Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xew5rV_NtqRc1CNUXOLaWDJcoE0.roa
File:                     xew5rV_NtqRc1CNUXOLaWDJcoE0.roa (raw, json)
Hash identifier:          WyNoudAiZDuIe5Wu7Ctqsq4+wrI6sKUhs9ve/GmI9dI=
Subject key identifier:   C5:EC:39:AD:5F:CD:B6:A4:5C:D4:23:54:5C:E2:DA:58:32:5C:A0:4D
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0182CA36AB8E05FFD4A46BF9AF433A0AE80E
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xew5rV_NtqRc1CNUXOLaWDJcoE0.roa
Signing time:             Tue 23 Aug 2022 10:19:16 +0000
ROA not before:           Tue 23 Aug 2022 10:19:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210441
IP address blocks:        89.117.72.0/21 maxlen: 21
                          89.117.84.0/23 maxlen: 24
                          89.117.88.0/22 maxlen: 24
                          89.117.94.0/23 maxlen: 24
                          89.117.102.0/23 maxlen: 24
                          89.117.112.0/22 maxlen: 24
                          89.117.109.0/24 maxlen: 24
                          89.117.116.0/23 maxlen: 24
                          89.117.12.0/23 maxlen: 24
                          89.117.28.0/22 maxlen: 24
                          89.117.32.0/23 maxlen: 24
                          89.117.36.0/23 maxlen: 24
                          89.117.190.0/24 maxlen: 24
                          89.117.215.0/24 maxlen: 24
                          89.117.222.0/24 maxlen: 24
                          89.117.132.0/22 maxlen: 24
                          89.117.129.0/24 maxlen: 24
                          89.117.142.0/23 maxlen: 24
                          89.117.158.0/23 maxlen: 24
                          84.46.234.0/23 maxlen: 24
                          89.116.108.0/24 maxlen: 24
                          89.116.106.0/23 maxlen: 24
                          86.38.246.0/23 maxlen: 24
                          89.116.125.0/24 maxlen: 24
                          89.116.126.0/23 maxlen: 24
                          89.116.132.0/24 maxlen: 24
                          89.116.135.0/24 maxlen: 24
                          89.116.148.0/23 maxlen: 24
                          89.116.150.0/24 maxlen: 24
                          89.116.58.0/23 maxlen: 24
                          86.38.202.0/23 maxlen: 24
                          89.116.88.0/23 maxlen: 24
                          89.116.92.0/24 maxlen: 24
                          89.116.218.0/24 maxlen: 24
                          89.116.252.0/24 maxlen: 24
                          89.116.253.0/24 maxlen: 24
                          89.117.8.0/23 maxlen: 24
                          89.116.163.0/24 maxlen: 24
                          89.116.161.0/24 maxlen: 24
                          89.116.166.0/24 maxlen: 24
                          89.116.172.0/23 maxlen: 24
                          89.116.177.0/24 maxlen: 24
                          89.116.175.0/24 maxlen: 24
                          89.116.186.0/24 maxlen: 24
                          89.116.184.0/23 maxlen: 24
                          89.116.193.0/24 maxlen: 24
                          89.116.210.0/23 maxlen: 24
                          86.38.178.0/23 maxlen: 24
                          86.38.186.0/23 maxlen: 24
                          86.38.184.0/23 maxlen: 24
                          89.117.228.0/23 maxlen: 24
                          89.117.245.0/24 maxlen: 24
                          89.117.250.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ca:36:ab:8e:05:ff:d4:a4:6b:f9:af:43:3a:0a:e8:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Aug 23 10:19:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c5ec39ad5fcdb6a45cd423545ce2da58325ca04d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:74:0b:ab:b8:02:e4:f3:93:45:53:56:21:0c:
                    2b:36:55:98:7c:3d:43:40:9e:74:58:ee:b9:2c:62:
                    42:48:6d:14:9a:0c:3f:97:6f:23:7e:3c:9e:fa:45:
                    4e:c2:c3:00:77:3a:89:98:d4:2e:bf:85:fb:72:65:
                    16:1c:4c:b4:b1:67:52:7a:e5:63:46:96:ff:81:ea:
                    45:9a:03:ef:27:df:31:f0:7c:5c:9f:53:a1:27:5c:
                    16:75:fe:3f:02:6c:10:ac:b5:83:af:2d:d6:56:0b:
                    de:b3:9f:3e:97:97:e0:38:ee:1a:4f:80:f6:49:4a:
                    11:74:71:f0:78:9b:28:37:77:fd:94:ce:19:b0:92:
                    b2:8f:8d:10:02:ff:a7:37:5e:71:b2:3d:f5:7b:9f:
                    01:b1:b6:65:e4:ba:72:e9:27:00:c8:9a:0b:93:83:
                    23:cf:dc:d4:aa:f7:2f:68:d8:13:e7:9c:dd:8a:70:
                    98:86:9b:d3:75:84:08:dc:02:27:2a:b0:06:13:18:
                    00:ad:8d:c0:3a:bc:1e:4a:6c:4b:eb:c7:3d:eb:00:
                    9b:91:b2:a1:84:6e:15:a7:5d:9e:a8:63:ae:65:94:
                    3d:b7:dd:b9:f1:79:b1:15:3f:a1:9f:3a:96:4b:ab:
                    a6:66:24:14:7c:5b:05:d0:f3:87:13:5f:75:01:1b:
                    8e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EC:39:AD:5F:CD:B6:A4:5C:D4:23:54:5C:E2:DA:58:32:5C:A0:4D
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xew5rV_NtqRc1CNUXOLaWDJcoE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.46.234.0/23
                  86.38.178.0/23
                  86.38.184.0/22
                  86.38.202.0/23
                  86.38.246.0/23
                  89.116.58.0/23
                  89.116.88.0/23
                  89.116.92.0/24
                  89.116.106.0-89.116.108.255
                  89.116.125.0-89.116.127.255
                  89.116.132.0/24
                  89.116.135.0/24
                  89.116.148.0-89.116.150.255
                  89.116.161.0/24
                  89.116.163.0/24
                  89.116.166.0/24
                  89.116.172.0/23
                  89.116.175.0/24
                  89.116.177.0/24
                  89.116.184.0-89.116.186.255
                  89.116.193.0/24
                  89.116.210.0/23
                  89.116.218.0/24
                  89.116.252.0/23
                  89.117.8.0/23
                  89.117.12.0/23
                  89.117.28.0-89.117.33.255
                  89.117.36.0/23
                  89.117.72.0/21
                  89.117.84.0/23
                  89.117.88.0/22
                  89.117.94.0/23
                  89.117.102.0/23
                  89.117.109.0/24
                  89.117.112.0-89.117.117.255
                  89.117.129.0/24
                  89.117.132.0/22
                  89.117.142.0/23
                  89.117.158.0/23
                  89.117.190.0/24
                  89.117.215.0/24
                  89.117.222.0/24
                  89.117.228.0/23
                  89.117.245.0/24
                  89.117.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:02:05:93:53:68:9d:39:df:47:74:ef:ed:d9:46:78:51:a4:
         4e:ff:55:4f:8f:2e:3f:96:45:46:61:41:85:f7:30:3f:74:e9:
         63:75:18:85:0d:cb:4c:42:c3:22:78:4c:04:b5:e8:b4:d0:6f:
         8b:da:44:ae:9b:b4:a0:b9:b4:02:8f:aa:37:10:22:fd:c6:e4:
         36:ef:71:7e:1b:3b:c3:fa:ce:af:ac:4a:2e:2c:02:e6:67:a6:
         ce:18:19:ee:5f:d0:f0:6e:e6:b0:e9:f6:0d:b8:13:7b:a1:2e:
         7c:7a:7c:0c:86:11:75:3f:10:ce:c8:0b:bf:8c:89:fd:11:32:
         0b:be:1f:91:03:70:1d:03:84:9c:8b:b8:f1:73:6c:13:15:d1:
         af:36:0d:e5:c0:4c:39:a0:6b:48:4b:8a:35:50:ac:99:b1:58:
         ac:9d:dd:06:3d:32:31:58:4d:43:2f:e5:54:42:28:b2:ff:04:
         a7:a6:e4:7f:64:fa:32:a2:bf:55:a1:a6:70:2b:68:ac:18:76:
         54:d8:a7:9e:1c:14:6d:38:1f:ae:0b:73:b8:6d:8f:75:c8:65:
         e3:d6:41:11:f3:e0:12:0e:7c:a5:83:af:62:8d:db:b3:79:8e:
         37:d0:9b:9d:b9:3e:f4:30:5f:e2:37:80:b6:30:41:e7:c6:bf:
         f5:88:0f:ee
-----BEGIN CERTIFICATE-----
MIIGPzCCBSegAwIBAgISAYLKNquOBf/UpGv5r0M6CugOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Njk4NTg1ZTVlYmQxMWM5NjljN2VkNGEzMjBlZGFmYzlk
MTc4MjIwHhcNMjIwODIzMTAxOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWVjMzlhZDVmY2RiNmE0NWNkNDIzNTQ1Y2UyZGE1ODMyNWNhMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3QLq7gC5POTRVNWIQwrNlWYfD1D
QJ50WO65LGJCSG0Umgw/l28jfjye+kVOwsMAdzqJmNQuv4X7cmUWHEy0sWdSeuVj
Rpb/gepFmgPvJ98x8Hxcn1OhJ1wWdf4/AmwQrLWDry3WVgves58+l5fgOO4aT4D2
SUoRdHHweJsoN3f9lM4ZsJKyj40QAv+nN15xsj31e58BsbZl5Lpy6ScAyJoLk4Mj
z9zUqvcvaNgT55zdinCYhpvTdYQI3AInKrAGExgArY3AOrweSmxL68c96wCbkbKh
hG4Vp12eqGOuZZQ9t9258XmxFT+hnzqWS6umZiQUfFsF0POHE191ARuO9wIDAQAB
o4IDSzCCA0cwHQYDVR0OBBYEFMXsOa1fzbakXNQjVFzi2lgyXKBNMB8GA1UdIwQY
MBaAFMRphYXl69Eclpx+1KMg7a/J0XgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgt
OWQ2MDAxZjc4YTcwLzEveGV3NXJWX050cVJjMUNOVVhPTGFXREpjb0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgtOWQ2MDAxZjc4YTcw
LzEveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXwYIKwYBBQUHAQcBAf8EggFOMIIBSjCCAUYEAgABMIIB
PgMEAVQu6gMEAVYmsgMEAlYmuAMEAVYmygMEAVYm9gMEAVl0OgMEAVl0WAMEAFl0
XDAMAwQBWXRqAwQAWXRsMAwDBABZdH0DBAdZdAADBABZdIQDBABZdIcwDAMEAll0
lAMEAFl0lgMEAFl0oQMEAFl0owMEAFl0pgMEAVl0rAMEAFl0rwMEAFl0sTAMAwQD
WXS4AwQAWXS6AwQAWXTBAwQBWXTSAwQAWXTaAwQBWXT8AwQBWXUIAwQBWXUMMAwD
BAJZdRwDBAFZdSADBAFZdSQDBANZdUgDBAFZdVQDBAJZdVgDBAFZdV4DBAFZdWYD
BABZdW0wDAMEBFl1cAMEAVl1dAMEAFl1gQMEAll1hAMEAVl1jgMEAVl1ngMEAFl1
vgMEAFl11wMEAFl13gMEAVl15AMEAFl19QMEAFl1+jANBgkqhkiG9w0BAQsFAAOC
AQEAXgIFk1NonTnfR3Tv7dlGeFGkTv9VT48uP5ZFRmFBhfcwP3TpY3UYhQ3LTELD
InhMBLXotNBvi9pErpu0oLm0Ao+qNxAi/cbkNu9xfhs7w/rOr6xKLiwC5memzhgZ
7l/Q8G7msOn2DbgTe6EufHp8DIYRdT8QzsgLv4yJ/REyC74fkQNwHQOEnIu48XNs
ExXRrzYN5cBMOaBrSEuKNVCsmbFYrJ3dBj0yMVhNQy/lVEIosv8Ep6bkf2T6MqK/
VaGmcCtorBh2VNinnhwUbTgfrgtzuG2Pdchl49ZBEfPgEg58pYOvYo3bs3mON9Cb
nbk+9DBf4jeAtjBB58a/9YgP7g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:14 2024 by rpki-client on console-fra.rpki-client.org