Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/D5NKJyL1QX0L302n02pFEblZ1eE.roa
File:                     D5NKJyL1QX0L302n02pFEblZ1eE.roa (raw, json)
Hash identifier:          Id0WQ8V2479MBj47hOGN20uk7BxYSeBXzJH7yRDloVU=
Subject key identifier:   0F:93:4A:27:22:F5:41:7D:0B:DF:4D:A7:D3:6A:45:11:B9:59:D5:E1
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       0188468B090E27608E56D1C89457BCFEFEDB
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/D5NKJyL1QX0L302n02pFEblZ1eE.roa
Signing time:             Tue 23 May 2023 02:58:16 +0000
ROA not before:           Tue 23 May 2023 02:58:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        85.237.196.0/24 maxlen: 24
                          85.237.205.0/24 maxlen: 24
                          85.237.203.0/24 maxlen: 24
                          85.237.208.0/20 maxlen: 24
                          85.237.214.0/24 maxlen: 24
                          85.158.58.0/24 maxlen: 24
                          85.158.57.0/24 maxlen: 24
                          85.158.61.0/24 maxlen: 24
                          85.158.63.0/24 maxlen: 24
                          85.158.60.0/24 maxlen: 24
                          185.93.32.0/24 maxlen: 24
                          185.93.34.0/23 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:46:8b:09:0e:27:60:8e:56:d1:c8:94:57:bc:fe:fe:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: May 23 02:58:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0f934a2722f5417d0bdf4da7d36a4511b959d5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cb:c4:c9:05:dc:ba:66:01:cf:4f:78:5e:78:
                    9f:b4:b5:cd:33:31:b0:1a:6d:2a:93:20:54:f0:75:
                    70:b1:54:cf:3d:2b:ea:a0:34:c6:48:77:da:c2:75:
                    1c:64:f8:66:79:4b:af:fc:63:e8:8c:84:b8:79:26:
                    df:f6:c5:50:dd:92:d3:7d:8b:29:93:2d:68:dc:25:
                    8d:31:d6:5a:d7:fe:42:83:71:eb:7e:18:22:98:f4:
                    69:72:64:72:33:01:5e:5f:15:8a:13:c0:f4:6c:24:
                    0e:13:37:29:d8:83:52:ea:ea:67:e2:80:29:6e:57:
                    6b:07:af:7f:fb:5a:91:ad:e3:3e:39:5d:ba:3f:3e:
                    7b:3d:42:8c:08:0f:3a:04:3c:bc:d7:0f:6c:d8:a3:
                    25:ce:b4:bf:0c:04:b5:c3:ef:dd:b9:3f:23:e3:97:
                    06:35:b5:24:6c:0f:4a:be:af:16:5b:91:a0:6b:13:
                    81:10:3e:50:eb:08:6e:63:7a:00:c1:94:79:f9:ab:
                    c6:31:d6:5b:f5:df:4f:eb:f1:0d:11:8f:c0:29:ba:
                    a5:d5:c0:df:f5:85:15:c8:7e:43:b6:e2:a3:51:91:
                    41:bf:97:04:56:1f:b7:f0:3f:cf:d6:79:1e:02:78:
                    e3:b2:b4:ff:f2:be:f0:ea:52:15:3a:72:eb:bc:67:
                    a1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:93:4A:27:22:F5:41:7D:0B:DF:4D:A7:D3:6A:45:11:B9:59:D5:E1
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/D5NKJyL1QX0L302n02pFEblZ1eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0-85.158.58.255
                  85.158.60.0/23
                  85.158.63.0/24
                  85.237.196.0/24
                  85.237.203.0/24
                  85.237.205.0/24
                  85.237.208.0/20
                  185.93.32.0/24
                  185.93.34.0/23
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:0e:b5:42:8c:87:c1:f0:da:5f:4e:fa:09:b5:e4:f1:e7:e6:
         ce:97:c7:fc:71:9c:f4:ca:ea:a1:22:00:0e:ec:8f:07:30:68:
         f5:3a:4c:ba:e2:ec:03:13:4e:94:7c:cd:c8:d6:6d:e2:41:c7:
         db:ed:9f:fc:8d:f7:a0:6f:ee:a7:01:06:2c:43:5e:39:91:f7:
         c4:45:93:09:e6:6d:16:83:12:90:c1:7b:e6:48:aa:1c:aa:e6:
         c5:d8:9f:76:d0:5e:c3:c9:72:db:f8:77:a5:1a:15:f5:fd:bc:
         1c:79:91:5c:82:69:ad:d9:70:dd:20:71:47:13:a0:57:6c:53:
         ae:2d:79:e7:28:0c:80:ae:52:70:83:bd:e9:c4:df:a6:67:0d:
         fb:6b:ef:b8:57:b8:08:fe:93:cc:83:62:89:c0:7c:8a:1e:e1:
         ba:45:c1:ce:a2:73:b1:5d:a1:51:91:74:f3:4c:a1:9f:5d:f6:
         d8:78:8d:e9:91:c6:ee:42:45:d3:a4:52:c6:b0:60:d8:a9:5c:
         9d:c1:3d:35:12:7a:f4:23:40:88:3a:2f:d1:49:10:1a:f0:aa:
         ca:f3:af:3a:20:b7:ae:65:8d:19:97:7c:3c:e6:b8:45:83:f7:
         c7:11:b7:83:69:f7:f8:24:c0:ec:e4:97:c8:60:18:e8:15:cd:
         d7:2a:20:c5
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYhGiwkOJ2COVtHIlFe8/v7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjMwNTIzMDI1ODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjkzNGEyNzIyZjU0MTdkMGJkZjRkYTdkMzZhNDUxMWI5NTlkNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMvEyQXcumYBz094XniftLXNMzGw
Gm0qkyBU8HVwsVTPPSvqoDTGSHfawnUcZPhmeUuv/GPojIS4eSbf9sVQ3ZLTfYsp
ky1o3CWNMdZa1/5Cg3HrfhgimPRpcmRyMwFeXxWKE8D0bCQOEzcp2INS6upn4oAp
bldrB69/+1qRreM+OV26Pz57PUKMCA86BDy81w9s2KMlzrS/DAS1w+/duT8j45cG
NbUkbA9Kvq8WW5GgaxOBED5Q6whuY3oAwZR5+avGMdZb9d9P6/ENEY/AKbql1cDf
9YUVyH5DtuKjUZFBv5cEVh+38D/P1nkeAnjjsrT/8r7w6lIVOnLrvGeh2QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFA+TSici9UF9C99Np9NqRRG5WdXhMB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvRDVOS0p5TDFRWDBMMzAybjAycEZFYmxaMWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBABVnjkD
BABVnjoDBAFVnjwDBABVnj8DBABV7cQDBABV7csDBABV7c0DBARV7dADBAC5XSAD
BAG5XSIDBADCqdkwDQYJKoZIhvcNAQELBQADggEBAEMOtUKMh8Hw2l9O+gm15PHn
5s6Xx/xxnPTK6qEiAA7sjwcwaPU6TLri7AMTTpR8zcjWbeJBx9vtn/yN96Bv7qcB
BixDXjmR98RFkwnmbRaDEpDBe+ZIqhyq5sXYn3bQXsPJctv4d6UaFfX9vBx5kVyC
aa3ZcN0gcUcToFdsU64teecoDICuUnCDvenE36ZnDftr77hXuAj+k8yDYonAfIoe
4bpFwc6ic7FdoVGRdPNMoZ9d9th4jemRxu5CRdOkUsawYNipXJ3BPTUSevQjQIg6
L9FJEBrwqsrzrzogt65ljRmXfDzmuEWD98cRt4Np9/gkwOzkl8hgGOgVzdcqIMU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:46 2024 by rpki-client on console-fra.rpki-client.org