Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/XCz-Rg_-08qvvqtGFE5mDKxFRLw.roa
File:                     XCz-Rg_-08qvvqtGFE5mDKxFRLw.roa (raw, json)
Hash identifier:          IF2tDblhkRygMaN7tgssdKyP0mw/RFfLH/GYOQ6j0x8=
Subject key identifier:   5C:2C:FE:46:0F:FE:D3:CA:AF:BE:AB:46:14:4E:66:0C:AC:45:44:BC
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0182A598EACC28D430D4871920E3AD0E1447
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/XCz-Rg_-08qvvqtGFE5mDKxFRLw.roa
Signing time:             Tue 16 Aug 2022 07:40:38 +0000
ROA not before:           Tue 16 Aug 2022 07:40:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210443
IP address blocks:        89.117.70.0/23 maxlen: 24
                          89.117.94.0/23 maxlen: 24
                          89.117.102.0/23 maxlen: 24
                          89.117.116.0/23 maxlen: 24
                          89.117.12.0/23 maxlen: 24
                          89.117.32.0/23 maxlen: 24
                          89.117.36.0/23 maxlen: 24
                          89.117.190.0/24 maxlen: 24
                          86.38.178.0/23 maxlen: 24
                          89.117.222.0/24 maxlen: 24
                          86.38.186.0/23 maxlen: 24
                          86.38.184.0/23 maxlen: 24
                          89.117.158.0/23 maxlen: 24
                          86.38.246.0/23 maxlen: 24
                          89.116.108.0/24 maxlen: 24
                          89.116.106.0/23 maxlen: 24
                          89.116.125.0/24 maxlen: 24
                          89.116.130.0/23 maxlen: 24
                          89.116.126.0/23 maxlen: 24
                          89.116.132.0/24 maxlen: 24
                          89.116.135.0/24 maxlen: 24
                          89.116.148.0/23 maxlen: 24
                          89.116.150.0/24 maxlen: 24
                          89.116.58.0/23 maxlen: 24
                          89.117.228.0/23 maxlen: 24
                          86.38.202.0/23 maxlen: 24
                          89.117.245.0/24 maxlen: 24
                          89.117.250.0/24 maxlen: 24
                          89.116.88.0/23 maxlen: 24
                          89.116.92.0/24 maxlen: 24
                          89.116.252.0/24 maxlen: 24
                          89.116.253.0/24 maxlen: 24
                          89.116.255.0/24 maxlen: 24
                          89.117.8.0/23 maxlen: 24
                          89.116.163.0/24 maxlen: 24
                          89.116.161.0/24 maxlen: 24
                          89.116.166.0/24 maxlen: 24
                          89.116.184.0/23 maxlen: 24
                          89.116.186.0/24 maxlen: 24
                          89.116.210.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:a5:98:ea:cc:28:d4:30:d4:87:19:20:e3:ad:0e:14:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Aug 16 07:40:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c2cfe460ffed3caafbeab46144e660cac4544bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:cd:6b:e3:b1:b2:ad:68:b2:f4:01:70:aa:91:
                    99:a7:43:69:aa:60:ed:92:6c:33:a3:3f:2f:5a:87:
                    73:e8:5a:2a:ba:de:6e:3e:80:b0:5f:f6:52:cc:f5:
                    61:49:06:9d:e4:16:5a:dd:6c:25:9a:8d:39:4a:5b:
                    bf:1f:0c:c5:22:e0:77:fc:4e:37:d9:f1:5a:fd:48:
                    03:86:63:ce:17:fe:cd:69:5a:ec:e5:5b:5f:61:67:
                    9c:20:7f:60:31:e9:69:97:28:09:a6:8b:d1:e7:6c:
                    db:50:99:90:a8:51:08:e6:d0:ca:53:b1:56:a9:70:
                    2f:04:26:17:29:1e:91:f5:39:df:6b:de:59:82:f8:
                    12:15:33:b6:69:4b:24:4c:28:98:64:d4:d2:13:9a:
                    21:d4:fd:ed:29:16:65:cd:14:d2:7d:9e:cd:94:2e:
                    b1:92:9c:9c:10:c1:4f:1f:c6:a0:9f:da:0d:de:3b:
                    34:46:a8:f3:63:cd:37:7c:4a:d5:d0:ac:12:24:ea:
                    2e:d7:de:8c:b8:d7:5f:e1:27:df:5d:2d:7d:a5:dd:
                    04:9f:af:85:92:de:a7:2e:23:e5:3c:fa:d4:7a:f7:
                    06:86:cf:e0:4b:33:fb:95:12:72:79:03:1d:f8:f1:
                    e3:8a:89:01:ae:e8:7f:4f:be:92:86:4a:81:35:f2:
                    7e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2C:FE:46:0F:FE:D3:CA:AF:BE:AB:46:14:4E:66:0C:AC:45:44:BC
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/XCz-Rg_-08qvvqtGFE5mDKxFRLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.178.0/23
                  86.38.184.0/22
                  86.38.202.0/23
                  86.38.246.0/23
                  89.116.58.0/23
                  89.116.88.0/23
                  89.116.92.0/24
                  89.116.106.0-89.116.108.255
                  89.116.125.0-89.116.127.255
                  89.116.130.0-89.116.132.255
                  89.116.135.0/24
                  89.116.148.0-89.116.150.255
                  89.116.161.0/24
                  89.116.163.0/24
                  89.116.166.0/24
                  89.116.184.0-89.116.186.255
                  89.116.210.0/23
                  89.116.252.0/23
                  89.116.255.0/24
                  89.117.8.0/23
                  89.117.12.0/23
                  89.117.32.0/23
                  89.117.36.0/23
                  89.117.70.0/23
                  89.117.94.0/23
                  89.117.102.0/23
                  89.117.116.0/23
                  89.117.158.0/23
                  89.117.190.0/24
                  89.117.222.0/24
                  89.117.228.0/23
                  89.117.245.0/24
                  89.117.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:e9:1f:3c:ff:b1:84:7d:24:f2:f7:15:df:d9:04:7c:91:5f:
         d2:60:29:ae:02:cc:d7:31:1b:1c:e9:2c:d0:48:cd:a4:2b:71:
         32:9b:88:21:10:fb:d3:30:5b:86:88:61:b8:e4:d7:09:f2:ae:
         82:a5:45:00:2d:cc:e0:62:bf:f2:12:6f:3e:55:60:43:21:aa:
         e8:35:d1:60:40:ed:70:92:38:10:32:7c:e3:2a:ea:dd:9d:4c:
         2c:1b:1f:3e:fb:6f:78:c0:f9:2b:86:ae:d7:9e:ad:ef:30:d1:
         a2:72:1b:7d:8e:b2:e3:21:21:a2:6e:60:2c:7b:f7:58:99:c4:
         d3:b2:59:61:8e:1a:ab:9f:dd:50:05:bc:54:08:78:2a:d9:55:
         8a:76:d1:77:ce:35:3e:ca:00:8e:a1:e4:d8:07:e0:1c:e0:a6:
         74:13:5f:51:cb:44:e2:e9:99:f3:5f:a9:cb:75:71:52:05:6f:
         45:97:49:e3:c7:6f:2b:fa:8c:45:1c:06:be:ea:2e:6b:81:7c:
         f9:bf:cc:38:fb:32:85:f2:43:91:8a:61:76:02:14:9e:59:64:
         90:ed:01:d6:78:ea:b0:c9:22:af:b6:0f:b8:ba:78:9b:29:b1:
         c0:71:a2:49:33:f7:32:22:ba:34:3b:46:97:49:fc:8e:8f:92:
         b7:7a:88:c8
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAYKlmOrMKNQw1IcZIOOtDhRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Njk4NTg1ZTVlYmQxMWM5NjljN2VkNGEzMjBlZGFmYzlk
MTc4MjIwHhcNMjIwODE2MDc0MDM4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJjZmU0NjBmZmVkM2NhYWZiZWFiNDYxNDRlNjYwY2FjNDU0NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj81r47GyrWiy9AFwqpGZp0NpqmDt
kmwzoz8vWodz6Foqut5uPoCwX/ZSzPVhSQad5BZa3Wwlmo05Slu/HwzFIuB3/E43
2fFa/UgDhmPOF/7NaVrs5VtfYWecIH9gMelplygJpovR52zbUJmQqFEI5tDKU7FW
qXAvBCYXKR6R9Tnfa95ZgvgSFTO2aUskTCiYZNTSE5oh1P3tKRZlzRTSfZ7NlC6x
kpycEMFPH8agn9oN3js0RqjzY803fErV0KwSJOou196MuNdf4SffXS19pd0En6+F
kt6nLiPlPPrUevcGhs/gSzP7lRJyeQMd+PHjiokBruh/T76ShkqBNfJ+OQIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFFws/kYP/tPKr76rRhROZgysRUS8MB8GA1UdIwQY
MBaAFMRphYXl69Eclpx+1KMg7a/J0XgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgt
OWQ2MDAxZjc4YTcwLzEvWEN6LVJnXy0wOHF2dnF0R0ZFNW1ES3hGUkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgtOWQ2MDAxZjc4YTcw
LzEveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCwYIKwYBBQUHAQcBAf8EgfswgfgwgfUEAgABMIHuAwQB
ViayAwQCVia4AwQBVibKAwQBVib2AwQBWXQ6AwQBWXRYAwQAWXRcMAwDBAFZdGoD
BABZdGwwDAMEAFl0fQMEB1l0ADAMAwQBWXSCAwQAWXSEAwQAWXSHMAwDBAJZdJQD
BABZdJYDBABZdKEDBABZdKMDBABZdKYwDAMEA1l0uAMEAFl0ugMEAVl00gMEAVl0
/AMEAFl0/wMEAVl1CAMEAVl1DAMEAVl1IAMEAVl1JAMEAVl1RgMEAVl1XgMEAVl1
ZgMEAVl1dAMEAVl1ngMEAFl1vgMEAFl13gMEAVl15AMEAFl19QMEAFl1+jANBgkq
hkiG9w0BAQsFAAOCAQEAZ+kfPP+xhH0k8vcV39kEfJFf0mAprgLM1zEbHOks0EjN
pCtxMpuIIRD70zBbhohhuOTXCfKugqVFAC3M4GK/8hJvPlVgQyGq6DXRYEDtcJI4
EDJ84yrq3Z1MLBsfPvtveMD5K4au156t7zDRonIbfY6y4yEhom5gLHv3WJnE07JZ
YY4aq5/dUAW8VAh4KtlVinbRd841PsoAjqHk2AfgHOCmdBNfUctE4umZ81+py3Vx
UgVvRZdJ48dvK/qMRRwGvuoua4F8+b/MOPsyhfJDkYphdgIUnllkkO0B1njqsMki
r7YPuLp4mymxwHGiSTP3MiK6NDtGl0n8jo+St3qIyA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:06 2024 by rpki-client on console-ams.rpki-client.org