Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/853e39-7482-475d-b488-b16972aab679/1/M5IPh7t-6GOYgCSLRDRqkoBS6O8.roa
File:                     M5IPh7t-6GOYgCSLRDRqkoBS6O8.roa (raw, json)
Hash identifier:          cHll0ffSr4+YK0mRqmHn3lry9p/qEJjCb4ZczcZV7jc=
Subject key identifier:   33:92:0F:87:BB:7E:E8:63:98:80:24:8B:44:34:6A:92:80:52:E8:EF
Certificate issuer:       /CN=5a4c72c766b13224f8487a4f1b1b41cb88cfa712
Certificate serial:       01856FCBBE3D704F48F7CF51E96CCEFA6432
Authority key identifier: 5A:4C:72:C7:66:B1:32:24:F8:48:7A:4F:1B:1B:41:CB:88:CF:A7:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wkxyx2axMiT4SHpPGxtBy4jPpxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/853e39-7482-475d-b488-b16972aab679/1/M5IPh7t-6GOYgCSLRDRqkoBS6O8.roa
Signing time:             Mon 02 Jan 2023 00:05:01 +0000
ROA not before:           Mon 02 Jan 2023 00:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209003
IP address blocks:        91.208.108.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:cb:be:3d:70:4f:48:f7:cf:51:e9:6c:ce:fa:64:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4c72c766b13224f8487a4f1b1b41cb88cfa712
        Validity
            Not Before: Jan  2 00:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33920f87bb7ee8639880248b44346a928052e8ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c0:c2:40:10:da:a7:41:f3:74:14:45:e7:2a:
                    a8:e2:6b:3d:0e:5c:49:87:de:3e:18:fa:3a:71:3d:
                    c0:d0:b5:41:9f:7d:a0:3a:eb:b1:f4:bf:f4:ec:70:
                    00:a4:4f:06:b5:6d:27:0f:68:c9:9a:80:73:58:b5:
                    03:9e:7f:be:a3:fa:76:f6:2c:d7:58:61:2d:39:92:
                    4f:97:d5:63:b1:a3:8d:f4:69:40:ff:f7:70:bb:01:
                    5b:85:0a:b9:9f:83:1e:27:f1:07:58:c5:b9:7e:cc:
                    d4:b1:86:0a:87:9f:89:fb:55:2d:cd:be:a0:e1:b9:
                    94:f9:c7:c3:77:33:3b:7d:79:93:47:21:06:1c:89:
                    a9:f4:4a:a5:0b:36:d6:c9:3d:b7:4b:e7:a2:63:d5:
                    76:49:f0:33:41:73:a4:f4:1b:6f:0c:02:3d:f3:2b:
                    2b:5d:7e:ae:79:cc:9f:2d:db:8b:b2:53:36:78:da:
                    30:52:1c:9b:69:7b:24:52:43:ef:74:36:07:33:e8:
                    60:d8:5f:bf:46:b6:63:64:d3:3b:6f:75:5d:d0:fb:
                    47:a1:5c:b7:73:54:b8:57:99:34:4a:06:95:e0:19:
                    c2:be:73:11:d7:51:97:43:1c:97:9f:a7:1b:30:fa:
                    d2:49:c0:18:1a:f0:6e:33:e6:10:98:6d:89:4b:c5:
                    09:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:92:0F:87:BB:7E:E8:63:98:80:24:8B:44:34:6A:92:80:52:E8:EF
            X509v3 Authority Key Identifier:
                keyid:5A:4C:72:C7:66:B1:32:24:F8:48:7A:4F:1B:1B:41:CB:88:CF:A7:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wkxyx2axMiT4SHpPGxtBy4jPpxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/853e39-7482-475d-b488-b16972aab679/1/M5IPh7t-6GOYgCSLRDRqkoBS6O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/853e39-7482-475d-b488-b16972aab679/1/Wkxyx2axMiT4SHpPGxtBy4jPpxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:09:2b:7b:78:fd:90:c7:f2:ec:5c:71:54:45:20:8c:b1:e6:
         38:8d:1b:86:bb:e0:5c:2f:fc:f7:1b:75:a1:ca:65:a6:96:d2:
         2e:e0:f3:2f:55:0a:e5:c0:85:18:8f:82:e7:0d:00:ae:8c:74:
         87:10:e9:ec:5d:be:ab:f8:94:a0:d7:53:a2:6d:e1:4c:92:5c:
         b9:6a:7f:3f:4c:27:7d:b6:bd:73:7f:49:29:aa:79:f6:5b:a2:
         db:2a:5f:3d:c8:a6:76:f7:33:8c:e3:2f:3e:cd:eb:a3:e6:59:
         23:9d:b8:41:7e:cb:07:06:3e:e9:17:9b:c1:98:00:60:09:de:
         b6:5d:01:64:42:a2:2c:15:f1:b3:80:71:1b:72:a5:98:c0:76:
         59:f7:04:b7:8e:07:0c:5a:dd:96:ec:6a:c7:4e:28:c7:bc:21:
         9d:a3:21:23:1c:e5:af:93:0e:3e:c5:36:59:93:c6:fc:4f:78:
         96:26:a6:37:30:f8:07:9a:eb:73:93:07:78:30:5d:2a:59:6b:
         c5:21:d1:43:51:87:a5:82:6b:9b:2b:8f:19:c1:f2:3d:d8:f7:
         e5:6f:84:98:c5:8d:81:8c:38:39:3b:ce:30:ae:a2:d2:34:25:
         6f:c3:e3:97:12:37:6e:fc:24:3a:11:f9:80:05:65:d3:ad:f4:
         3b:ca:92:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvy749cE9I989R6WzO+mQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGM3MmM3NjZiMTMyMjRmODQ4N2E0ZjFiMWI0MWNiODhj
ZmE3MTIwHhcNMjMwMTAyMDAwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzkyMGY4N2JiN2VlODYzOTg4MDI0OGI0NDM0NmE5MjgwNTJlOGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMDCQBDap0HzdBRF5yqo4ms9DlxJ
h94+GPo6cT3A0LVBn32gOuux9L/07HAApE8GtW0nD2jJmoBzWLUDnn++o/p29izX
WGEtOZJPl9VjsaON9GlA//dwuwFbhQq5n4MeJ/EHWMW5fszUsYYKh5+J+1Utzb6g
4bmU+cfDdzM7fXmTRyEGHImp9EqlCzbWyT23S+eiY9V2SfAzQXOk9BtvDAI98ysr
XX6uecyfLduLslM2eNowUhybaXskUkPvdDYHM+hg2F+/RrZjZNM7b3Vd0PtHoVy3
c1S4V5k0SgaV4BnCvnMR11GXQxyXn6cbMPrSScAYGvBuM+YQmG2JS8UJTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOSD4e7fuhjmIAki0Q0apKAUujvMB8GA1UdIwQY
MBaAFFpMcsdmsTIk+Eh6TxsbQcuIz6cSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2t4eXgyYXhNaVQ0U0hwUEd4dEJ5NGpQcHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni84NTNlMzktNzQ4Mi00NzVkLWI0ODgt
YjE2OTcyYWFiNjc5LzEvTTVJUGg3dC02R09ZZ0NTTFJEUnFrb0JTNk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni84NTNlMzktNzQ4Mi00NzVkLWI0ODgtYjE2OTcyYWFiNjc5
LzEvV2t4eXgyYXhNaVQ0U0hwUEd4dEJ5NGpQcHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BsMA0G
CSqGSIb3DQEBCwUAA4IBAQCFCSt7eP2Qx/LsXHFURSCMseY4jRuGu+BcL/z3G3Wh
ymWmltIu4PMvVQrlwIUYj4LnDQCujHSHEOnsXb6r+JSg11OibeFMkly5an8/TCd9
tr1zf0kpqnn2W6LbKl89yKZ29zOM4y8+zeuj5lkjnbhBfssHBj7pF5vBmABgCd62
XQFkQqIsFfGzgHEbcqWYwHZZ9wS3jgcMWt2W7GrHTijHvCGdoyEjHOWvkw4+xTZZ
k8b8T3iWJqY3MPgHmutzkwd4MF0qWWvFIdFDUYelgmubK48ZwfI92Pflb4SYxY2B
jDg5O84wrqLSNCVvw+OXEjdu/CQ6EfmABWXTrfQ7ypIc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:40 2024 by rpki-client on console-fra.rpki-client.org