Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3138352e32392e3136362e302f32342d3234203d3e20383334.roa
File:                     3138352e32392e3136362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          10ZpTky0pOBtAPGOcNmuP3cX8vOL9stpVhzi5Yx+uCg=
Subject key identifier:   4A:8D:D5:C3:4C:00:FD:C8:7C:9D:C6:28:3F:D5:88:D8:82:91:2C:45
Certificate issuer:       /CN=3a96802395455ca00679c41d5c056cae95d4b57d
Certificate serial:       69D868411749AFAAADF584B55F7560D4C44796FC
Authority key identifier: 3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3138352e32392e3136362e302f32342d3234203d3e20383334.roa
Signing time:             Wed 22 Mar 2023 15:29:41 +0000
ROA not before:           Wed 22 Mar 2023 15:24:41 +0000
ROA not after:            Wed 20 Mar 2024 15:29:41 +0000
asID:                     834
IP address blocks:        185.29.166.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:d8:68:41:17:49:af:aa:ad:f5:84:b5:5f:75:60:d4:c4:47:96:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a96802395455ca00679c41d5c056cae95d4b57d
        Validity
            Not Before: Mar 22 15:24:41 2023 GMT
            Not After : Mar 20 15:29:41 2024 GMT
        Subject: CN=4A8DD5C34C00FDC87C9DC6283FD588D882912C45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:19:a2:e9:7d:a2:00:f7:8b:1f:7b:d2:62:d4:
                    79:3f:8a:c5:8c:59:96:e3:91:80:0b:10:8c:af:30:
                    6f:96:31:9f:49:a4:df:0c:91:76:f2:f3:d6:aa:d0:
                    63:a4:b0:70:cf:8b:02:22:ab:2d:99:f8:4e:ff:e1:
                    1c:73:20:68:bb:23:b0:35:0b:a1:ab:d0:7d:63:66:
                    0d:37:a6:f9:fc:e2:92:4e:ab:fa:59:06:b5:0e:07:
                    cb:f0:b8:54:48:7a:03:6a:97:5b:22:d5:1c:97:63:
                    dd:a5:db:7c:dc:34:a7:cf:48:a5:55:24:e6:b1:98:
                    41:fd:6a:25:c1:ed:af:54:12:36:03:ce:37:6d:c6:
                    a3:1e:3b:cb:b0:60:e8:b2:03:f1:2e:de:dc:ae:45:
                    a3:ac:33:d9:75:f0:1a:b0:91:02:4d:4e:ad:91:59:
                    70:e5:ef:4a:f2:1a:f9:8a:2d:e8:84:07:df:49:c0:
                    a6:b4:3e:c6:3e:d3:17:ca:7b:3b:82:b4:ef:06:60:
                    e6:a1:33:47:af:8e:a7:1d:b3:60:15:69:96:7c:d0:
                    f4:a5:5d:a5:f4:8f:91:54:7d:ef:96:9d:cc:2b:2e:
                    0d:40:e0:e0:52:76:fe:2c:a2:73:49:d2:eb:0a:86:
                    ee:2a:fb:94:23:21:44:08:3b:4e:58:2b:a2:19:fb:
                    fb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8D:D5:C3:4C:00:FD:C8:7C:9D:C6:28:3F:D5:88:D8:82:91:2C:45
            X509v3 Authority Key Identifier:
                keyid:3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3A96802395455CA00679C41D5C056CAE95D4B57D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3138352e32392e3136362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:7e:21:d7:a2:6f:0c:96:1c:3a:65:07:ee:7a:7e:e7:97:74:
         50:5d:61:79:71:52:10:b9:05:3e:85:2b:21:52:02:06:61:77:
         da:5d:8c:f5:9b:d2:62:05:42:2d:db:0c:48:30:f8:9b:14:47:
         f4:d9:10:42:a6:70:71:1d:26:90:c2:93:1d:f4:c0:c4:c7:89:
         2a:48:76:ad:e1:bc:d4:06:fa:93:6f:e6:b7:49:dd:57:47:9b:
         f8:51:7a:75:ad:92:d9:ad:77:7b:1f:48:98:5b:c1:da:10:6a:
         74:b3:c8:53:3c:77:06:02:f2:05:06:ce:e4:41:05:d3:63:3d:
         ac:98:c2:7b:1a:64:87:fa:2d:45:7b:11:fe:51:54:f9:1b:cb:
         f4:61:77:cc:4e:71:df:4c:78:da:df:9c:65:45:49:48:f5:f9:
         57:a7:c0:6b:9b:fb:aa:bd:a9:3b:9b:72:b1:4f:01:92:4a:f0:
         e9:ba:30:ea:31:96:23:05:bc:7e:73:af:fc:66:9f:c4:3d:27:
         2b:4c:b0:78:ce:2c:d9:e3:9a:69:14:e1:44:fa:fe:1e:ba:fd:
         77:54:60:6c:ec:93:fe:38:e2:d3:a7:7c:41:d7:59:3b:12:e0:
         2f:87:b0:bd:c0:51:ac:aa:46:5c:f3:a5:29:01:89:23:c4:c6:
         e1:99:78:55
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUadhoQRdJr6qt9YS1X3Vg1MRHlvwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2E5NjgwMjM5NTQ1NWNhMDA2NzljNDFkNWMwNTZjYWU5
NWQ0YjU3ZDAeFw0yMzAzMjIxNTI0NDFaFw0yNDAzMjAxNTI5NDFaMDMxMTAvBgNV
BAMTKDRBOERENUMzNEMwMEZEQzg3QzlEQzYyODNGRDU4OEQ4ODI5MTJDNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoGaLpfaIA94sfe9Ji1Hk/isWM
WZbjkYALEIyvMG+WMZ9JpN8MkXby89aq0GOksHDPiwIiqy2Z+E7/4RxzIGi7I7A1
C6Gr0H1jZg03pvn84pJOq/pZBrUOB8vwuFRIegNql1si1RyXY92l23zcNKfPSKVV
JOaxmEH9aiXB7a9UEjYDzjdtxqMeO8uwYOiyA/Eu3tyuRaOsM9l18BqwkQJNTq2R
WXDl70ryGvmKLeiEB99JwKa0PsY+0xfKezuCtO8GYOahM0evjqcds2AVaZZ80PSl
XaX0j5FUfe+WncwrLg1A4OBSdv4sonNJ0usKhu4q+5QjIUQIO05YK6IZ+/tnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUSo3Vw0wA/ch8ncYoP9WI2IKRLEUwHwYDVR0j
BBgwFoAUOpaAI5VFXKAGecQdXAVsrpXUtX0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTJmZmJjZTctODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2Vl
Nzg4LzAvM0E5NjgwMjM5NTQ1NUNBMDA2NzlDNDFENUMwNTZDQUU5NUQ0QjU3RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09wYUFJNVZGWEtBR2VjUWRYQVZzcnBY
VXRYMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTJmZmJjZTct
ODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2VlNzg4LzAvMzEzODM1MmUzMjM5MmUzMTM2
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5HaYw
DQYJKoZIhvcNAQELBQADggEBAFt+IdeibwyWHDplB+56fueXdFBdYXlxUhC5BT6F
KyFSAgZhd9pdjPWb0mIFQi3bDEgw+JsUR/TZEEKmcHEdJpDCkx30wMTHiSpIdq3h
vNQG+pNv5rdJ3VdHm/hRenWtktmtd3sfSJhbwdoQanSzyFM8dwYC8gUGzuRBBdNj
PayYwnsaZIf6LUV7Ef5RVPkby/Rhd8xOcd9MeNrfnGVFSUj1+VenwGub+6q9qTub
crFPAZJK8Om6MOoxliMFvH5zr/xmn8Q9JytMsHjOLNnjmmkU4UT6/h66/XdUYGzs
k/444tOnfEHXWTsS4C+HsL3AUayqRlzzpSkBiSPExuGZeFU=
-----END CERTIFICATE-----
Generated at Wed Sep 13 09:29:50 2023 by rpki-client on console-fra.rpki-client.org