Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/6/3138352e3139392e3130332e302f32342d3332203d3e20313336373837.roa
File:                     3138352e3139392e3130332e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          DfBnJ+Fg86UIpvYKz1+rHIBZgyxNqqY4WxHa42N6QkQ=
Subject key identifier:   33:9D:DB:2B:11:18:4C:1C:25:15:2D:81:CD:F5:9B:C0:06:F2:E6:E4
Certificate issuer:       /CN=bb8a2c88c52554d49f6b790137c3bab687b2f956
Certificate serial:       3AD58A50A57243C2E55123339EAC0482D701E53B
Authority key identifier: BB:8A:2C:88:C5:25:54:D4:9F:6B:79:01:37:C3:BA:B6:87:B2:F9:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4osiMUlVNSfa3kBN8O6toey-VY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/6/3138352e3139392e3130332e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 27 Mar 2023 08:27:17 +0000
ROA not before:           Mon 27 Mar 2023 08:22:17 +0000
ROA not after:            Mon 25 Mar 2024 08:27:17 +0000
asID:                     136787
IP address blocks:        185.199.103.0/24 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:d5:8a:50:a5:72:43:c2:e5:51:23:33:9e:ac:04:82:d7:01:e5:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8a2c88c52554d49f6b790137c3bab687b2f956
        Validity
            Not Before: Mar 27 08:22:17 2023 GMT
            Not After : Mar 25 08:27:17 2024 GMT
        Subject: CN=339DDB2B11184C1C25152D81CDF59BC006F2E6E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:20:94:a5:c4:ce:5d:c5:26:3f:a5:18:c4:b6:
                    e7:5e:28:2b:11:23:80:ad:ab:04:9c:bb:52:ab:37:
                    36:1e:1c:61:5a:98:2a:a3:7c:e8:e0:eb:d7:b9:a2:
                    b9:26:ec:55:8d:28:da:22:c5:b9:e4:f2:91:67:a4:
                    3a:fe:9b:5b:e2:0b:b5:bb:9a:81:29:b9:66:a8:72:
                    4c:ba:3e:9b:48:d0:77:df:6f:66:63:da:7e:0c:6c:
                    30:a9:de:1e:f7:55:21:a4:b8:88:f3:77:cb:d5:78:
                    10:bf:2e:77:04:81:f1:b7:d8:da:57:94:1a:db:72:
                    57:69:7a:66:90:c2:e6:a6:64:ba:2f:80:fe:f1:49:
                    a5:0f:d5:2d:ca:d4:db:33:83:5e:4e:27:bc:f8:bd:
                    49:69:d5:4d:ce:b4:a5:a3:bc:ef:92:a1:80:f1:18:
                    93:ac:85:51:c3:f1:40:e2:6d:c2:53:64:95:a0:10:
                    3c:5a:6f:0d:8e:32:67:79:56:37:d0:3e:56:3b:d9:
                    7a:f5:fb:a7:7a:6f:e5:97:bd:cd:26:16:3b:b6:d9:
                    fd:a8:f1:41:e3:99:33:02:cb:58:ad:c6:0b:0b:22:
                    b1:17:2b:3c:87:49:a4:de:f9:7f:b7:41:a0:9b:5a:
                    5e:83:5e:6c:4e:71:89:9e:5f:cb:e8:4b:6e:76:af:
                    b6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9D:DB:2B:11:18:4C:1C:25:15:2D:81:CD:F5:9B:C0:06:F2:E6:E4
            X509v3 Authority Key Identifier:
                keyid:BB:8A:2C:88:C5:25:54:D4:9F:6B:79:01:37:C3:BA:B6:87:B2:F9:56

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/6/BB8A2C88C52554D49F6B790137C3BAB687B2F956.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4osiMUlVNSfa3kBN8O6toey-VY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/6/3138352e3139392e3130332e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f9:0a:b4:95:3e:83:a5:90:20:bf:e8:cd:70:3b:be:d3:c7:
         fd:7a:f9:4c:e6:ee:44:9a:7c:ce:bd:4f:5f:a0:13:5e:01:6d:
         22:c4:90:ec:65:35:b7:45:de:26:bb:78:20:5c:a3:84:c8:e5:
         eb:6a:7b:dc:88:7f:fa:90:f0:58:f5:7e:58:65:f9:d1:af:6a:
         0c:3b:9e:8d:7f:2d:84:7c:d2:35:93:44:a9:c2:62:e8:b4:8f:
         5e:89:7b:ac:5c:c7:38:15:3f:56:19:32:ab:fb:83:62:c0:6f:
         aa:cc:05:85:3a:f4:bd:8f:38:97:f3:df:60:b1:2c:63:ca:04:
         e5:f1:93:5f:bf:a9:18:95:1b:a9:a2:43:5b:8f:9a:b7:48:54:
         f9:b1:6a:90:0c:02:60:88:2a:92:0f:6c:de:dd:e9:37:18:82:
         a6:fc:dd:da:53:fe:86:7a:2d:b1:17:6c:9f:36:5e:0e:0d:99:
         d5:9b:22:4a:04:32:39:7d:01:b9:26:3b:01:d4:59:78:4c:4b:
         ba:bf:49:01:f7:c2:e4:3d:d6:bf:6f:8a:c1:c8:de:b4:96:55:
         9a:80:88:af:e3:67:7f:16:68:b7:51:ee:cf:78:e9:6a:b6:5d:
         be:42:11:3c:53:f3:14:af:a1:da:35:67:fc:f7:54:20:0a:b8:
         c8:66:b1:52
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUOtWKUKVyQ8LlUSMznqwEgtcB5TswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYmI4YTJjODhjNTI1NTRkNDlmNmI3OTAxMzdjM2JhYjY4
N2IyZjk1NjAeFw0yMzAzMjcwODIyMTdaFw0yNDAzMjUwODI3MTdaMDMxMTAvBgNV
BAMTKDMzOUREQjJCMTExODRDMUMyNTE1MkQ4MUNERjU5QkMwMDZGMkU2RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqIJSlxM5dxSY/pRjEtudeKCsR
I4CtqwScu1KrNzYeHGFamCqjfOjg69e5orkm7FWNKNoixbnk8pFnpDr+m1viC7W7
moEpuWaocky6PptI0Hffb2Zj2n4MbDCp3h73VSGkuIjzd8vVeBC/LncEgfG32NpX
lBrbcldpemaQwuamZLovgP7xSaUP1S3K1Nszg15OJ7z4vUlp1U3OtKWjvO+SoYDx
GJOshVHD8UDibcJTZJWgEDxabw2OMmd5VjfQPlY72Xr1+6d6b+WXvc0mFju22f2o
8UHjmTMCy1itxgsLIrEXKzyHSaTe+X+3QaCbWl6DXmxOcYmeX8voS252r7YJAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUM53bKxEYTBwlFS2BzfWbwAby5uQwHwYDVR0j
BBgwFoAUu4osiMUlVNSfa3kBN8O6toey+VYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzYvQkI4QTJDODhDNTI1NTRENDlGNkI3OTAxMzdDM0JBQjY4N0IyRjk1Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3U0b3NpTVVsVk5TZmEza0JOOE82dG9l
eS1WWS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzYvMzEzODM1MmUzMTM5MzkyZTMx
MzAzMzJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnHZzANBgkqhkiG9w0BAQsFAAOCAQEAb/kKtJU+g6WQIL/ozXA7vtPH/Xr5
TObuRJp8zr1PX6ATXgFtIsSQ7GU1t0XeJrt4IFyjhMjl62p73Ih/+pDwWPV+WGX5
0a9qDDuejX8thHzSNZNEqcJi6LSPXol7rFzHOBU/Vhkyq/uDYsBvqswFhTr0vY84
l/PfYLEsY8oE5fGTX7+pGJUbqaJDW4+at0hU+bFqkAwCYIgqkg9s3t3pNxiCpvzd
2lP+hnotsRdsnzZeDg2Z1ZsiSgQyOX0BuSY7AdRZeExLur9JAffC5D3Wv2+Kwcje
tJZVmoCIr+NnfxZot1Huz3jparZdvkIRPFPzFK+h2jVn/PdUIAq4yGaxUg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:01:12 2024 by rpki-client on console-ams.rpki-client.org