Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/1-8nNscULR1_FBxeSnH9z1bXHxCs.roa
File:                     1-8nNscULR1_FBxeSnH9z1bXHxCs.roa (raw, json)
Hash identifier:          mR5mQc4yHyKv6cp0R8OjpdwrhjYegEYQJInJbYKatkA=
Subject key identifier:   FB:C9:CD:B1:C5:0B:47:5F:C5:07:17:92:9C:7F:73:D5:B5:C7:C4:2B
Certificate issuer:       /CN=4944680c20d1af01f169b18ac9c77d9877133cde
Certificate serial:       01856D93F04290EDB70A57A18F2202FFBE97
Authority key identifier: 49:44:68:0C:20:D1:AF:01:F1:69:B1:8A:C9:C7:7D:98:77:13:3C:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SURoDCDRrwHxabGKycd9mHcTPN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/1-8nNscULR1_FBxeSnH9z1bXHxCs.roa
Signing time:             Sun 01 Jan 2023 13:44:49 +0000
ROA not before:           Sun 01 Jan 2023 13:44:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51474
IP address blocks:        176.108.224.0/22 maxlen: 22
                          176.108.228.0/22 maxlen: 22
                          31.131.160.0/22 maxlen: 22
                          195.54.54.0/24 maxlen: 24
                          195.54.55.0/24 maxlen: 24
                          194.213.6.0/24 maxlen: 24
                          185.76.52.0/23 maxlen: 23
                          185.76.54.0/23 maxlen: 23
                          91.239.164.0/23 maxlen: 23
                          91.233.193.0/24 maxlen: 24
                          91.233.194.0/23 maxlen: 23
                          91.242.48.0/23 maxlen: 23
                          91.242.50.0/23 maxlen: 23
                          91.239.166.0/23 maxlen: 23
                          176.113.96.0/23 maxlen: 23
                          194.107.122.0/24 maxlen: 24
                          178.212.201.0/24 maxlen: 24
                          178.212.206.0/24 maxlen: 24
                          178.212.200.0/24 maxlen: 24
                          178.212.207.0/24 maxlen: 24
                          2a00:aa80::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:93:f0:42:90:ed:b7:0a:57:a1:8f:22:02:ff:be:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4944680c20d1af01f169b18ac9c77d9877133cde
        Validity
            Not Before: Jan  1 13:44:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fbc9cdb1c50b475fc50717929c7f73d5b5c7c42b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c7:79:e2:39:2f:5b:fe:6a:c2:7f:24:35:cc:
                    07:47:68:37:90:f7:f5:57:9a:06:13:ac:5e:4a:ff:
                    63:c3:b4:b1:9f:49:59:40:76:6e:29:55:32:6d:f8:
                    e4:d9:ab:3b:f9:9f:f9:25:28:1c:c4:a1:25:d9:17:
                    b6:95:22:1c:81:0a:99:13:14:d0:45:13:6f:be:8e:
                    50:1a:a9:1d:ac:57:c6:ea:0d:e6:fa:e1:a3:8d:8a:
                    26:31:90:d9:30:f5:8c:75:cf:7c:aa:de:c0:5b:77:
                    71:25:ad:9e:f2:b9:39:f7:d5:fc:76:f0:48:c5:1b:
                    92:9f:80:6b:e2:ce:04:ff:13:5c:59:64:13:d0:3c:
                    e7:9f:8c:5a:1e:23:75:77:68:a0:39:6c:64:f6:9c:
                    e9:09:b0:a9:90:21:9d:ac:08:3f:db:34:98:92:f4:
                    20:b4:17:d0:10:7e:4e:99:61:84:40:d0:ef:0c:73:
                    a3:e7:6a:50:05:71:a1:c7:07:b3:78:41:1e:85:70:
                    b7:2d:c1:51:b0:13:b8:3b:ae:5f:f7:32:8b:94:f2:
                    71:d1:49:7a:55:ac:9a:43:31:19:80:1a:4f:fe:0b:
                    fc:0e:c9:d2:ca:00:e9:3e:d1:7a:41:a8:3f:e6:4c:
                    13:1c:e6:85:66:13:eb:25:db:56:71:e9:70:b6:99:
                    a7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C9:CD:B1:C5:0B:47:5F:C5:07:17:92:9C:7F:73:D5:B5:C7:C4:2B
            X509v3 Authority Key Identifier:
                keyid:49:44:68:0C:20:D1:AF:01:F1:69:B1:8A:C9:C7:7D:98:77:13:3C:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SURoDCDRrwHxabGKycd9mHcTPN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/1-8nNscULR1_FBxeSnH9z1bXHxCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/SURoDCDRrwHxabGKycd9mHcTPN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.160.0/22
                  91.233.193.0-91.233.195.255
                  91.239.164.0/22
                  91.242.48.0/22
                  176.108.224.0/21
                  176.113.96.0/23
                  178.212.200.0/23
                  178.212.206.0/23
                  185.76.52.0/22
                  194.107.122.0/24
                  194.213.6.0/24
                  195.54.54.0/23
                IPv6:
                  2a00:aa80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:ea:4b:db:c3:31:1b:51:1f:4b:aa:6d:0c:2d:02:0c:a1:d0:
         fa:bf:22:f0:b3:91:fa:4c:eb:c4:50:85:be:93:c6:57:72:ab:
         8d:d7:38:96:4b:cf:1a:63:b9:7e:10:cf:61:71:72:3f:33:1b:
         3b:58:3e:4a:71:58:cc:94:96:83:d9:6d:7c:8d:c7:c5:29:6e:
         0e:67:ef:d4:b8:d4:c6:d9:e2:cd:93:bd:a1:a1:98:fd:36:64:
         10:de:c8:21:fb:33:56:b4:d8:8d:d1:c2:9f:77:59:b1:ce:e5:
         8a:0f:5c:f1:ae:88:8a:a3:75:57:4d:5e:8b:23:d0:87:f4:b4:
         b0:17:fc:8e:ff:bc:bc:06:47:f0:03:fc:8d:13:c5:32:18:c8:
         a7:cd:47:e3:38:5a:5d:9e:0d:2b:72:ff:9f:9f:9b:7b:d3:78:
         6a:74:81:19:a2:f3:ce:b9:5d:98:10:5c:f4:8f:3e:91:cb:8e:
         30:82:65:92:12:dc:1e:3e:29:24:7a:aa:8b:5e:90:7f:4b:95:
         df:81:8d:93:1b:d8:83:e7:59:da:b0:7e:2d:33:90:24:7f:42:
         57:5c:52:86:08:d1:aa:ed:99:27:06:3b:65:ef:19:59:28:4d:
         e9:ce:b4:48:9d:a5:f7:cb:f1:7f:d6:08:30:ea:00:4b:88:4e:
         7f:8d:f3:1e
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYVtk/BCkO23ClehjyIC/76XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NDQ2ODBjMjBkMWFmMDFmMTY5YjE4YWM5Yzc3ZDk4Nzcx
MzNjZGUwHhcNMjMwMTAxMTM0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmM5Y2RiMWM1MGI0NzVmYzUwNzE3OTI5YzdmNzNkNWI1YzdjNDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cd54jkvW/5qwn8kNcwHR2g3kPf1
V5oGE6xeSv9jw7Sxn0lZQHZuKVUybfjk2as7+Z/5JSgcxKEl2Re2lSIcgQqZExTQ
RRNvvo5QGqkdrFfG6g3m+uGjjYomMZDZMPWMdc98qt7AW3dxJa2e8rk599X8dvBI
xRuSn4Br4s4E/xNcWWQT0Dznn4xaHiN1d2igOWxk9pzpCbCpkCGdrAg/2zSYkvQg
tBfQEH5OmWGEQNDvDHOj52pQBXGhxwezeEEehXC3LcFRsBO4O65f9zKLlPJx0Ul6
VayaQzEZgBpP/gv8DsnSygDpPtF6Qag/5kwTHOaFZhPrJdtWcelwtpmnHQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFPvJzbHFC0dfxQcXkpx/c9W1x8QrMB8GA1UdIwQY
MBaAFElEaAwg0a8B8WmxisnHfZh3EzzeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1VSb0RDRFJyd0h4YWJHS3ljZDltSGNUUE40LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83ZGVlMDktY2QyZS00MDMwLWFiOTIt
ZWJkY2MwMmZiYWU5LzEvMS04bk5zY1VMUjFfRkJ4ZVNuSDl6MWJYSHhDcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzIvN2RlZTA5LWNkMmUtNDAzMC1hYjkyLWViZGNjMDJmYmFl
OS8xL1NVUm9EQ0RScndIeGFiR0t5Y2Q5bUhjVFBONC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB4BggrBgEFBQcBBwEB/wRpMGcwVgQCAAEwUAMEAh+DoDAM
AwQAW+nBAwQCW+nAAwQCW++kAwQCW/IwAwQDsGzgAwQBsHFgAwQBstTIAwQBstTO
AwQCuUw0AwQAwmt6AwQAwtUGAwQBwzY2MA0EAgACMAcDBQAqAKqAMA0GCSqGSIb3
DQEBCwUAA4IBAQCd6kvbwzEbUR9Lqm0MLQIModD6vyLws5H6TOvEUIW+k8ZXcquN
1ziWS88aY7l+EM9hcXI/Mxs7WD5KcVjMlJaD2W18jcfFKW4OZ+/UuNTG2eLNk72h
oZj9NmQQ3sgh+zNWtNiN0cKfd1mxzuWKD1zxroiKo3VXTV6LI9CH9LSwF/yO/7y8
BkfwA/yNE8UyGMinzUfjOFpdng0rcv+fn5t703hqdIEZovPOuV2YEFz0jz6Ry44w
gmWSEtwePikkeqqLXpB/S5XfgY2TG9iD51nasH4tM5Akf0JXXFKGCNGq7ZknBjtl
7xlZKE3pzrRInaX3y/F/1ggw6gBLiE5/jfMe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:52 2024 by rpki-client on console-fra.rpki-client.org