Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/aVZIZMn935VapTMPQBCznqxkHoI.roa
File:                     aVZIZMn935VapTMPQBCznqxkHoI.roa (raw, json)
Hash identifier:          N4UGyobomPRtahBClGEAo8Drm36/wvwq4+odgK3grVs=
Subject key identifier:   69:56:48:64:C9:FD:DF:95:5A:A5:33:0F:40:10:B3:9E:AC:64:1E:82
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       09EBC400
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/aVZIZMn935VapTMPQBCznqxkHoI.roa
Signing time:             Mon 14 Mar 2022 09:40:35 +0000
ROA not before:           Mon 14 Mar 2022 09:40:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210443
IP address blocks:        89.117.68.0/24 maxlen: 24
                          89.117.70.0/23 maxlen: 24
                          89.117.72.0/21 maxlen: 24
                          89.117.80.0/22 maxlen: 24
                          89.117.84.0/23 maxlen: 24
                          89.117.88.0/22 maxlen: 24
                          89.117.94.0/23 maxlen: 24
                          89.117.96.0/22 maxlen: 24
                          89.117.102.0/23 maxlen: 24
                          89.117.109.0/24 maxlen: 24
                          89.117.112.0/22 maxlen: 24
                          89.117.116.0/23 maxlen: 24
                          89.117.12.0/23 maxlen: 24
                          89.117.24.0/23 maxlen: 24
                          89.117.28.0/22 maxlen: 24
                          89.117.32.0/23 maxlen: 24
                          89.117.36.0/23 maxlen: 24
                          89.117.64.0/22 maxlen: 24
                          89.117.188.0/24 maxlen: 24
                          89.117.190.0/24 maxlen: 24
                          89.117.218.0/24 maxlen: 24
                          89.117.215.0/24 maxlen: 24
                          89.117.216.0/23 maxlen: 24
                          89.117.222.0/24 maxlen: 24
                          89.117.226.0/23 maxlen: 24
                          89.117.129.0/24 maxlen: 24
                          89.117.132.0/22 maxlen: 24
                          89.117.139.0/24 maxlen: 24
                          89.117.142.0/23 maxlen: 24
                          89.117.158.0/23 maxlen: 24
                          89.117.160.0/22 maxlen: 24
                          84.46.234.0/23 maxlen: 24
                          89.117.168.0/23 maxlen: 24
                          89.117.167.0/24 maxlen: 24
                          86.38.246.0/23 maxlen: 24
                          89.116.108.0/24 maxlen: 24
                          89.116.106.0/23 maxlen: 24
                          89.116.125.0/24 maxlen: 24
                          89.116.130.0/23 maxlen: 24
                          89.116.126.0/23 maxlen: 24
                          89.116.132.0/24 maxlen: 24
                          89.116.128.0/24 maxlen: 24
                          89.116.137.0/24 maxlen: 24
                          89.116.135.0/24 maxlen: 24
                          89.116.141.0/24 maxlen: 24
                          89.116.148.0/23 maxlen: 24
                          89.116.146.0/23 maxlen: 24
                          89.116.150.0/24 maxlen: 24
                          89.116.153.0/24 maxlen: 24
                          89.116.158.0/24 maxlen: 24
                          89.116.154.0/24 maxlen: 24
                          89.116.52.0/23 maxlen: 24
                          89.116.58.0/23 maxlen: 24
                          86.38.202.0/23 maxlen: 24
                          89.116.70.0/24 maxlen: 24
                          89.116.68.0/23 maxlen: 24
                          89.116.76.0/24 maxlen: 24
                          86.38.220.0/23 maxlen: 24
                          89.116.88.0/23 maxlen: 24
                          89.116.91.0/24 maxlen: 24
                          89.116.92.0/24 maxlen: 24
                          89.116.218.0/24 maxlen: 24
                          89.116.239.0/24 maxlen: 24
                          89.116.242.0/23 maxlen: 24
                          89.116.250.0/24 maxlen: 24
                          89.116.252.0/24 maxlen: 24
                          89.116.253.0/24 maxlen: 24
                          89.116.255.0/24 maxlen: 24
                          89.117.6.0/23 maxlen: 24
                          89.117.8.0/23 maxlen: 24
                          89.116.163.0/24 maxlen: 24
                          89.116.161.0/24 maxlen: 24
                          89.116.164.0/23 maxlen: 24
                          89.116.166.0/24 maxlen: 24
                          89.116.179.0/24 maxlen: 24
                          89.116.177.0/24 maxlen: 24
                          89.116.175.0/24 maxlen: 24
                          89.116.184.0/23 maxlen: 24
                          89.116.186.0/24 maxlen: 24
                          89.116.189.0/24 maxlen: 24
                          89.116.190.0/24 maxlen: 24
                          89.116.193.0/24 maxlen: 24
                          89.116.202.0/24 maxlen: 24
                          89.116.210.0/23 maxlen: 24
                          86.38.4.0/23 maxlen: 24
                          86.38.178.0/23 maxlen: 24
                          86.38.186.0/23 maxlen: 24
                          86.38.184.0/23 maxlen: 24
                          86.38.182.0/23 maxlen: 24
                          89.117.228.0/23 maxlen: 24
                          89.117.245.0/24 maxlen: 24
                          89.117.250.0/24 maxlen: 24
                          89.117.254.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166446080 (0x9ebc400)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Mar 14 09:40:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=69564864c9fddf955aa5330f4010b39eac641e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4e:21:d7:d9:7b:ad:ef:a1:33:b8:76:a1:31:
                    40:a7:78:2a:6a:6f:2d:7c:24:21:73:b6:ff:81:24:
                    14:f6:e1:6b:95:4a:2f:69:99:aa:23:5f:fe:e6:5d:
                    6b:6f:83:cc:8a:2a:6e:84:9f:d5:21:cc:32:8c:72:
                    8e:7c:39:e2:df:1e:8c:b8:60:55:f2:47:2a:6c:1a:
                    bf:56:3b:77:bf:a4:3b:09:8a:0c:4d:92:21:71:14:
                    cc:60:8c:43:20:75:15:23:3b:df:09:ea:af:de:95:
                    bc:13:6d:c2:4d:64:96:cc:0c:42:7e:64:0b:95:89:
                    3e:5d:b0:53:79:aa:6a:30:42:a3:da:67:56:59:2f:
                    e6:62:d5:98:aa:c5:94:2a:9a:03:53:a4:e2:a6:c1:
                    6d:63:f9:bd:54:e0:f6:d7:03:cc:05:68:e8:ae:91:
                    33:b1:36:46:52:6b:d0:b9:3e:30:85:99:35:5d:17:
                    e6:88:9b:9e:dd:cc:58:33:fe:21:be:64:45:74:cc:
                    af:e9:f6:8c:5d:24:3a:fe:82:cb:ce:e6:84:d9:d9:
                    a5:14:15:e3:bd:30:a4:34:c9:27:f4:e7:81:32:09:
                    a9:f5:ed:e5:aa:63:93:f6:af:a0:87:3a:73:28:f6:
                    d8:73:80:21:1c:a5:23:6c:16:a8:93:50:9b:9c:97:
                    e6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:56:48:64:C9:FD:DF:95:5A:A5:33:0F:40:10:B3:9E:AC:64:1E:82
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/aVZIZMn935VapTMPQBCznqxkHoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.46.234.0/23
                  86.38.4.0/23
                  86.38.178.0/23
                  86.38.182.0-86.38.187.255
                  86.38.202.0/23
                  86.38.220.0/23
                  86.38.246.0/23
                  89.116.52.0/23
                  89.116.58.0/23
                  89.116.68.0-89.116.70.255
                  89.116.76.0/24
                  89.116.88.0/23
                  89.116.91.0-89.116.92.255
                  89.116.106.0-89.116.108.255
                  89.116.125.0-89.116.128.255
                  89.116.130.0-89.116.132.255
                  89.116.135.0/24
                  89.116.137.0/24
                  89.116.141.0/24
                  89.116.146.0-89.116.150.255
                  89.116.153.0-89.116.154.255
                  89.116.158.0/24
                  89.116.161.0/24
                  89.116.163.0-89.116.166.255
                  89.116.175.0/24
                  89.116.177.0/24
                  89.116.179.0/24
                  89.116.184.0-89.116.186.255
                  89.116.189.0-89.116.190.255
                  89.116.193.0/24
                  89.116.202.0/24
                  89.116.210.0/23
                  89.116.218.0/24
                  89.116.239.0/24
                  89.116.242.0/23
                  89.116.250.0/24
                  89.116.252.0/23
                  89.116.255.0/24
                  89.117.6.0-89.117.9.255
                  89.117.12.0/23
                  89.117.24.0/23
                  89.117.28.0-89.117.33.255
                  89.117.36.0/23
                  89.117.64.0-89.117.68.255
                  89.117.70.0-89.117.85.255
                  89.117.88.0/22
                  89.117.94.0-89.117.99.255
                  89.117.102.0/23
                  89.117.109.0/24
                  89.117.112.0-89.117.117.255
                  89.117.129.0/24
                  89.117.132.0/22
                  89.117.139.0/24
                  89.117.142.0/23
                  89.117.158.0-89.117.163.255
                  89.117.167.0-89.117.169.255
                  89.117.188.0/24
                  89.117.190.0/24
                  89.117.215.0-89.117.218.255
                  89.117.222.0/24
                  89.117.226.0-89.117.229.255
                  89.117.245.0/24
                  89.117.250.0/24
                  89.117.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:e1:39:49:21:67:d3:ee:73:8d:5e:0d:7c:bf:88:be:01:34:
         ed:3d:e8:9c:6c:c5:6f:5c:14:26:b7:43:aa:03:c5:b0:8a:b1:
         44:da:4a:f6:63:71:82:eb:8a:83:46:37:67:9b:25:59:52:17:
         dd:5c:e5:f7:a3:56:eb:44:da:b6:75:df:e7:29:87:96:f4:5e:
         f3:1c:5c:df:0b:38:28:a2:00:44:08:c0:f4:01:6a:4f:ea:13:
         31:31:23:a8:62:95:45:bf:f4:e2:a9:91:0e:71:86:a5:50:08:
         92:53:ea:e4:d1:e1:09:48:cb:cf:98:68:79:6c:b3:83:77:7c:
         cb:e9:ec:58:4a:96:e0:42:16:ae:81:96:b5:1f:09:40:8a:e9:
         6f:47:8e:72:a4:89:d1:dc:9f:56:48:f9:c3:5b:f5:15:0e:f9:
         88:3f:cb:3b:3d:2f:88:f1:96:33:e7:5f:d6:3f:6b:3f:e8:20:
         db:76:60:c3:e0:9e:4a:52:dd:69:f6:9b:97:8e:1c:88:10:dc:
         45:f8:76:f1:5d:69:4f:26:2f:e6:3a:91:6c:1f:47:df:84:e5:
         85:6a:48:75:da:8e:e8:11:0a:32:e6:99:39:ad:71:fd:84:13:
         d1:88:99:3a:42:b3:fe:01:7f:3e:24:89:26:2a:44:1a:b5:2a:
         e7:f1:53:8e
-----BEGIN CERTIFICATE-----
MIIHGzCCBgOgAwIBAgIECevEADANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NDY5ODU4NWU1ZWJkMTFjOTY5YzdlZDRhMzIwZWRhZmM5ZDE3ODIyMB4XDTIyMDMx
NDA5NDAzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjk1NjQ4NjRjOWZk
ZGY5NTVhYTUzMzBmNDAxMGIzOWVhYzY0MWU4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALFOIdfZe63voTO4dqExQKd4KmpvLXwkIXO2/4EkFPbha5VK
L2mZqiNf/uZda2+DzIoqboSf1SHMMoxyjnw54t8ejLhgVfJHKmwav1Y7d7+kOwmK
DE2SIXEUzGCMQyB1FSM73wnqr96VvBNtwk1klswMQn5kC5WJPl2wU3mqajBCo9pn
Vlkv5mLVmKrFlCqaA1Ok4qbBbWP5vVTg9tcDzAVo6K6RM7E2RlJr0Lk+MIWZNV0X
5oibnt3MWDP+Ib5kRXTMr+n2jF0kOv6Cy87mhNnZpRQV470wpDTJJ/TngTIJqfXt
5apjk/avoIc6cyj22HOAIRylI2wWqJNQm5yX5pcCAwEAAaOCBDUwggQxMB0GA1Ud
DgQWBBRpVkhkyf3flVqlMw9AELOerGQegjAfBgNVHSMEGDAWgBTEaYWF5evRHJac
ftSjIO2vydF4IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hHbUZoZVhyMFJ5V25IN1VveUR0cjhuUmVDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8x
L2FWWklaTW45MzVWYXBUTVBRQkN6bnF4a0hvSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8xL3hHbUZoZVhyMFJ5
V25IN1VveUR0cjhuUmVDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AkkGCCsGAQUFBwEHAQH/BIICODCCAjQwggIwBAIAATCCAigDBAFULuoDBAFWJgQD
BAFWJrIwDAMEAVYmtgMEAlYmuAMEAVYmygMEAVYm3AMEAVYm9gMEAVl0NAMEAVl0
OjAMAwQCWXREAwQAWXRGAwQAWXRMAwQBWXRYMAwDBABZdFsDBABZdFwwDAMEAVl0
agMEAFl0bDAMAwQAWXR9AwQAWXSAMAwDBAFZdIIDBABZdIQDBABZdIcDBABZdIkD
BABZdI0wDAMEAVl0kgMEAFl0ljAMAwQAWXSZAwQAWXSaAwQAWXSeAwQAWXShMAwD
BABZdKMDBABZdKYDBABZdK8DBABZdLEDBABZdLMwDAMEA1l0uAMEAFl0ujAMAwQA
WXS9AwQAWXS+AwQAWXTBAwQAWXTKAwQBWXTSAwQAWXTaAwQAWXTvAwQBWXTyAwQA
WXT6AwQBWXT8AwQAWXT/MAwDBAFZdQYDBAFZdQgDBAFZdQwDBAFZdRgwDAMEAll1
HAMEAVl1IAMEAVl1JDAMAwQGWXVAAwQAWXVEMAwDBAFZdUYDBAFZdVQDBAJZdVgw
DAMEAVl1XgMEAll1YAMEAVl1ZgMEAFl1bTAMAwQEWXVwAwQBWXV0AwQAWXWBAwQC
WXWEAwQAWXWLAwQBWXWOMAwDBAFZdZ4DBAJZdaAwDAMEAFl1pwMEAVl1qAMEAFl1
vAMEAFl1vjAMAwQAWXXXAwQAWXXaAwQAWXXeMAwDBAFZdeIDBAFZdeQDBABZdfUD
BABZdfoDBABZdf4wDQYJKoZIhvcNAQELBQADggEBANHhOUkhZ9Puc41eDXy/iL4B
NO096JxsxW9cFCa3Q6oDxbCKsUTaSvZjcYLrioNGN2ebJVlSF91c5fejVutE2rZ1
3+cph5b0XvMcXN8LOCiiAEQIwPQBak/qEzExI6hilUW/9OKpkQ5xhqVQCJJT6uTR
4QlIy8+YaHlss4N3fMvp7FhKluBCFq6BlrUfCUCK6W9HjnKkidHcn1ZI+cNb9RUO
+Yg/yzs9L4jxljPnX9Y/az/oINt2YMPgnkpS3Wn2m5eOHIgQ3EX4dvFdaU8mL+Y6
kWwfR9+E5YVqSHXajugRCjLmmTmtcf2EE9GImTpCs/4Bfz4kiSYqRBq1KufxU44=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:14 2024 by rpki-client on console-fra.rpki-client.org