Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/_4i58vNbmrQBE_TKAuvhTdi_8wc.roa
File:                     _4i58vNbmrQBE_TKAuvhTdi_8wc.roa (raw, json)
Hash identifier:          yN6glo+JRUFVUm4sY0aMEwh54jy7ejr8ts3y4dG2OzI=
Subject key identifier:   FF:88:B9:F2:F3:5B:9A:B4:01:13:F4:CA:02:EB:E1:4D:D8:BF:F3:07
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       018571DE9AF100EC06CF7A90B645380FE754
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/_4i58vNbmrQBE_TKAuvhTdi_8wc.roa
Signing time:             Mon 02 Jan 2023 09:44:51 +0000
ROA not before:           Mon 02 Jan 2023 09:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207429
IP address blocks:        85.237.209.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:de:9a:f1:00:ec:06:cf:7a:90:b6:45:38:0f:e7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: Jan  2 09:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff88b9f2f35b9ab40113f4ca02ebe14dd8bff307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:26:2f:5e:ac:85:1c:4e:6f:e6:ca:3e:9d:f2:
                    d6:89:05:6e:e4:11:85:3a:09:44:59:61:b2:e6:f2:
                    9e:c4:34:0f:02:41:9a:ec:33:c0:b2:f5:27:1e:d5:
                    06:63:e5:85:17:e3:1a:e1:40:81:32:8e:5e:bb:79:
                    9b:e5:b4:22:10:fe:48:7f:81:d2:c2:25:0d:e9:85:
                    10:de:96:98:bd:41:d1:84:4f:21:7e:f9:cd:e3:d0:
                    bc:bf:bd:30:c1:47:26:b2:7e:34:c0:6a:8d:85:9a:
                    24:52:e6:97:b6:ff:23:22:9d:22:58:6e:a2:3d:a6:
                    9a:96:99:1c:fd:d9:9b:49:e7:f3:9e:7c:c2:6b:e5:
                    53:83:d9:a6:69:3e:7d:28:a8:0c:9d:88:f0:0f:8e:
                    f0:5d:9d:59:57:85:c5:e0:c4:35:05:7c:09:2d:2d:
                    b4:0e:aa:4f:11:b6:b4:6b:f0:4d:16:52:fc:b3:06:
                    13:a3:69:5b:fd:90:fb:f3:0a:60:d4:ec:6d:af:52:
                    c9:d4:26:b5:87:00:a7:12:7a:69:d2:2c:98:b1:69:
                    ef:17:c6:ac:0e:78:71:e3:26:4c:7d:b9:c2:88:71:
                    ce:c6:d2:92:80:30:f3:14:70:90:2f:04:28:58:2a:
                    31:6d:58:82:46:60:8c:24:6f:6b:9c:8c:91:5e:ca:
                    79:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:88:B9:F2:F3:5B:9A:B4:01:13:F4:CA:02:EB:E1:4D:D8:BF:F3:07
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/_4i58vNbmrQBE_TKAuvhTdi_8wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:aa:e0:82:e0:2a:aa:34:6a:76:2d:fc:8a:9d:9f:f5:2c:2f:
         ce:ba:59:08:ab:9d:45:1d:bf:3e:29:16:93:c9:52:db:a5:d7:
         5f:3d:98:56:62:a4:d9:78:c9:5c:44:d3:02:6c:cd:ea:25:d1:
         45:28:99:09:a9:c5:6c:72:38:04:7c:8e:c5:c8:80:c5:12:b6:
         0a:81:e9:d8:4b:38:a2:17:77:d7:9b:1b:be:a3:51:6f:ca:05:
         94:3c:b6:d0:4b:ed:45:ae:04:95:60:66:e9:92:5d:86:43:fd:
         01:f2:49:91:78:02:ce:d7:d1:43:88:9e:e4:e7:31:ac:46:58:
         5b:e9:73:40:f0:b4:0a:ca:27:51:fd:09:fc:36:fa:1b:62:ec:
         9d:38:86:42:a4:4c:a1:24:84:78:35:40:b4:96:36:25:11:88:
         e3:1a:ae:3c:d8:96:ef:3b:4a:cc:5c:ef:3e:27:f1:9f:18:8d:
         34:f8:3c:ca:8b:27:6d:3e:69:92:81:44:e2:5e:dd:e0:95:f8:
         d8:16:6c:1a:b6:a7:11:fb:bb:cf:bc:66:d6:fa:16:b3:84:49:
         f9:48:0d:0b:13:63:49:9f:a7:df:2a:43:88:32:15:8e:65:1d:
         84:53:89:24:06:4c:6c:3b:6b:9c:46:83:e5:12:9a:50:b2:33:
         c1:30:2f:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVx3prxAOwGz3qQtkU4D+dUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjMwMTAyMDk0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjg4YjlmMmYzNWI5YWI0MDExM2Y0Y2EwMmViZTE0ZGQ4YmZmMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCYvXqyFHE5v5so+nfLWiQVu5BGF
OglEWWGy5vKexDQPAkGa7DPAsvUnHtUGY+WFF+Ma4UCBMo5eu3mb5bQiEP5If4HS
wiUN6YUQ3paYvUHRhE8hfvnN49C8v70wwUcmsn40wGqNhZokUuaXtv8jIp0iWG6i
Paaalpkc/dmbSefznnzCa+VTg9mmaT59KKgMnYjwD47wXZ1ZV4XF4MQ1BXwJLS20
DqpPEba0a/BNFlL8swYTo2lb/ZD78wpg1Oxtr1LJ1Ca1hwCnEnpp0iyYsWnvF8as
Dnhx4yZMfbnCiHHOxtKSgDDzFHCQLwQoWCoxbViCRmCMJG9rnIyRXsp5mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+IufLzW5q0ARP0ygLr4U3Yv/MHMB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvXzRpNTh2TmJtclFCRV9US0F1dmhUZGlfOHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe3RMA0G
CSqGSIb3DQEBCwUAA4IBAQBVquCC4CqqNGp2LfyKnZ/1LC/OulkIq51FHb8+KRaT
yVLbpddfPZhWYqTZeMlcRNMCbM3qJdFFKJkJqcVscjgEfI7FyIDFErYKgenYSzii
F3fXmxu+o1FvygWUPLbQS+1FrgSVYGbpkl2GQ/0B8kmReALO19FDiJ7k5zGsRlhb
6XNA8LQKyidR/Qn8NvobYuydOIZCpEyhJIR4NUC0ljYlEYjjGq482JbvO0rMXO8+
J/GfGI00+DzKiydtPmmSgUTiXt3glfjYFmwatqcR+7vPvGbW+hazhEn5SA0LE2NJ
n6ffKkOIMhWOZR2EU4kkBkxsO2ucRoPlEppQsjPBMC98
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:46 2024 by rpki-client on console-fra.rpki-client.org