUTQMQ/AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU8xCPrYMbBbuEJ/5USl8grq4m0twwHwYDVR0j
BBgwFoAUOpaAI5VFXKAGecQdXAVsrpXUtX0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTJmZmJjZTctODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2Vl
Nzg4LzAvM0E5NjgwMjM5NTQ1NUNBMDA2NzlDNDFENUMwNTZDQUU5NUQ0QjU3RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09wYUFJNVZGWEtBR2VjUWRYQVZzcnBY
VXRYMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTJmZmJjZTct
ODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2VlNzg4LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzgzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACy0LswDQYJKoZIhvcNAQELBQADggEBAKyh4ziyWe+tU0EN91pFR1MBjh8/uJch
GSGbyHawdcXiGZl7L6YwGbkLzltp03VWP2Gr54btEKMecUzuHfsE6ts+67k35Syy
IFfYeRZDKDSjZtmX5Xt4+/T4XTHjIBZWfrJfqOVuyziLgaD0Pk8poXnHCKewOqla
LLB0v8NyZPHOdyboEDYdWIHc0Z3JZHwV+PJLhtNZ0yrUcCaTFn65wAOZz+PSf5O+
D0dA392fGFxC1eNuCG+DndoUShPIbY5XQTi2gOxMrjSDXrhcMkQC/2kqe1CjNZOh
8997kwWLIgFpKz9cskmyRiAmXw/FjSn1lo0lzdodj+z0m8RjwVoybUk=
-----END CERTIFICATE-----
Generated at Wed Sep 13 09:30:19 2023 by rpki-client on console-ams.rpki-client.org