Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/crQyoLSi0DxMxZMnpyai-XkwAoc.roa
File:                     crQyoLSi0DxMxZMnpyai-XkwAoc.roa (raw, json)
Hash identifier:          nOXJFc8TeCqIE0rfUZo07dADRwjIrsgh+fVXitP6oGo=
Subject key identifier:   72:B4:32:A0:B4:A2:D0:3C:4C:C5:93:27:A7:26:A2:F9:79:30:02:87
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       09988DB4
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/crQyoLSi0DxMxZMnpyai-XkwAoc.roa
Signing time:             Wed 16 Feb 2022 20:19:39 +0000
ROA not before:           Wed 16 Feb 2022 20:19:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211936
IP address blocks:        84.46.240.0/20 maxlen: 24
                          86.38.248.0/21 maxlen: 24
                          89.116.234.0/24 maxlen: 24
                          89.116.236.0/24 maxlen: 24
                          89.116.244.0/24 maxlen: 24
                          89.116.241.0/24 maxlen: 24
                          89.116.140.0/24 maxlen: 24
                          84.46.200.0/24 maxlen: 24
                          86.38.235.0/24 maxlen: 24
                          86.38.238.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 160992692 (0x9988db4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Feb 16 20:19:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=72b432a0b4a2d03c4cc59327a726a2f979300287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:43:b6:da:83:b0:28:14:d5:0e:29:44:4e:77:
                    53:10:e5:af:1c:9e:eb:8c:a6:d7:6d:44:7b:50:19:
                    24:c3:53:6b:e4:d0:e5:7a:95:3b:47:df:fd:9d:42:
                    ab:a4:bd:18:c6:44:ce:fa:01:57:ff:bf:8a:47:ae:
                    21:b8:35:4a:c9:3b:11:0a:82:88:7e:32:1b:4e:34:
                    7e:2c:36:19:8e:fd:44:d0:f3:d2:ee:2c:b8:95:2a:
                    b5:f4:0b:73:fa:0e:24:83:8c:a7:4d:22:53:29:bf:
                    4f:db:95:a3:c9:86:77:8b:1a:b5:09:56:cb:d2:b3:
                    39:48:f4:aa:a2:f5:a4:41:41:10:d9:e2:24:e9:5e:
                    b5:b7:83:cc:13:9a:90:7a:d3:9b:36:9f:a6:71:30:
                    93:28:51:d6:28:99:dc:f3:89:ef:26:25:0e:5f:be:
                    01:9d:46:55:ac:42:37:e3:6e:f9:32:bf:ad:3d:41:
                    ec:73:f3:59:41:53:a2:56:51:64:8e:bf:83:2a:59:
                    8f:94:02:dd:df:8f:e7:97:0c:e8:b0:1d:3f:6a:7a:
                    8f:f7:ef:9d:7c:3a:d8:5f:32:72:f1:ca:69:69:8b:
                    c2:61:fb:2f:10:95:d7:c6:9c:15:e8:b4:fe:12:f4:
                    a9:3e:fe:7f:b7:a6:18:82:33:89:06:48:3d:de:f3:
                    e8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B4:32:A0:B4:A2:D0:3C:4C:C5:93:27:A7:26:A2:F9:79:30:02:87
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/crQyoLSi0DxMxZMnpyai-XkwAoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.46.200.0/24
                  84.46.240.0/20
                  86.38.235.0/24
                  86.38.238.0/24
                  86.38.248.0/21
                  89.116.140.0/24
                  89.116.234.0/24
                  89.116.236.0/24
                  89.116.241.0/24
                  89.116.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:bc:46:6f:d6:db:a7:99:43:75:15:38:d6:0b:7a:84:ec:ae:
         c8:dd:a4:27:a9:16:6c:73:a8:93:bf:35:25:e8:ad:31:c2:2b:
         4e:38:d4:95:6a:9a:50:d7:21:57:98:80:22:dc:6e:f4:20:20:
         8a:03:77:42:3f:16:f8:26:48:f0:93:56:26:93:bb:c8:aa:66:
         2f:a3:a2:80:bd:14:de:7d:15:e0:73:07:68:6c:1f:28:63:81:
         19:d5:a2:ec:18:67:c8:54:f8:18:6f:ab:54:66:7c:55:fc:b9:
         f3:37:75:62:2a:53:b3:0b:50:bf:07:9a:40:c0:94:e2:e5:30:
         54:87:1f:f3:aa:31:a4:51:bf:23:10:b4:f7:14:a6:de:a3:4c:
         fa:9b:c3:97:dd:f0:f3:c2:e5:0d:bc:cb:26:bf:6a:0f:8c:f7:
         a2:66:78:84:4d:66:77:d1:01:cc:9d:55:87:bb:69:71:87:9c:
         32:2d:cd:67:db:fd:56:69:f2:66:74:6e:9b:08:59:14:3d:20:
         a8:cc:78:74:ec:bb:b9:b0:ac:c0:75:6e:60:ae:0d:a3:f7:0d:
         23:50:d1:02:40:56:4a:74:50:c3:09:45:fd:66:79:f2:30:18:
         26:be:f2:54:79:12:a1:84:b1:00:5c:81:ff:54:73:58:7d:ab:
         4e:74:f3:9f
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIECZiNtDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NDY5ODU4NWU1ZWJkMTFjOTY5YzdlZDRhMzIwZWRhZmM5ZDE3ODIyMB4XDTIyMDIx
NjIwMTkzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzJiNDMyYTBiNGEy
ZDAzYzRjYzU5MzI3YTcyNmEyZjk3OTMwMDI4NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOJDttqDsCgU1Q4pRE53UxDlrxye64ym121Ee1AZJMNTa+TQ
5XqVO0ff/Z1Cq6S9GMZEzvoBV/+/ikeuIbg1Ssk7EQqCiH4yG040fiw2GY79RNDz
0u4suJUqtfQLc/oOJIOMp00iUym/T9uVo8mGd4satQlWy9KzOUj0qqL1pEFBENni
JOletbeDzBOakHrTmzafpnEwkyhR1iiZ3POJ7yYlDl++AZ1GVaxCN+Nu+TK/rT1B
7HPzWUFTolZRZI6/gypZj5QC3d+P55cM6LAdP2p6j/fvnXw62F8ycvHKaWmLwmH7
LxCV18acFei0/hL0qT7+f7emGIIziQZIPd7z6H8CAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBRytDKgtKLQPEzFkyenJqL5eTAChzAfBgNVHSMEGDAWgBTEaYWF5evRHJac
ftSjIO2vydF4IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hHbUZoZVhyMFJ5V25IN1VveUR0cjhuUmVDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8x
L2NyUXlvTFNpMER4TXhaTW5weWFpLVhrd0FvYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8xL3hHbUZoZVhyMFJ5
V25IN1VveUR0cjhuUmVDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAFQuyAMEBFQu8AMEAFYm6wMEAFYm
7gMEA1Ym+AMEAFl0jAMEAFl06gMEAFl07AMEAFl08QMEAFl09DANBgkqhkiG9w0B
AQsFAAOCAQEAAbxGb9bbp5lDdRU41gt6hOyuyN2kJ6kWbHOok781JeitMcIrTjjU
lWqaUNchV5iAItxu9CAgigN3Qj8W+CZI8JNWJpO7yKpmL6OigL0U3n0V4HMHaGwf
KGOBGdWi7BhnyFT4GG+rVGZ8Vfy58zd1YipTswtQvweaQMCU4uUwVIcf86oxpFG/
IxC09xSm3qNM+pvDl93w88LlDbzLJr9qD4z3omZ4hE1md9EBzJ1Vh7tpcYecMi3N
Z9v9VmnyZnRumwhZFD0gqMx4dOy7ubCswHVuYK4No/cNI1DRAkBWSnRQwwlF/WZ5
8jAYJr7yVHkSoYSxAFyB/1RzWH2rTnTznw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:14 2024 by rpki-client on console-fra.rpki-client.org