Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/03ff40-b196-4b88-92da-82f6e2ffe43c/1/cxrnhEgvS1CDXVi80tCawF9NDV0.roa
File:                     cxrnhEgvS1CDXVi80tCawF9NDV0.roa (raw, json)
Hash identifier:          bAweCUKjyEBdqPIOZSsseH910xegqtBujmRyuT1VHLY=
Subject key identifier:   73:1A:E7:84:48:2F:4B:50:83:5D:58:BC:D2:D0:9A:C0:5F:4D:0D:5D
Certificate issuer:       /CN=271c9f260d0b29f1b1fea116731ae615068c46ba
Certificate serial:       01856BCA0EF09110B2D79611994C64EE94B2
Authority key identifier: 27:1C:9F:26:0D:0B:29:F1:B1:FE:A1:16:73:1A:E6:15:06:8C:46:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxyfJg0LKfGx_qEWcxrmFQaMRro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/03ff40-b196-4b88-92da-82f6e2ffe43c/1/cxrnhEgvS1CDXVi80tCawF9NDV0.roa
Signing time:             Sun 01 Jan 2023 05:24:42 +0000
ROA not before:           Sun 01 Jan 2023 05:24:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61047
IP address blocks:        185.43.44.0/22 maxlen: 22
                          185.189.188.0/22 maxlen: 22
                          185.71.224.0/22 maxlen: 22
                          185.83.96.0/22 maxlen: 22
                          91.220.197.0/24 maxlen: 24
                          185.124.200.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ca:0e:f0:91:10:b2:d7:96:11:99:4c:64:ee:94:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=271c9f260d0b29f1b1fea116731ae615068c46ba
        Validity
            Not Before: Jan  1 05:24:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=731ae784482f4b50835d58bcd2d09ac05f4d0d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ac:f4:70:9b:c8:55:f7:ca:35:bb:b6:4a:df:
                    4a:43:b1:11:1d:af:b5:e5:83:55:76:3a:b3:e8:db:
                    bd:43:1e:72:b7:11:84:d0:6e:71:f8:94:ff:3c:61:
                    d1:c3:a1:fc:e5:0e:7d:06:de:5f:7c:23:2a:e1:f0:
                    6c:cb:67:d4:67:f3:ff:c3:45:df:a1:30:02:87:d4:
                    73:70:2e:af:d6:81:bb:be:02:95:d2:46:66:db:3f:
                    17:85:ca:09:a3:b1:88:e2:be:3a:71:d1:2f:95:af:
                    6f:f8:3c:af:e0:9d:27:1f:2b:2b:d1:54:42:40:76:
                    93:9a:9a:df:c5:8d:77:c4:f4:e4:ea:66:c5:10:7c:
                    08:d0:e4:c9:da:2d:d9:27:b5:96:95:28:93:dd:22:
                    c6:40:dc:40:1c:c9:fa:57:bb:21:f2:55:f0:f7:08:
                    de:77:9e:7d:e3:4b:fc:02:5c:f1:f5:97:0c:a5:6c:
                    88:28:34:fd:aa:0d:d8:0d:24:4c:31:54:ba:69:98:
                    fb:5c:e5:48:f4:be:56:69:df:1f:ea:6f:aa:f7:51:
                    a6:e6:8d:a3:e8:a0:06:fc:39:b0:a4:7f:4a:87:d0:
                    86:70:39:98:00:19:75:0b:50:66:40:6a:18:b8:b3:
                    e1:af:e5:4b:e3:20:f4:10:66:b3:d9:d2:2e:6e:33:
                    94:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:1A:E7:84:48:2F:4B:50:83:5D:58:BC:D2:D0:9A:C0:5F:4D:0D:5D
            X509v3 Authority Key Identifier:
                keyid:27:1C:9F:26:0D:0B:29:F1:B1:FE:A1:16:73:1A:E6:15:06:8C:46:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxyfJg0LKfGx_qEWcxrmFQaMRro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/03ff40-b196-4b88-92da-82f6e2ffe43c/1/cxrnhEgvS1CDXVi80tCawF9NDV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/03ff40-b196-4b88-92da-82f6e2ffe43c/1/JxyfJg0LKfGx_qEWcxrmFQaMRro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.197.0/24
                  185.43.44.0/22
                  185.71.224.0/22
                  185.83.96.0/22
                  185.124.200.0/22
                  185.189.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:05:ad:f5:20:4b:4f:16:a9:45:cd:d1:91:6a:c5:ee:f1:0f:
         30:ed:45:d8:5a:fc:45:fa:c3:15:e8:6e:00:43:99:be:4b:a7:
         e8:26:03:79:ad:a5:10:00:b8:f7:0e:27:d5:ba:c5:8b:93:c2:
         c5:20:f9:fe:cb:a9:3c:d7:52:f8:26:01:b6:df:6c:40:50:ec:
         7c:75:0c:4f:b0:89:c4:6a:84:47:73:68:17:d1:47:4c:fd:04:
         e8:10:90:7c:fb:5e:e7:14:77:f1:3c:97:5d:e4:75:a7:15:84:
         1d:d4:c3:0d:78:bf:4c:00:fc:3e:86:e0:b1:c2:3c:5e:fb:98:
         8c:de:76:8b:30:b9:4b:77:c9:dd:3d:ee:96:f1:69:c6:74:c1:
         d1:ca:d3:7d:94:13:28:ca:e0:2c:c9:67:10:e6:b2:5f:0a:18:
         ee:72:a8:36:0a:ed:36:70:1a:94:9e:e7:fa:ad:e5:19:7e:51:
         aa:f9:c5:6f:60:66:22:b6:a5:c6:84:2c:0d:64:53:25:1e:01:
         1a:36:4a:c5:d4:4c:95:cf:b3:6b:7e:5f:27:d2:eb:a8:cb:6c:
         5a:3e:44:0c:a9:6d:74:4d:7e:42:06:a9:05:3b:73:40:57:66:
         c3:37:6f:a6:01:75:23:f1:27:aa:f0:62:01:b9:ab:4a:dd:3b:
         18:e8:97:d7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVryg7wkRCy15YRmUxk7pSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MWM5ZjI2MGQwYjI5ZjFiMWZlYTExNjczMWFlNjE1MDY4
YzQ2YmEwHhcNMjMwMTAxMDUyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFhZTc4NDQ4MmY0YjUwODM1ZDU4YmNkMmQwOWFjMDVmNGQwZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6z0cJvIVffKNbu2St9KQ7ERHa+1
5YNVdjqz6Nu9Qx5ytxGE0G5x+JT/PGHRw6H85Q59Bt5ffCMq4fBsy2fUZ/P/w0Xf
oTACh9RzcC6v1oG7vgKV0kZm2z8XhcoJo7GI4r46cdEvla9v+Dyv4J0nHysr0VRC
QHaTmprfxY13xPTk6mbFEHwI0OTJ2i3ZJ7WWlSiT3SLGQNxAHMn6V7sh8lXw9wje
d55940v8Alzx9ZcMpWyIKDT9qg3YDSRMMVS6aZj7XOVI9L5Wad8f6m+q91Gm5o2j
6KAG/DmwpH9Kh9CGcDmYABl1C1BmQGoYuLPhr+VL4yD0EGaz2dIubjOUzwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHMa54RIL0tQg11YvNLQmsBfTQ1dMB8GA1UdIwQY
MBaAFCccnyYNCynxsf6hFnMa5hUGjEa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnh5ZkpnMExLZkd4X3FFV2N4cm1GUWFNUnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8wM2ZmNDAtYjE5Ni00Yjg4LTkyZGEt
ODJmNmUyZmZlNDNjLzEvY3hybmhFZ3ZTMUNEWFZpODB0Q2F3RjlORFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8wM2ZmNDAtYjE5Ni00Yjg4LTkyZGEtODJmNmUyZmZlNDNj
LzEvSnh5ZkpnMExLZkd4X3FFV2N4cm1GUWFNUnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAW9zFAwQC
uSssAwQCuUfgAwQCuVNgAwQCuXzIAwQCub28MA0GCSqGSIb3DQEBCwUAA4IBAQC4
Ba31IEtPFqlFzdGRasXu8Q8w7UXYWvxF+sMV6G4AQ5m+S6foJgN5raUQALj3DifV
usWLk8LFIPn+y6k811L4JgG232xAUOx8dQxPsInEaoRHc2gX0UdM/QToEJB8+17n
FHfxPJdd5HWnFYQd1MMNeL9MAPw+huCxwjxe+5iM3naLMLlLd8ndPe6W8WnGdMHR
ytN9lBMoyuAsyWcQ5rJfChjucqg2Cu02cBqUnuf6reUZflGq+cVvYGYitqXGhCwN
ZFMlHgEaNkrF1EyVz7Nrfl8n0uuoy2xaPkQMqW10TX5CBqkFO3NAV2bDN2+mAXUj
8Seq8GIBuatK3TsY6JfX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:03 2024 by rpki-client on console-fra.rpki-client.org