Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/8NpX1rEmZEA94zTA20Dx4-gKVjo.roa
File:                     8NpX1rEmZEA94zTA20Dx4-gKVjo.roa (raw, json)
Hash identifier:          0HK2tOTrn/+FZuAuHX6KXz9TdalZcgVnzFmfjZW/FW8=
Subject key identifier:   F0:DA:57:D6:B1:26:64:40:3D:E3:34:C0:DB:40:F1:E3:E8:0A:56:3A
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       04C603EB
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/8NpX1rEmZEA94zTA20Dx4-gKVjo.roa
Signing time:             Mon 07 Feb 2022 04:05:20 +0000
ROA not before:           Mon 07 Feb 2022 04:05:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        85.237.198.0/24 maxlen: 24
                          185.93.35.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 80085995 (0x4c603eb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: Feb  7 04:05:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f0da57d6b12664403de334c0db40f1e3e80a563a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:ba:20:fd:2b:4a:ea:45:a5:eb:a6:26:45:11:
                    b2:9e:c5:4d:26:ff:56:2c:64:7f:c5:04:59:38:7a:
                    83:c9:a5:94:ee:ac:f9:2d:72:f9:cf:02:6f:f0:79:
                    93:d1:50:1e:02:67:32:22:48:b3:92:a0:61:33:b5:
                    b5:be:5f:e2:05:a5:f0:88:32:4c:60:d4:12:bf:9f:
                    f2:71:a0:43:9c:cb:8e:83:fb:10:43:6f:72:3e:c3:
                    72:26:1b:02:e7:20:f7:7a:ee:d5:ef:bc:b0:f9:26:
                    4e:cb:e8:6f:57:dd:e8:79:62:9b:c0:7e:42:dd:b6:
                    de:93:73:62:ed:eb:01:9d:f9:cd:74:7c:b3:e2:7a:
                    9d:87:b4:60:a0:0c:e3:6d:d1:a7:f8:6e:96:b5:2c:
                    97:85:a6:a4:a8:2e:05:7e:e9:02:44:49:82:5d:fd:
                    92:8a:35:0c:99:f6:33:5a:69:73:01:9f:5c:1c:5b:
                    70:b5:a5:e8:cf:d6:6a:fa:c5:43:07:80:3c:bd:8a:
                    44:fe:5b:4a:5f:5e:1e:a0:5c:02:d9:69:61:ac:db:
                    91:ef:0f:37:01:e0:ad:d8:43:33:2f:4d:08:45:85:
                    0c:32:80:bb:fd:2f:8b:a9:8e:81:bc:be:f3:13:83:
                    c1:13:e0:e3:b0:33:fc:8a:d2:f2:d2:1f:ae:ff:2d:
                    44:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:DA:57:D6:B1:26:64:40:3D:E3:34:C0:DB:40:F1:E3:E8:0A:56:3A
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/8NpX1rEmZEA94zTA20Dx4-gKVjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.198.0/24
                  185.93.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:e1:3e:db:00:ea:9b:02:48:6c:b7:3b:0e:58:a2:28:9c:0a:
         36:44:31:d4:41:a9:b9:cd:6c:c5:8f:f4:5d:83:bf:5d:c4:4f:
         3a:54:a5:58:a2:3d:ec:24:4e:6c:38:98:10:6f:d3:e4:51:59:
         a9:d2:38:41:70:8c:09:03:10:63:40:2d:1b:be:74:15:50:e9:
         24:9a:63:e6:34:bf:0e:be:f4:57:dd:6e:01:a2:7d:95:9a:ba:
         15:17:cd:8c:bd:b0:2f:b6:22:2c:b1:0f:31:b9:1f:43:93:d4:
         ff:d0:c8:05:dd:65:83:21:c9:a6:87:46:ea:4f:01:fe:ba:a2:
         1e:7f:99:0a:c3:28:67:32:ee:83:6c:e1:de:e5:58:7b:0a:32:
         6e:91:23:c8:6b:f3:38:51:2b:eb:fd:81:79:71:a2:44:e6:f9:
         93:8b:18:f7:f9:df:ea:2d:0d:22:18:e2:4b:96:74:e1:92:0e:
         2b:ff:1a:f8:00:e8:55:ba:ae:ab:2f:76:be:3e:49:a8:25:0e:
         b3:5f:9f:36:09:c1:0a:b3:e9:f1:a0:5c:47:f2:a0:dd:ed:34:
         ba:47:59:16:84:0c:58:b0:6a:87:31:3d:8d:5a:c1:3d:3b:66:
         40:e9:0b:ca:06:5a:24:58:46:b6:bc:e6:15:53:5d:bf:5e:fa:
         d3:cb:fe:d5
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBMYD6zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OTBiNjczNjhjOTFiODVlODQ4ODhjNWVkMmU4MjRkMTM5MDgxMGJiMB4XDTIyMDIw
NzA0MDUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjBkYTU3ZDZiMTI2
NjQ0MDNkZTMzNGMwZGI0MGYxZTNlODBhNTYzYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOm6IP0rSupFpeumJkURsp7FTSb/Vixkf8UEWTh6g8mllO6s
+S1y+c8Cb/B5k9FQHgJnMiJIs5KgYTO1tb5f4gWl8IgyTGDUEr+f8nGgQ5zLjoP7
EENvcj7DciYbAucg93ru1e+8sPkmTsvob1fd6Hlim8B+Qt223pNzYu3rAZ35zXR8
s+J6nYe0YKAM423Rp/hulrUsl4WmpKguBX7pAkRJgl39koo1DJn2M1ppcwGfXBxb
cLWl6M/WavrFQweAPL2KRP5bSl9eHqBcAtlpYazbke8PNwHgrdhDMy9NCEWFDDKA
u/0vi6mOgby+8xODwRPg47Az/IrS8tIfrv8tRFkCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTw2lfWsSZkQD3jNMDbQPHj6ApWOjAfBgNVHSMEGDAWgBQ5C2c2jJG4XoSI
jF7S6CTROQgQuzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09RdG5Ob3lSdUY2RWlJeGUwdWdrMFRrSUVMcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTIvMTZjY2U0LWU5ODEtNGJlNS1iOWY2LTVjOWQ2MjYyOWM4Ni8x
LzhOcFgxckVtWkVBOTR6VEEyMER4NC1nS1Zqby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIv
MTZjY2U0LWU5ODEtNGJlNS1iOWY2LTVjOWQ2MjYyOWM4Ni8xL09RdG5Ob3lSdUY2
RWlJeGUwdWdrMFRrSUVMcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFXtxgMEALldIzANBgkqhkiG9w0B
AQsFAAOCAQEADuE+2wDqmwJIbLc7DliiKJwKNkQx1EGpuc1sxY/0XYO/XcRPOlSl
WKI97CRObDiYEG/T5FFZqdI4QXCMCQMQY0AtG750FVDpJJpj5jS/Dr70V91uAaJ9
lZq6FRfNjL2wL7YiLLEPMbkfQ5PU/9DIBd1lgyHJpodG6k8B/rqiHn+ZCsMoZzLu
g2zh3uVYewoybpEjyGvzOFEr6/2BeXGiROb5k4sY9/nf6i0NIhjiS5Z04ZIOK/8a
+ADoVbquqy92vj5JqCUOs1+fNgnBCrPp8aBcR/Kg3e00ukdZFoQMWLBqhzE9jVrB
PTtmQOkLygZaJFhGtrzmFVNdv17608v+1Q==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:07 2023 by rpki-client on console-ams.rpki-client.org