Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/d7d11f-a94e-4262-bf21-dda11a535986/1/XkwthF4mnUMS6U1-SlNBkB9wXek.roa
File:                     XkwthF4mnUMS6U1-SlNBkB9wXek.roa (raw, json)
Hash identifier:          727UU7ocwEH/fWKEV08i8aWY1GvyjTM7ahiUN73pNGI=
Subject key identifier:   5E:4C:2D:84:5E:26:9D:43:12:E9:4D:7E:4A:53:41:90:1F:70:5D:E9
Certificate issuer:       /CN=5be23e3934f0b49a0bb965105c21420865a9222b
Certificate serial:       01856D8ACD6992BDEC9ED0FFD9AC165215F1
Authority key identifier: 5B:E2:3E:39:34:F0:B4:9A:0B:B9:65:10:5C:21:42:08:65:A9:22:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-I-OTTwtJoLuWUQXCFCCGWpIis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/d7d11f-a94e-4262-bf21-dda11a535986/1/XkwthF4mnUMS6U1-SlNBkB9wXek.roa
Signing time:             Sun 01 Jan 2023 13:34:51 +0000
ROA not before:           Sun 01 Jan 2023 13:34:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206150
IP address blocks:        91.234.192.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:8a:cd:69:92:bd:ec:9e:d0:ff:d9:ac:16:52:15:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5be23e3934f0b49a0bb965105c21420865a9222b
        Validity
            Not Before: Jan  1 13:34:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e4c2d845e269d4312e94d7e4a5341901f705de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f7:bd:bf:c2:3f:c4:20:1a:8b:63:e9:7d:24:
                    b4:4a:1f:5a:d5:87:c1:f7:8b:ac:5e:67:1c:f4:89:
                    46:30:ba:cf:a4:cd:e6:26:31:5a:09:79:ab:98:ee:
                    57:78:6c:39:01:46:19:47:7a:f8:66:cb:63:6a:d7:
                    6a:e5:e9:9c:d4:76:44:53:76:9d:a7:51:f0:bc:df:
                    45:7d:ce:fe:01:09:a1:6d:44:cf:67:f7:57:98:19:
                    15:d1:48:a6:30:24:71:d1:cb:a6:a2:bd:d3:5f:28:
                    51:d9:eb:9b:68:da:3f:5c:78:be:c5:14:79:5a:b0:
                    de:4c:45:9d:ad:88:4b:1f:29:c2:dd:c9:41:3b:76:
                    af:6f:07:78:71:bb:82:97:fd:04:c8:77:8e:52:7f:
                    ab:6b:1e:8a:55:4c:0c:e0:ef:68:d0:9c:35:20:13:
                    0d:85:ca:9d:ec:dc:92:9a:be:b6:25:52:f3:a5:43:
                    40:85:dc:0a:c3:1f:b1:f4:fa:67:59:0b:a3:aa:84:
                    58:dc:f9:cf:1d:7e:7c:bc:cb:f9:9d:b3:01:4c:46:
                    57:76:2d:ef:87:64:bf:96:09:1d:36:c7:36:54:0a:
                    dc:c2:1a:dc:2c:f4:25:fb:45:2e:e7:20:39:41:91:
                    1b:69:b8:e3:38:b6:91:4f:8b:71:2d:56:8d:86:da:
                    ec:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4C:2D:84:5E:26:9D:43:12:E9:4D:7E:4A:53:41:90:1F:70:5D:E9
            X509v3 Authority Key Identifier:
                keyid:5B:E2:3E:39:34:F0:B4:9A:0B:B9:65:10:5C:21:42:08:65:A9:22:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-I-OTTwtJoLuWUQXCFCCGWpIis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d7d11f-a94e-4262-bf21-dda11a535986/1/XkwthF4mnUMS6U1-SlNBkB9wXek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d7d11f-a94e-4262-bf21-dda11a535986/1/W-I-OTTwtJoLuWUQXCFCCGWpIis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:47:79:18:7b:1e:d3:df:4b:c4:54:12:89:71:d3:7b:ce:e2:
         66:64:f7:46:a4:9a:f7:9d:2a:c2:7c:d5:5f:6e:cd:6d:58:f9:
         9c:25:de:05:b2:84:66:e9:e3:e7:7e:f2:3c:a6:09:fb:8e:b9:
         ad:4e:0a:95:cf:3b:e4:ca:b1:29:bc:59:3d:7d:1f:39:35:d1:
         2c:4d:54:a5:5b:1b:a8:b7:12:aa:6a:ae:c2:07:25:4c:24:b4:
         1f:1f:d0:67:2e:89:04:00:a2:78:7d:ff:69:d0:bc:54:e7:6c:
         00:2a:8d:3a:6a:7d:42:89:11:d1:a7:84:c3:49:72:e4:12:b4:
         3b:c0:fe:7f:f1:cd:57:6b:49:e9:19:31:da:13:76:d8:d4:7a:
         ec:e3:21:20:1b:55:8c:1f:0f:a2:13:ee:79:91:00:20:e7:e4:
         8b:aa:7e:12:aa:1c:3c:a6:58:13:5b:7f:26:b5:46:74:24:ed:
         43:78:98:ab:bd:1b:02:f1:85:5c:b6:b0:51:74:e3:50:ae:72:
         64:10:6a:c9:db:4f:77:e5:38:c1:3b:45:1e:3e:de:0e:e9:32:
         e9:84:3a:c8:ab:1f:de:bf:d6:57:21:b4:4d:37:f2:c9:e8:fa:
         58:d6:1f:cd:7e:84:69:6d:a3:af:68:01:96:71:87:a8:2a:54:
         b9:5b:59:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtis1pkr3sntD/2awWUhXxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZTIzZTM5MzRmMGI0OWEwYmI5NjUxMDVjMjE0MjA4NjVh
OTIyMmIwHhcNMjMwMTAxMTMzNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRjMmQ4NDVlMjY5ZDQzMTJlOTRkN2U0YTUzNDE5MDFmNzA1ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ve9v8I/xCAai2PpfSS0Sh9a1YfB
94usXmcc9IlGMLrPpM3mJjFaCXmrmO5XeGw5AUYZR3r4Zstjatdq5emc1HZEU3ad
p1HwvN9Ffc7+AQmhbUTPZ/dXmBkV0UimMCRx0cumor3TXyhR2eubaNo/XHi+xRR5
WrDeTEWdrYhLHynC3clBO3avbwd4cbuCl/0EyHeOUn+rax6KVUwM4O9o0Jw1IBMN
hcqd7NySmr62JVLzpUNAhdwKwx+x9PpnWQujqoRY3PnPHX58vMv5nbMBTEZXdi3v
h2S/lgkdNsc2VArcwhrcLPQl+0Uu5yA5QZEbabjjOLaRT4txLVaNhtrslQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5MLYReJp1DEulNfkpTQZAfcF3pMB8GA1UdIwQY
MBaAFFviPjk08LSaC7llEFwhQghlqSIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1JLU9UVHd0Sm9MdVdVUVhDRkNDR1dwSWlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9kN2QxMWYtYTk0ZS00MjYyLWJmMjEt
ZGRhMTFhNTM1OTg2LzEvWGt3dGhGNG1uVU1TNlUxLVNsTkJrQjl3WGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9kN2QxMWYtYTk0ZS00MjYyLWJmMjEtZGRhMTFhNTM1OTg2
LzEvVy1JLU9UVHd0Sm9MdVdVUVhDRkNDR1dwSWlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rAMA0G
CSqGSIb3DQEBCwUAA4IBAQByR3kYex7T30vEVBKJcdN7zuJmZPdGpJr3nSrCfNVf
bs1tWPmcJd4FsoRm6ePnfvI8pgn7jrmtTgqVzzvkyrEpvFk9fR85NdEsTVSlWxuo
txKqaq7CByVMJLQfH9BnLokEAKJ4ff9p0LxU52wAKo06an1CiRHRp4TDSXLkErQ7
wP5/8c1Xa0npGTHaE3bY1Hrs4yEgG1WMHw+iE+55kQAg5+SLqn4Sqhw8plgTW38m
tUZ0JO1DeJirvRsC8YVctrBRdONQrnJkEGrJ20935TjBO0UePt4O6TLphDrIqx/e
v9ZXIbRNN/LJ6PpY1h/NfoRpbaOvaAGWcYeoKlS5W1nj
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:13 2024 by rpki-client on console-ams.rpki-client.org