Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/b8932a-0879-4751-988c-6ee3f5007eab/1/siDoYzagbca9DZFbpuNWhqVmbkM.roa
File:                     siDoYzagbca9DZFbpuNWhqVmbkM.roa (raw, json)
Hash identifier:          coIRo1UFmrJzwerKZHrH9CnB77Mv+pLP2hjaa3P10dY=
Subject key identifier:   B2:20:E8:63:36:A0:6D:C6:BD:0D:91:5B:A6:E3:56:86:A5:66:6E:43
Certificate issuer:       /CN=9eb5e717cef9f6644cd8849b8a18d41dc74f408a
Certificate serial:       351FA09C
Authority key identifier: 9E:B5:E7:17:CE:F9:F6:64:4C:D8:84:9B:8A:18:D4:1D:C7:4F:40:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrXnF8759mRM2ISbihjUHcdPQIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/b8932a-0879-4751-988c-6ee3f5007eab/1/siDoYzagbca9DZFbpuNWhqVmbkM.roa
Signing time:             Sat 01 Jan 2022 01:57:06 +0000
ROA not before:           Sat 01 Jan 2022 01:57:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30781
IP address blocks:        46.231.216.0/21 maxlen: 24
                          185.146.220.0/22 maxlen: 24
                          88.212.144.0/21 maxlen: 24
                          88.212.152.0/22 maxlen: 24
                          212.85.229.0/24 maxlen: 24
                          212.85.230.0/23 maxlen: 23
                          31.172.160.0/21 maxlen: 24
                          31.172.160.0/22 maxlen: 24
                          185.4.60.0/22 maxlen: 24
                          185.91.220.0/22 maxlen: 24
                          185.91.224.0/22 maxlen: 24
                          82.196.24.0/21 maxlen: 24
                          82.196.25.0/24 maxlen: 24
                          82.196.27.0/24 maxlen: 24
                          88.202.236.0/22 maxlen: 24
                          212.18.242.0/24 maxlen: 24
                          212.18.240.0/21 maxlen: 24
                          82.163.36.0/22 maxlen: 24
                          2a00:78c0::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891265180 (0x351fa09c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb5e717cef9f6644cd8849b8a18d41dc74f408a
        Validity
            Not Before: Jan  1 01:57:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b220e86336a06dc6bd0d915ba6e35686a5666e43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:62:1f:28:49:e8:1b:31:fa:91:3b:45:a5:75:
                    de:7d:26:70:68:83:57:ab:a3:91:d5:99:04:b1:06:
                    37:7e:75:74:ec:c4:dc:00:32:82:a7:91:b3:3b:88:
                    80:dc:d7:c3:88:95:6c:43:4d:47:fc:72:96:46:3d:
                    37:66:cc:5f:ed:40:4c:b0:21:0c:40:bc:2d:93:aa:
                    01:dc:7e:06:42:5e:ea:b8:45:6f:71:21:ee:c2:67:
                    10:8f:a4:2d:6b:0e:ea:0f:24:89:05:ff:45:6e:82:
                    13:c1:34:d5:db:4f:63:6c:b7:12:b0:2b:55:bd:4d:
                    d2:3d:d6:bc:5a:6b:8f:03:e5:83:af:af:f6:26:50:
                    24:8e:79:8a:c7:29:7d:0e:50:79:8a:4e:19:26:6d:
                    a2:66:61:3b:81:db:20:9f:10:f3:96:c3:0b:bb:8d:
                    33:93:c2:9a:1b:d3:cc:20:bc:3c:1a:5e:0d:f4:f0:
                    a4:c2:9a:2f:6e:b7:23:11:ca:ac:6c:cc:43:0d:d2:
                    20:7e:20:59:6f:e8:77:92:58:47:09:00:12:db:d6:
                    db:ea:8d:60:78:37:f2:2f:96:90:4e:5e:0e:28:c7:
                    c1:41:b7:8d:b9:28:7d:5d:a5:8e:03:90:31:12:44:
                    31:a6:47:c6:be:1f:41:8f:6c:db:80:ed:ae:6f:65:
                    d4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:20:E8:63:36:A0:6D:C6:BD:0D:91:5B:A6:E3:56:86:A5:66:6E:43
            X509v3 Authority Key Identifier:
                keyid:9E:B5:E7:17:CE:F9:F6:64:4C:D8:84:9B:8A:18:D4:1D:C7:4F:40:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrXnF8759mRM2ISbihjUHcdPQIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b8932a-0879-4751-988c-6ee3f5007eab/1/siDoYzagbca9DZFbpuNWhqVmbkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b8932a-0879-4751-988c-6ee3f5007eab/1/nrXnF8759mRM2ISbihjUHcdPQIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.160.0/21
                  46.231.216.0/21
                  82.163.36.0/22
                  82.196.24.0/21
                  88.202.236.0/22
                  88.212.144.0-88.212.155.255
                  185.4.60.0/22
                  185.91.220.0-185.91.227.255
                  185.146.220.0/22
                  212.18.240.0/21
                  212.85.229.0-212.85.231.255
                IPv6:
                  2a00:78c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:3b:89:69:5c:b4:43:eb:b0:8a:b7:6e:15:61:2d:03:af:70:
         4f:f5:15:0e:8a:18:af:ae:b6:17:c9:ea:8b:cd:05:77:07:c4:
         82:d2:24:ad:bf:c8:21:3f:ac:fb:a8:c5:e2:98:79:43:ad:14:
         7d:3d:d4:ee:09:50:85:fe:b8:85:e4:3b:ff:c5:7b:15:b8:10:
         d0:9f:6c:89:95:1f:7c:0a:61:89:6c:2e:a0:d5:b6:b6:7f:ab:
         a1:e1:90:6f:92:25:f5:12:40:8e:92:f7:64:f2:6c:cb:a6:f8:
         11:f6:b9:10:d3:f5:dc:97:10:55:3f:1a:f6:4c:af:db:cc:34:
         dd:e5:75:35:52:c7:70:38:41:fb:82:45:a2:41:6c:01:e9:74:
         ba:f2:ba:38:6c:bb:71:d8:86:67:67:57:19:de:f4:e9:c7:3d:
         40:db:5d:1b:e5:5c:34:17:0f:42:4c:c6:bd:0c:c6:4c:82:8f:
         40:bf:2c:01:0c:4d:45:53:7b:24:94:9b:12:12:35:d0:bd:27:
         40:2e:cb:d2:63:c2:d4:46:22:1d:e9:f0:3d:34:bf:cf:1e:49:
         af:3c:10:a3:1e:72:d7:83:d8:e9:15:28:08:ab:38:6a:de:c3:
         c0:8d:b7:dd:89:43:12:33:d5:12:d3:34:c7:e2:c9:53:b5:a3:
         fe:fa:da:37
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgIENR+gnDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZWI1ZTcxN2NlZjlmNjY0NGNkODg0OWI4YTE4ZDQxZGM3NGY0MDhhMB4XDTIyMDEw
MTAxNTcwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjIyMGU4NjMzNmEw
NmRjNmJkMGQ5MTViYTZlMzU2ODZhNTY2NmU0MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALNiHyhJ6Bsx+pE7RaV13n0mcGiDV6ujkdWZBLEGN351dOzE
3AAygqeRszuIgNzXw4iVbENNR/xylkY9N2bMX+1ATLAhDEC8LZOqAdx+BkJe6rhF
b3Eh7sJnEI+kLWsO6g8kiQX/RW6CE8E01dtPY2y3ErArVb1N0j3WvFprjwPlg6+v
9iZQJI55iscpfQ5QeYpOGSZtomZhO4HbIJ8Q85bDC7uNM5PCmhvTzCC8PBpeDfTw
pMKaL263IxHKrGzMQw3SIH4gWW/od5JYRwkAEtvW2+qNYHg38i+WkE5eDijHwUG3
jbkofV2ljgOQMRJEMaZHxr4fQY9s24Dtrm9l1FUCAwEAAaOCAm0wggJpMB0GA1Ud
DgQWBBSyIOhjNqBtxr0NkVum41aGpWZuQzAfBgNVHSMEGDAWgBSetecXzvn2ZEzY
hJuKGNQdx09AijAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25yWG5GODc1OW1STTJJU2JpaGpVSGNkUFFJby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjkvYjg5MzJhLTA4NzktNDc1MS05ODhjLTZlZTNmNTAwN2VhYi8x
L3NpRG9ZemFnYmNhOURaRmJwdU5XaHFWbWJrTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkv
Yjg5MzJhLTA4NzktNDc1MS05ODhjLTZlZTNmNTAwN2VhYi8xL25yWG5GODc1OW1S
TTJJU2JpaGpVSGNkUFFJby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ggYIKwYBBQUHAQcBAf8EczBxMGAEAgABMFoDBAMfrKADBAMu59gDBAJSoyQDBANS
xBgDBAJYyuwwDAMEBFjUkAMEAljUmAMEArkEPDAMAwQCuVvcAwQCuVvgAwQCuZLc
AwQD1BLwMAwDBADUVeUDBAPUVeAwDQQCAAIwBwMFAyoAeMAwDQYJKoZIhvcNAQEL
BQADggEBAIU7iWlctEPrsIq3bhVhLQOvcE/1FQ6KGK+uthfJ6ovNBXcHxILSJK2/
yCE/rPuoxeKYeUOtFH091O4JUIX+uIXkO//FexW4ENCfbImVH3wKYYlsLqDVtrZ/
q6HhkG+SJfUSQI6S92TybMum+BH2uRDT9dyXEFU/GvZMr9vMNN3ldTVSx3A4QfuC
RaJBbAHpdLryujhsu3HYhmdnVxne9OnHPUDbXRvlXDQXD0JMxr0MxkyCj0C/LAEM
TUVTeySUmxISNdC9J0Auy9JjwtRGIh3p8D00v88eSa88EKMecteD2OkVKAirOGre
w8CNt92JQxIz1RLTNMfiyVO1o/762jc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:22 2024 by rpki-client on console-fra.rpki-client.org