Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/gbB9MtCgwwtMtfBHgc3Eb18XHik.roa
File:                     gbB9MtCgwwtMtfBHgc3Eb18XHik.roa (raw, json)
Hash identifier:          tsYV0Mbc79XHwHpUaXTXnF6Fmc2HQUV93i+gvsT6OPA=
Subject key identifier:   81:B0:7D:32:D0:A0:C3:0B:4C:B5:F0:47:81:CD:C4:6F:5F:17:1E:29
Certificate issuer:       /CN=58bf7f3ad53f29a3c43f0ad82017a05368c0104a
Certificate serial:       0188BDCC042B3FB48B5C155B138A049D0769
Authority key identifier: 58:BF:7F:3A:D5:3F:29:A3:C4:3F:0A:D8:20:17:A0:53:68:C0:10:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WL9_OtU_KaPEPwrYIBegU2jAEEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/gbB9MtCgwwtMtfBHgc3Eb18XHik.roa
Signing time:             Thu 15 Jun 2023 06:44:04 +0000
ROA not before:           Thu 15 Jun 2023 06:44:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        85.237.196.0/24 maxlen: 24
                          85.237.208.0/24 maxlen: 24
                          85.237.215.0/24 maxlen: 24
                          85.237.214.0/24 maxlen: 24
                          85.237.216.0/24 maxlen: 24
                          85.237.223.0/24 maxlen: 24
                          185.139.25.0/24 maxlen: 24
                          185.139.27.0/24 maxlen: 24
                          185.235.32.0/24 maxlen: 24
                          85.158.58.0/24 maxlen: 24
                          85.158.57.0/24 maxlen: 24
                          85.158.61.0/24 maxlen: 24
                          85.158.63.0/24 maxlen: 24
                          85.158.62.0/24 maxlen: 24
                          85.158.60.0/24 maxlen: 24
                          185.93.34.0/24 maxlen: 24
                          185.93.35.0/24 maxlen: 24
                          185.100.212.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bd:cc:04:2b:3f:b4:8b:5c:15:5b:13:8a:04:9d:07:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58bf7f3ad53f29a3c43f0ad82017a05368c0104a
        Validity
            Not Before: Jun 15 06:44:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81b07d32d0a0c30b4cb5f04781cdc46f5f171e29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:59:cd:fd:28:ce:32:5a:46:12:02:81:2b:0d:
                    83:d5:2d:36:3f:7d:78:06:c4:88:86:9a:3a:7c:a2:
                    5b:16:ec:ae:d0:c1:60:9b:7e:27:08:4c:3e:08:e5:
                    8d:e1:32:10:4c:eb:44:8f:91:c5:cc:53:75:23:54:
                    7c:68:42:3c:11:8a:ac:b5:93:1e:b8:f5:b2:9a:6f:
                    fc:77:c5:0a:ae:da:38:76:06:e8:5c:3b:51:39:97:
                    cd:35:09:9d:31:a1:3e:d0:47:b3:a6:ad:63:ef:a8:
                    81:19:fa:f1:fb:ae:f4:11:fc:4b:f3:3d:6f:b7:62:
                    b8:ba:27:9b:fe:24:aa:1c:4c:b1:c2:db:b6:2d:f3:
                    31:b2:ed:d5:ce:ad:70:dc:4f:68:7f:a2:34:37:e1:
                    f5:58:8f:0f:fc:ad:6d:6f:00:3f:3f:b1:4c:b3:02:
                    2c:1f:e2:96:b1:40:19:4f:f1:a4:10:2d:3d:9f:b9:
                    54:b4:f0:7b:74:31:2e:58:5b:a4:9d:fd:f8:14:26:
                    67:a2:6a:ba:45:49:65:86:ba:30:c0:53:19:48:4b:
                    78:08:5a:f5:04:3d:33:57:0e:88:18:2a:a4:16:31:
                    8c:0e:ff:20:2b:e4:11:85:b7:0f:c7:7a:25:e2:0b:
                    45:8e:5e:3e:14:dd:be:05:8e:4a:c6:d6:69:4f:7e:
                    a9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B0:7D:32:D0:A0:C3:0B:4C:B5:F0:47:81:CD:C4:6F:5F:17:1E:29
            X509v3 Authority Key Identifier:
                keyid:58:BF:7F:3A:D5:3F:29:A3:C4:3F:0A:D8:20:17:A0:53:68:C0:10:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WL9_OtU_KaPEPwrYIBegU2jAEEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/gbB9MtCgwwtMtfBHgc3Eb18XHik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/WL9_OtU_KaPEPwrYIBegU2jAEEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0-85.158.58.255
                  85.158.60.0/22
                  85.237.196.0/24
                  85.237.208.0/24
                  85.237.214.0-85.237.216.255
                  85.237.223.0/24
                  185.93.34.0/23
                  185.100.212.0/22
                  185.139.25.0/24
                  185.139.27.0/24
                  185.235.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cc:8f:bd:d0:ba:d2:65:44:01:89:91:55:c7:89:dd:1c:bf:
         3b:5d:55:93:79:87:d1:68:f7:9b:57:bd:b3:cd:8b:dd:f8:46:
         4c:71:f6:2c:32:71:0f:bb:af:f2:ec:73:76:1d:d6:51:f6:2b:
         e0:fc:38:f2:fd:5c:5d:33:3f:59:2b:fc:a2:cc:4b:21:fd:38:
         e0:41:81:c2:b1:d7:a6:ef:64:d6:89:6c:3c:e7:59:ec:b5:eb:
         1c:0c:85:73:7e:a2:ab:b2:12:30:fb:6c:f6:5e:0d:30:dd:79:
         80:b1:c1:1a:02:7c:14:8b:0b:46:46:60:9f:9c:49:90:06:4b:
         e3:6c:2f:35:67:93:70:dd:c5:a0:3f:a1:d4:19:88:dd:65:0e:
         c0:be:ff:73:e9:e0:8e:f3:b3:5c:d2:3d:d4:1e:ec:1f:ec:5d:
         63:f7:3e:d2:b2:c1:4f:01:52:f5:2a:63:f8:7e:a8:ad:51:ec:
         1a:73:5c:bc:d6:ec:40:17:ad:19:2e:50:7b:4a:9d:f3:c4:ff:
         78:a9:ae:6e:25:0e:05:31:4f:d0:4f:02:04:a7:63:c7:7d:d5:
         8f:03:7b:16:b5:de:a7:b9:da:b6:85:34:ba:07:e5:b0:eb:72:
         c0:bf:d6:b5:95:f8:59:63:5d:d3:4d:36:b7:8d:0b:aa:38:49:
         84:5c:86:af
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYi9zAQrP7SLXBVbE4oEnQdpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YmY3ZjNhZDUzZjI5YTNjNDNmMGFkODIwMTdhMDUzNjhj
MDEwNGEwHhcNMjMwNjE1MDY0NDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWIwN2QzMmQwYTBjMzBiNGNiNWYwNDc4MWNkYzQ2ZjVmMTcxZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFnN/SjOMlpGEgKBKw2D1S02P314
BsSIhpo6fKJbFuyu0MFgm34nCEw+COWN4TIQTOtEj5HFzFN1I1R8aEI8EYqstZMe
uPWymm/8d8UKrto4dgboXDtROZfNNQmdMaE+0Eezpq1j76iBGfrx+670EfxL8z1v
t2K4uieb/iSqHEyxwtu2LfMxsu3Vzq1w3E9of6I0N+H1WI8P/K1tbwA/P7FMswIs
H+KWsUAZT/GkEC09n7lUtPB7dDEuWFuknf34FCZnomq6RUllhrowwFMZSEt4CFr1
BD0zVw6IGCqkFjGMDv8gK+QRhbcPx3ol4gtFjl4+FN2+BY5KxtZpT36peQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFIGwfTLQoMMLTLXwR4HNxG9fFx4pMB8GA1UdIwQY
MBaAFFi/fzrVPymjxD8K2CAXoFNowBBKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0w5X090VV9LYVBFUHdyWUlCZWdVMmpBRUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zNjRiOTQtNmNhNC00ZjlhLTg4YTUt
OGIzZDUyN2M0OWU0LzEvZ2JCOU10Q2d3d3RNdGZCSGdjM0ViMThYSGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zNjRiOTQtNmNhNC00ZjlhLTg4YTUtOGIzZDUyN2M0OWU0
LzEvV0w5X090VV9LYVBFUHdyWUlCZWdVMmpBRUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSMAwDBABVnjkD
BABVnjoDBAJVnjwDBABV7cQDBABV7dAwDAMEAVXt1gMEAFXt2AMEAFXt3wMEAbld
IgMEArlk1AMEALmLGQMEALmLGwMEALnrIDANBgkqhkiG9w0BAQsFAAOCAQEAZcyP
vdC60mVEAYmRVceJ3Ry/O11Vk3mH0Wj3m1e9s82L3fhGTHH2LDJxD7uv8uxzdh3W
UfYr4Pw48v1cXTM/WSv8osxLIf044EGBwrHXpu9k1olsPOdZ7LXrHAyFc36iq7IS
MPts9l4NMN15gLHBGgJ8FIsLRkZgn5xJkAZL42wvNWeTcN3FoD+h1BmI3WUOwL7/
c+ngjvOzXNI91B7sH+xdY/c+0rLBTwFS9Spj+H6orVHsGnNcvNbsQBetGS5Qe0qd
88T/eKmubiUOBTFP0E8CBKdjx33VjwN7FrXep7natoU0ugflsOtywL/WtZX4WWNd
0002t40LqjhJhFyGrw==
-----END CERTIFICATE-----