Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/33312e362e32342e302f32322d3234203d3e20383334.roa
File:                     33312e362e32342e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          ORYxEx+mLoFkBnMpOv3kry3/iuoVMBIEtQwR4/88PaI=
Subject key identifier:   D8:EF:0B:2F:C8:08:6B:E0:78:FD:FF:D6:91:55:67:71:77:66:26:43
Certificate issuer:       /CN=3a96802395455ca00679c41d5c056cae95d4b57d
Certificate serial:       20F9773D56FAEB87A834C1594626CE818B80B822
Authority key identifier: 3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/33312e362e32342e302f32322d3234203d3e20383334.roa
Signing time:             Wed 22 Mar 2023 15:29:43 +0000
ROA not before:           Wed 22 Mar 2023 15:24:43 +0000
ROA not after:            Wed 20 Mar 2024 15:29:43 +0000
asID:                     834
IP address blocks:        31.6.24.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f9:77:3d:56:fa:eb:87:a8:34:c1:59:46:26:ce:81:8b:80:b8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a96802395455ca00679c41d5c056cae95d4b57d
        Validity
            Not Before: Mar 22 15:24:43 2023 GMT
            Not After : Mar 20 15:29:43 2024 GMT
        Subject: CN=D8EF0B2FC8086BE078FDFFD69155677177662643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0a:bc:c4:ce:62:8e:e4:a1:bd:16:cd:e9:06:
                    88:0d:2d:73:52:fc:d3:2b:c1:93:23:ad:9f:05:1e:
                    0a:4a:c7:9b:34:73:38:eb:59:8e:92:17:32:1e:63:
                    d8:5c:d0:2e:74:10:87:f4:1a:84:2c:e7:eb:72:06:
                    4e:5a:c4:9d:50:12:bb:fb:44:a1:68:69:6b:da:67:
                    83:8b:9f:48:8f:2b:04:ba:53:bb:c2:ff:03:f1:34:
                    ac:19:2a:35:b7:cb:86:0c:6b:36:42:8f:f8:d7:2c:
                    d3:55:57:5e:e8:2b:d8:96:e0:ba:7e:52:bb:c9:e2:
                    5a:e2:83:6c:a8:09:de:42:1d:e4:42:03:e2:e2:e9:
                    98:07:04:57:52:91:fb:fb:10:9f:1b:8f:ee:77:94:
                    89:77:88:3d:0f:93:53:ef:d9:b6:68:14:75:ee:d0:
                    78:eb:92:68:1d:13:78:7f:95:4c:55:d7:5f:fb:f1:
                    e7:bc:32:25:58:94:fd:a1:79:9f:3c:73:c5:ca:91:
                    8a:f1:39:6a:5f:98:a8:d0:31:4e:e2:6c:12:90:9f:
                    38:a3:84:84:ec:09:40:fe:46:4a:8e:c6:1e:44:69:
                    0c:4e:c1:0a:80:86:ba:4e:d6:bb:b6:8d:22:ac:96:
                    e0:33:9a:a3:a7:cf:03:f8:01:57:73:b9:5b:32:2e:
                    7c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:EF:0B:2F:C8:08:6B:E0:78:FD:FF:D6:91:55:67:71:77:66:26:43
            X509v3 Authority Key Identifier:
                keyid:3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3A96802395455CA00679C41D5C056CAE95D4B57D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/33312e362e32342e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:66:2e:94:68:1e:bc:b3:2b:1b:18:12:3b:42:ca:25:aa:fa:
         11:cc:ea:31:14:c3:ab:56:5c:8e:94:f1:cc:57:be:f1:c7:77:
         1f:06:99:cc:4c:53:e9:cb:a1:e5:b5:7d:54:3e:35:99:34:c9:
         50:af:a7:b9:b7:0f:fe:0c:87:87:fa:e4:7c:b3:d4:35:70:bc:
         75:40:01:16:06:c5:d9:d5:99:27:c0:4e:15:68:f8:e2:1a:02:
         b4:14:c3:ed:c7:bb:1c:ca:1f:cd:2a:12:87:a6:48:40:be:b3:
         20:dc:10:2c:64:1b:80:ce:50:fc:74:9f:b7:67:10:3b:99:f3:
         fb:e0:e3:5a:cc:c9:cb:87:5b:25:22:51:b1:7a:79:24:eb:77:
         9d:e6:91:53:24:a6:70:fb:db:e9:f1:1b:eb:23:8a:9b:d1:5e:
         e8:88:f8:c5:65:ba:1f:89:1d:dd:1f:3a:08:8b:c6:47:c9:cc:
         27:db:91:1d:6c:4b:ce:02:44:9d:8e:4e:ef:8d:b9:ad:50:2c:
         51:ac:63:f5:a7:a6:82:13:85:79:07:e0:d0:55:2e:5d:35:83:
         86:18:fa:17:24:c1:53:58:1c:e2:00:e2:9a:a3:34:68:27:c6:
         da:26:14:52:f5:03:6e:fb:d1:28:27:47:cc:0c:f8:aa:da:94:
         4c:c5:47:0e
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUIPl3PVb664eoNMFZRibOgYuAuCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2E5NjgwMjM5NTQ1NWNhMDA2NzljNDFkNWMwNTZjYWU5
NWQ0YjU3ZDAeFw0yMzAzMjIxNTI0NDNaFw0yNDAzMjAxNTI5NDNaMDMxMTAvBgNV
BAMTKEQ4RUYwQjJGQzgwODZCRTA3OEZERkZENjkxNTU2NzcxNzc2NjI2NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCrzEzmKO5KG9Fs3pBogNLXNS
/NMrwZMjrZ8FHgpKx5s0czjrWY6SFzIeY9hc0C50EIf0GoQs5+tyBk5axJ1QErv7
RKFoaWvaZ4OLn0iPKwS6U7vC/wPxNKwZKjW3y4YMazZCj/jXLNNVV17oK9iW4Lp+
UrvJ4lrig2yoCd5CHeRCA+Li6ZgHBFdSkfv7EJ8bj+53lIl3iD0Pk1Pv2bZoFHXu
0HjrkmgdE3h/lUxV11/78ee8MiVYlP2heZ88c8XKkYrxOWpfmKjQMU7ibBKQnzij
hITsCUD+RkqOxh5EaQxOwQqAhrpO1ru2jSKsluAzmqOnzwP4AVdzuVsyLnyFAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQU2O8LL8gIa+B4/f/WkVVncXdmJkMwHwYDVR0j
BBgwFoAUOpaAI5VFXKAGecQdXAVsrpXUtX0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTJmZmJjZTctODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2Vl
Nzg4LzAvM0E5NjgwMjM5NTQ1NUNBMDA2NzlDNDFENUMwNTZDQUU5NUQ0QjU3RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09wYUFJNVZGWEtBR2VjUWRYQVZzcnBY
VXRYMC5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTJmZmJjZTct
ODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2VlNzg4LzAvMzMzMTJlMzYyZTMyMzQyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIfBhgwDQYJKoZI
hvcNAQELBQADggEBAHtmLpRoHryzKxsYEjtCyiWq+hHM6jEUw6tWXI6U8cxXvvHH
dx8GmcxMU+nLoeW1fVQ+NZk0yVCvp7m3D/4Mh4f65Hyz1DVwvHVAARYGxdnVmSfA
ThVo+OIaArQUw+3HuxzKH80qEoemSEC+syDcECxkG4DOUPx0n7dnEDuZ8/vg41rM
ycuHWyUiUbF6eSTrd53mkVMkpnD72+nxG+sjipvRXuiI+MVluh+JHd0fOgiLxkfJ
zCfbkR1sS84CRJ2OTu+Nua1QLFGsY/WnpoIThXkH4NBVLl01g4YY+hckwVNYHOIA
4pqjNGgnxtomFFL1A2770SgnR8wM+KralEzFRw4=
-----END CERTIFICATE-----
Generated at Wed Sep 13 09:29:50 2023 by rpki-client on console-fra.rpki-client.org