Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/3138352e3232392e3232332e302f32342d3234203d3e20383334.roa
File:                     3138352e3232392e3232332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          75kN0AzlEmsqXzqYkE5pQpK8Zbbslpt0akKl5LTQGB8=
Subject key identifier:   E9:28:94:42:D6:66:24:70:B2:04:E1:F2:BC:89:88:3F:63:B1:D8:B9
Certificate issuer:       /CN=bad36cdaf43498a668b553f581ccd281ac1a8cd7
Certificate serial:       1E29A5B039584F725EEA144B8AB71CF7A4146EAB
Authority key identifier: BA:D3:6C:DA:F4:34:98:A6:68:B5:53:F5:81:CC:D2:81:AC:1A:8C:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/utNs2vQ0mKZotVP1gczSgawajNc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/3138352e3232392e3232332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 Nov 2023 10:15:05 +0000
ROA not before:           Tue 21 Nov 2023 10:10:05 +0000
ROA not after:            Tue 19 Nov 2024 10:15:05 +0000
asID:                     834
IP address blocks:        185.229.223.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:29:a5:b0:39:58:4f:72:5e:ea:14:4b:8a:b7:1c:f7:a4:14:6e:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bad36cdaf43498a668b553f581ccd281ac1a8cd7
        Validity
            Not Before: Nov 21 10:10:05 2023 GMT
            Not After : Nov 19 10:15:05 2024 GMT
        Subject: CN=E9289442D6662470B204E1F2BC89883F63B1D8B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:43:3c:83:d5:ae:fa:fc:4d:e7:59:5f:76:52:
                    ab:16:42:2d:56:9f:27:2b:1d:8e:7b:8e:fa:77:ae:
                    b6:be:cf:b5:49:3a:a5:03:69:b7:03:78:23:18:82:
                    0b:57:74:a6:43:f2:60:1d:a1:07:02:c8:c5:26:c0:
                    9f:56:f3:b9:86:23:77:48:38:df:91:5d:40:b8:83:
                    59:b8:aa:94:0f:cc:67:84:13:bc:db:53:57:7d:88:
                    43:27:22:c0:d5:30:1e:49:0a:4c:42:35:1c:1a:f2:
                    2c:9c:29:34:75:e9:d2:a3:79:1c:6b:12:89:f7:49:
                    23:51:0e:0b:10:af:8a:2b:68:10:35:ad:11:dd:61:
                    20:6b:7e:6a:87:4e:21:4f:64:ac:e2:0f:07:ee:0d:
                    de:2e:83:c1:ae:99:79:b1:4a:bf:ce:3b:5c:ec:7c:
                    fc:80:74:f9:59:13:10:9f:2a:36:5d:ca:f1:58:93:
                    5c:44:84:e8:19:cb:29:51:b3:b3:ee:1d:d6:20:78:
                    c8:47:ad:ee:7c:41:28:3d:c2:1b:c0:2c:92:d9:6c:
                    42:23:54:85:c2:c3:18:28:7e:47:21:ba:de:89:89:
                    07:5e:84:54:05:48:5d:0c:8d:be:b1:8c:86:e9:43:
                    19:be:00:6c:5b:e2:f5:c7:24:01:d9:31:72:d6:92:
                    13:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:28:94:42:D6:66:24:70:B2:04:E1:F2:BC:89:88:3F:63:B1:D8:B9
            X509v3 Authority Key Identifier:
                keyid:BA:D3:6C:DA:F4:34:98:A6:68:B5:53:F5:81:CC:D2:81:AC:1A:8C:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/BAD36CDAF43498A668B553F581CCD281AC1A8CD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/utNs2vQ0mKZotVP1gczSgawajNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/3138352e3232392e3232332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3e:a6:0e:5c:08:c5:29:de:96:9f:25:c8:4e:9e:b5:99:81:
         f0:46:e5:b1:bc:41:65:af:7c:e7:2c:16:7b:55:73:c5:dc:3f:
         bd:0e:b5:99:cc:7e:e6:59:84:6e:bd:d6:3e:5c:61:b5:ca:dd:
         a7:15:9c:a0:4b:31:0b:e0:20:d4:90:35:b2:a6:11:17:5d:48:
         7c:15:81:44:f6:17:cc:02:3e:c9:03:c9:dd:57:44:96:56:c7:
         6b:0f:7a:39:66:fe:67:dd:8d:db:c8:3d:8b:4f:b1:2c:2f:9f:
         6e:b8:67:3d:22:5f:9d:29:1e:3d:8d:3f:0e:92:3f:bd:43:73:
         3b:61:95:77:c0:ea:bf:fb:a3:f8:4b:09:c6:ba:d1:40:5a:fc:
         3c:07:d9:63:a7:78:fc:af:49:88:ce:dc:80:6f:7b:57:8e:7f:
         bb:a2:1c:1c:48:49:e3:c4:1d:79:10:01:3f:7b:59:ca:2f:99:
         7d:33:f0:67:eb:56:53:cb:79:ca:c9:37:6c:26:e7:19:5a:fc:
         4a:18:80:4a:9b:f1:9b:09:4d:2e:6f:ef:bd:73:e5:fa:aa:94:
         e3:7c:b3:61:7a:30:c7:85:d6:86:22:41:8c:85:d0:49:23:44:
         80:1a:ed:4c:d0:10:ca:5b:93:67:10:18:99:e9:f0:1d:79:28:
         e0:6b:c9:eb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHimlsDlYT3Je6hRLircc96QUbqswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYmFkMzZjZGFmNDM0OThhNjY4YjU1M2Y1ODFjY2QyODFh
YzFhOGNkNzAeFw0yMzExMjExMDEwMDVaFw0yNDExMTkxMDE1MDVaMDMxMTAvBgNV
BAMTKEU5Mjg5NDQyRDY2NjI0NzBCMjA0RTFGMkJDODk4ODNGNjNCMUQ4QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfQzyD1a76/E3nWV92UqsWQi1W
nycrHY57jvp3rra+z7VJOqUDabcDeCMYggtXdKZD8mAdoQcCyMUmwJ9W87mGI3dI
ON+RXUC4g1m4qpQPzGeEE7zbU1d9iEMnIsDVMB5JCkxCNRwa8iycKTR16dKjeRxr
Eon3SSNRDgsQr4oraBA1rRHdYSBrfmqHTiFPZKziDwfuDd4ug8GumXmxSr/OO1zs
fPyAdPlZExCfKjZdyvFYk1xEhOgZyylRs7PuHdYgeMhHre58QSg9whvALJLZbEIj
VIXCwxgofkchut6JiQdehFQFSF0Mjb6xjIbpQxm+AGxb4vXHJAHZMXLWkhPzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6SiUQtZmJHCyBOHyvImIP2Ox2LkwHwYDVR0j
BBgwFoAUutNs2vQ0mKZotVP1gczSgawajNcwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjE3NDc5ZDEtOTVkOC00YTE0LThlZTItZGUxMDBjNjY3
NzRjLzAvQkFEMzZDREFGNDM0OThBNjY4QjU1M0Y1ODFDQ0QyODFBQzFBOENENy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3V0TnMydlEwbUtab3RWUDFnY3pTZ2F3
YWpOYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjE3NDc5ZDEt
OTVkOC00YTE0LThlZTItZGUxMDBjNjY3NzRjLzAvMzEzODM1MmUzMjMyMzkyZTMy
MzIzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnl
3zANBgkqhkiG9w0BAQsFAAOCAQEAAT6mDlwIxSnelp8lyE6etZmB8EblsbxBZa98
5ywWe1Vzxdw/vQ61mcx+5lmEbr3WPlxhtcrdpxWcoEsxC+Ag1JA1sqYRF11IfBWB
RPYXzAI+yQPJ3VdEllbHaw96OWb+Z92N28g9i0+xLC+fbrhnPSJfnSkePY0/DpI/
vUNzO2GVd8Dqv/uj+EsJxrrRQFr8PAfZY6d4/K9JiM7cgG97V45/u6IcHEhJ48Qd
eRABP3tZyi+ZfTPwZ+tWU8t5ysk3bCbnGVr8ShiASpvxmwlNLm/vvXPl+qqU43yz
YXowx4XWhiJBjIXQSSNEgBrtTNAQyluTZxAYmenwHXko4GvJ6w==
-----END CERTIFICATE-----
Generated at Thu Jan 25 21:34:03 2024 by rpki-client on console-ams.rpki-client.org