Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f8aba4-e1cf-4144-9bfa-a8888e58a780/1/Gb8NwMovVXO6o9c2Y9gDSsMDgIw.roa
File:                     Gb8NwMovVXO6o9c2Y9gDSsMDgIw.roa (raw, json)
Hash identifier:          OP9tfNV4Lj8VICjFztnEk8GcVOy/OORexwSbmnfmt3Q=
Subject key identifier:   19:BF:0D:C0:CA:2F:55:73:BA:A3:D7:36:63:D8:03:4A:C3:03:80:8C
Certificate issuer:       /CN=cccb42889e5ac899c12f3486bda045a90eeff779
Certificate serial:       01856F8B97329B687C36A064AEA0BD0AEF5B
Authority key identifier: CC:CB:42:88:9E:5A:C8:99:C1:2F:34:86:BD:A0:45:A9:0E:EF:F7:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMtCiJ5ayJnBLzSGvaBFqQ7v93k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f8aba4-e1cf-4144-9bfa-a8888e58a780/1/Gb8NwMovVXO6o9c2Y9gDSsMDgIw.roa
Signing time:             Sun 01 Jan 2023 22:54:57 +0000
ROA not before:           Sun 01 Jan 2023 22:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207821
IP address blocks:        185.89.38.0/24 maxlen: 24
                          185.89.37.0/24 maxlen: 24
                          185.89.36.0/24 maxlen: 24
                          185.89.39.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:8b:97:32:9b:68:7c:36:a0:64:ae:a0:bd:0a:ef:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cccb42889e5ac899c12f3486bda045a90eeff779
        Validity
            Not Before: Jan  1 22:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19bf0dc0ca2f5573baa3d73663d8034ac303808c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:90:be:6c:ab:a1:f1:d2:ea:2e:1a:4c:db:44:
                    4e:4f:16:75:c3:81:4e:6d:d1:c3:8d:ec:af:2a:fa:
                    88:48:7f:dd:43:e5:51:4a:85:50:2c:0b:42:d6:73:
                    1b:ac:a7:03:fa:8f:ee:77:eb:11:e1:ba:23:78:1c:
                    0a:36:3d:45:17:be:c3:12:67:07:27:f0:92:22:49:
                    05:d3:ae:af:9c:f7:69:aa:8c:4a:1d:9f:d6:22:ac:
                    69:68:dd:6f:d6:28:08:38:ca:ab:84:6b:05:ab:a3:
                    43:b2:e8:fd:6e:24:32:c3:2c:4e:ba:ec:d3:80:56:
                    8d:91:b8:b3:07:c3:c7:96:7d:51:cc:66:7f:d3:fc:
                    a3:1f:85:fe:d3:8e:41:c9:06:fd:7d:58:7e:f5:3f:
                    1a:da:c1:ba:76:43:c3:14:49:5d:69:4a:a6:1f:b5:
                    e2:8e:57:07:d1:16:42:7d:e4:45:66:25:59:7e:80:
                    ee:0d:49:0a:43:02:d6:63:2e:d0:b7:4a:cc:b4:df:
                    05:10:0b:26:0c:c0:a9:7e:4a:20:d6:02:c5:fb:65:
                    1d:d9:7b:bd:dd:04:fd:0c:e5:8c:0e:04:09:c3:ba:
                    03:f6:ba:54:75:98:6c:07:b2:50:d5:f7:a6:f3:cc:
                    ad:57:a6:85:c1:9f:d3:81:ad:20:df:8f:9c:b0:27:
                    21:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BF:0D:C0:CA:2F:55:73:BA:A3:D7:36:63:D8:03:4A:C3:03:80:8C
            X509v3 Authority Key Identifier:
                keyid:CC:CB:42:88:9E:5A:C8:99:C1:2F:34:86:BD:A0:45:A9:0E:EF:F7:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMtCiJ5ayJnBLzSGvaBFqQ7v93k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f8aba4-e1cf-4144-9bfa-a8888e58a780/1/Gb8NwMovVXO6o9c2Y9gDSsMDgIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f8aba4-e1cf-4144-9bfa-a8888e58a780/1/zMtCiJ5ayJnBLzSGvaBFqQ7v93k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:59:95:1f:9b:e1:48:bc:60:53:5d:78:ed:d3:5b:7d:22:a8:
         bd:1f:60:9b:0a:b9:b8:a1:46:81:5b:ab:48:8e:be:f7:60:07:
         b3:5e:ec:32:1b:e9:b8:a4:40:9e:b1:2f:eb:34:db:c3:0e:a8:
         b1:87:b8:14:01:c2:81:53:8e:f0:53:cd:85:32:8f:5c:e4:b5:
         b9:43:61:65:6f:7f:43:6d:b8:0a:1d:55:41:5a:1d:69:57:3d:
         da:bb:c9:a9:ad:27:63:fb:5e:78:14:74:80:e2:67:e9:f8:a1:
         b9:71:52:ce:27:b4:9b:e8:0c:3f:4d:c5:71:a4:41:69:5c:23:
         55:d3:4a:72:2f:be:17:23:8e:8b:38:36:58:e2:08:15:ce:50:
         eb:0b:cd:47:b7:67:1c:f8:d5:df:21:8d:39:98:09:a1:5d:6e:
         f9:42:46:f2:d8:c5:e5:50:ea:83:38:0e:c1:6b:f4:93:0d:d4:
         2c:33:fb:31:eb:45:88:2d:0e:f0:17:27:9f:7f:bb:f5:e5:17:
         d8:a7:07:84:78:5d:59:4e:5d:6f:ea:a1:2e:b2:ca:0c:28:40:
         8d:a9:6d:9f:d5:5a:12:2d:a2:71:e6:27:cb:42:cb:f0:ca:fe:
         c3:8e:97:91:f3:a4:10:a4:39:92:0e:37:02:dd:0f:67:dd:ae:
         30:8b:c3:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvi5cym2h8NqBkrqC9Cu9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjY2I0Mjg4OWU1YWM4OTljMTJmMzQ4NmJkYTA0NWE5MGVl
ZmY3NzkwHhcNMjMwMTAxMjI1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJmMGRjMGNhMmY1NTczYmFhM2Q3MzY2M2Q4MDM0YWMzMDM4MDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5C+bKuh8dLqLhpM20ROTxZ1w4FO
bdHDjeyvKvqISH/dQ+VRSoVQLAtC1nMbrKcD+o/ud+sR4bojeBwKNj1FF77DEmcH
J/CSIkkF066vnPdpqoxKHZ/WIqxpaN1v1igIOMqrhGsFq6NDsuj9biQywyxOuuzT
gFaNkbizB8PHln1RzGZ/0/yjH4X+045ByQb9fVh+9T8a2sG6dkPDFEldaUqmH7Xi
jlcH0RZCfeRFZiVZfoDuDUkKQwLWYy7Qt0rMtN8FEAsmDMCpfkog1gLF+2Ud2Xu9
3QT9DOWMDgQJw7oD9rpUdZhsB7JQ1fem88ytV6aFwZ/Tga0g34+csCchowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBm/DcDKL1VzuqPXNmPYA0rDA4CMMB8GA1UdIwQY
MBaAFMzLQoieWsiZwS80hr2gRakO7/d5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek10Q2lKNWF5Sm5CTHpTR3ZhQkZxUTd2OTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mOGFiYTQtZTFjZi00MTQ0LTliZmEt
YTg4ODhlNThhNzgwLzEvR2I4TndNb3ZWWE82bzljMlk5Z0RTc01EZ0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mOGFiYTQtZTFjZi00MTQ0LTliZmEtYTg4ODhlNThhNzgw
LzEvek10Q2lKNWF5Sm5CTHpTR3ZhQkZxUTd2OTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVkkMA0G
CSqGSIb3DQEBCwUAA4IBAQAJWZUfm+FIvGBTXXjt01t9Iqi9H2CbCrm4oUaBW6tI
jr73YAezXuwyG+m4pECesS/rNNvDDqixh7gUAcKBU47wU82FMo9c5LW5Q2Flb39D
bbgKHVVBWh1pVz3au8mprSdj+154FHSA4mfp+KG5cVLOJ7Sb6Aw/TcVxpEFpXCNV
00pyL74XI46LODZY4ggVzlDrC81Ht2cc+NXfIY05mAmhXW75Qkby2MXlUOqDOA7B
a/STDdQsM/sx60WILQ7wFyeff7v15RfYpweEeF1ZTl1v6qEussoMKECNqW2f1VoS
LaJx5ifLQsvwyv7DjpeR86QQpDmSDjcC3Q9n3a4wi8Po
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:42 2024 by rpki-client on console-ams.rpki-client.org