Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/f6bd5f-7e26-4072-9d1a-157e3c169918/1/iCu1vBokcIZmQ8a25JR10ROqy1E.roa
File:                     iCu1vBokcIZmQ8a25JR10ROqy1E.roa (raw, json)
Hash identifier:          0BYpu40fGBCPQ/OkVXPHDSuWwC+UeWC0JcXTbp99pt8=
Subject key identifier:   88:2B:B5:BC:1A:24:70:86:66:43:C6:B6:E4:94:75:D1:13:AA:CB:51
Certificate issuer:       /CN=c74eb7ea35238d02997c42eb574a38a30e5d00e7
Certificate serial:       01893194EB4509D1E300571F6FF2BF53FB88
Authority key identifier: C7:4E:B7:EA:35:23:8D:02:99:7C:42:EB:57:4A:38:A3:0E:5D:00:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0636jUjjQKZfELrV0o4ow5dAOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/f6bd5f-7e26-4072-9d1a-157e3c169918/1/iCu1vBokcIZmQ8a25JR10ROqy1E.roa
Signing time:             Fri 07 Jul 2023 18:19:50 +0000
ROA not before:           Fri 07 Jul 2023 18:19:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34569
IP address blocks:        109.120.192.0/18 maxlen: 18
                          109.120.213.0/24 maxlen: 24
                          212.25.32.0/19 maxlen: 19
                          212.25.58.0/24 maxlen: 24
                          212.25.62.0/24 maxlen: 24
                          109.120.215.0/24 maxlen: 24
                          185.211.200.0/23 maxlen: 23
                          109.120.218.0/23 maxlen: 23
                          109.120.222.0/23 maxlen: 23
                          109.120.224.0/22 maxlen: 22
                          109.120.220.0/23 maxlen: 23
                          109.120.230.0/23 maxlen: 23
                          109.120.228.0/23 maxlen: 24
                          109.120.232.0/23 maxlen: 23
                          109.120.240.0/23 maxlen: 23
                          109.120.238.0/23 maxlen: 23
                          109.120.242.0/23 maxlen: 23
                          109.120.244.0/22 maxlen: 22
                          109.120.252.0/23 maxlen: 23
                          109.120.248.0/22 maxlen: 22
                          77.78.38.0/24 maxlen: 24
                          77.78.56.0/22 maxlen: 22
                          77.78.60.0/22 maxlen: 22
                          77.78.0.0/18 maxlen: 18
                          77.78.20.0/23 maxlen: 23
                          2a13:86c0::/29 maxlen: 64

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:31:94:eb:45:09:d1:e3:00:57:1f:6f:f2:bf:53:fb:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74eb7ea35238d02997c42eb574a38a30e5d00e7
        Validity
            Not Before: Jul  7 18:19:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=882bb5bc1a2470866643c6b6e49475d113aacb51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f3:10:9c:8c:68:d0:5a:37:33:2e:23:f1:34:
                    6f:2b:cc:5f:49:be:f9:b4:d3:f6:aa:9f:1b:1e:2c:
                    cc:e6:c5:e4:51:08:ac:cb:71:d5:90:c7:82:41:39:
                    8a:7d:36:c0:e2:68:89:2f:f5:6c:12:42:0f:f3:3e:
                    5e:ae:97:80:12:85:5e:b7:07:7f:5e:d1:7c:27:77:
                    99:f9:6b:e6:b9:50:de:68:5a:a4:3a:6b:c4:18:a6:
                    8e:49:12:b1:e4:b5:50:ff:33:2b:b8:18:cc:00:9d:
                    d4:51:b6:87:a5:fd:fb:4d:8a:07:48:a8:43:f0:f7:
                    66:cd:60:96:19:52:03:7e:2b:72:4c:44:09:5b:55:
                    69:f4:cc:1e:f7:0c:5e:ff:5a:79:f3:61:7c:6d:ed:
                    ac:d9:f5:3a:6d:d0:30:8c:cc:c7:98:89:7f:d8:99:
                    4d:7e:a6:96:20:6c:f1:c2:c3:88:f0:24:11:00:18:
                    b8:d8:e6:ec:37:52:82:b2:c8:dc:ea:2f:33:96:cf:
                    d9:23:41:75:e5:f5:c6:39:c2:ca:bf:e2:a9:7d:39:
                    08:e3:8d:7f:33:79:f9:15:a1:37:7d:a8:f5:6f:e0:
                    16:73:3d:65:b5:2e:5b:9b:ec:2d:2a:9b:e8:d2:40:
                    07:15:0d:fa:dd:36:26:32:67:36:7d:19:39:a1:3e:
                    29:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:2B:B5:BC:1A:24:70:86:66:43:C6:B6:E4:94:75:D1:13:AA:CB:51
            X509v3 Authority Key Identifier:
                keyid:C7:4E:B7:EA:35:23:8D:02:99:7C:42:EB:57:4A:38:A3:0E:5D:00:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0636jUjjQKZfELrV0o4ow5dAOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/f6bd5f-7e26-4072-9d1a-157e3c169918/1/iCu1vBokcIZmQ8a25JR10ROqy1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/f6bd5f-7e26-4072-9d1a-157e3c169918/1/x0636jUjjQKZfELrV0o4ow5dAOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.0.0/18
                  109.120.192.0/18
                  185.211.200.0/23
                  212.25.32.0/19
                IPv6:
                  2a13:86c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:13:76:66:eb:73:40:dd:9e:70:61:13:9f:a2:be:03:a3:ac:
         95:32:2f:4e:a8:45:5d:b4:20:81:38:4b:8c:03:0c:96:eb:d9:
         9e:5a:9c:f6:7d:bb:82:a8:ce:32:ac:2e:ce:36:fe:78:fa:af:
         8d:66:c2:85:2c:74:95:66:ee:13:c1:1d:f9:ea:86:ad:ab:85:
         a9:39:dc:06:af:c8:33:f6:c3:00:82:74:fd:93:3d:fc:a4:3f:
         91:a8:79:41:41:be:62:e0:52:0f:4d:13:77:9c:58:8c:80:10:
         40:8c:70:c2:be:84:66:1c:8c:8e:03:38:99:6a:a4:9c:37:7c:
         87:90:61:42:93:79:4f:97:3f:e7:55:f1:47:39:a7:85:b8:17:
         0a:02:42:b2:f7:da:97:f5:0e:73:c7:28:4d:1a:c7:ff:ca:07:
         78:c2:10:d3:c0:01:6f:4f:f7:32:84:34:56:89:d5:2a:20:3a:
         df:21:33:f4:47:78:ff:56:c6:63:0a:ab:8b:a3:be:c4:0d:82:
         d0:1d:7e:b8:4e:49:54:9c:f2:11:c9:6e:14:4c:73:e3:72:b2:
         e3:78:df:c8:81:e3:ab:0d:65:dd:ad:1b:a0:6b:6a:8e:b5:91:
         0c:12:f4:b1:22:ab:c8:17:ea:a5:cc:63:62:ff:22:b6:83:52:
         02:ff:a0:1d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYkxlOtFCdHjAFcfb/K/U/uIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGViN2VhMzUyMzhkMDI5OTdjNDJlYjU3NGEzOGEzMGU1
ZDAwZTcwHhcNMjMwNzA3MTgxOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODJiYjViYzFhMjQ3MDg2NjY0M2M2YjZlNDk0NzVkMTEzYWFjYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfMQnIxo0Fo3My4j8TRvK8xfSb75
tNP2qp8bHizM5sXkUQisy3HVkMeCQTmKfTbA4miJL/VsEkIP8z5erpeAEoVetwd/
XtF8J3eZ+WvmuVDeaFqkOmvEGKaOSRKx5LVQ/zMruBjMAJ3UUbaHpf37TYoHSKhD
8PdmzWCWGVIDfityTEQJW1Vp9Mwe9wxe/1p582F8be2s2fU6bdAwjMzHmIl/2JlN
fqaWIGzxwsOI8CQRABi42ObsN1KCssjc6i8zls/ZI0F15fXGOcLKv+KpfTkI441/
M3n5FaE3faj1b+AWcz1ltS5bm+wtKpvo0kAHFQ363TYmMmc2fRk5oT4pnQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIgrtbwaJHCGZkPGtuSUddETqstRMB8GA1UdIwQY
MBaAFMdOt+o1I40CmXxC61dKOKMOXQDnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDA2MzZqVWpqUUtaZkVMclYwbzRvdzVkQU9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mNmJkNWYtN2UyNi00MDcyLTlkMWEt
MTU3ZTNjMTY5OTE4LzEvaUN1MXZCb2tjSVptUThhMjVKUjEwUk9xeTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mNmJkNWYtN2UyNi00MDcyLTlkMWEtMTU3ZTNjMTY5OTE4
LzEveDA2MzZqVWpqUUtaZkVMclYwbzRvdzVkQU9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGTU4AAwQG
bXjAAwQBudPIAwQF1BkgMA0EAgACMAcDBQMqE4bAMA0GCSqGSIb3DQEBCwUAA4IB
AQB4E3Zm63NA3Z5wYROfor4Do6yVMi9OqEVdtCCBOEuMAwyW69meWpz2fbuCqM4y
rC7ONv54+q+NZsKFLHSVZu4TwR356oatq4WpOdwGr8gz9sMAgnT9kz38pD+RqHlB
Qb5i4FIPTRN3nFiMgBBAjHDCvoRmHIyOAziZaqScN3yHkGFCk3lPlz/nVfFHOaeF
uBcKAkKy99qX9Q5zxyhNGsf/ygd4whDTwAFvT/cyhDRWidUqIDrfITP0R3j/VsZj
CquLo77EDYLQHX64TklUnPIRyW4UTHPjcrLjeN/IgeOrDWXdrRuga2qOtZEMEvSx
IqvIF+qlzGNi/yK2g1IC/6Ad
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:00 2024 by rpki-client on console-fra.rpki-client.org