Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/326130613a363034343a623430303a3a2f34302d3430203d3e2030.roa
File:                     326130613a363034343a623430303a3a2f34302d3430203d3e2030.roa (raw, json)
Hash identifier:          M7bO9cg+1yJEg7gD1NfsOkhKUqFGC1eQ7qqB8ckV3+k=
Subject key identifier:   13:3D:23:4D:DB:84:FC:21:A4:89:BC:84:D0:BE:66:31:EE:C3:42:95
Certificate issuer:       /CN=CCD5D3BE49456F7D48B7321029C886F318C23B36
Certificate serial:       09DD78CC0AA54A5BB512FC52EDAEF80C40E02D8C
Authority key identifier: CC:D5:D3:BE:49:45:6F:7D:48:B7:32:10:29:C8:86:F3:18:C2:3B:36
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/CCD5D3BE49456F7D48B7321029C886F318C23B36.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/326130613a363034343a623430303a3a2f34302d3430203d3e2030.roa
Signing time:             Sun 15 Jun 2025 22:30:03 +0000
ROA not before:           Sun 15 Jun 2025 22:25:03 +0000
ROA not after:            Sun 14 Jun 2026 22:30:03 +0000
asID:                     0
IP address blocks:        2a0a:6044:b400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:dd:78:cc:0a:a5:4a:5b:b5:12:fc:52:ed:ae:f8:0c:40:e0:2d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CCD5D3BE49456F7D48B7321029C886F318C23B36
        Validity
            Not Before: Jun 15 22:25:03 2025 GMT
            Not After : Jun 14 22:30:03 2026 GMT
        Subject: CN=133D234DDB84FC21A489BC84D0BE6631EEC34295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:18:a5:57:a9:c0:29:1d:1d:9d:9a:67:ba:4d:
                    88:8d:67:27:75:ee:a8:9d:b3:9d:36:8e:cc:ea:16:
                    6c:8a:a3:6f:ad:d6:da:07:67:e1:c9:9b:ef:e1:da:
                    60:56:bb:18:c7:c0:1f:69:35:04:98:74:a9:43:a1:
                    8d:7c:3b:2b:b8:17:ec:d4:60:91:ca:1f:36:0c:92:
                    b1:e2:4c:c1:81:78:fd:2a:cd:49:34:45:10:64:f2:
                    9b:06:b9:5f:c1:35:cc:51:9c:04:69:ea:1f:09:b4:
                    3f:dd:67:28:ae:dc:0b:e1:82:a0:5e:12:e0:c7:ec:
                    ac:66:62:77:e0:60:60:ab:e2:99:58:bb:33:47:4d:
                    3d:0f:42:81:da:d6:a0:da:74:58:2a:40:7a:79:0b:
                    dc:5c:2e:f8:f6:d9:26:b7:96:bd:9f:d0:15:96:ed:
                    1a:67:8c:a9:5e:f3:6b:0f:d4:30:96:38:76:9f:93:
                    d2:ff:2f:27:3e:fc:bb:c4:4a:03:2e:cf:80:8a:85:
                    1e:df:72:cb:a0:1d:4a:c0:ed:9a:e1:9d:22:cd:be:
                    2f:b7:49:96:c1:64:98:b3:a9:84:46:0e:ee:49:13:
                    b2:1a:fe:e1:0f:36:74:11:61:bb:06:2c:e6:f5:5e:
                    96:28:1f:c0:2d:41:ad:48:e8:ea:76:78:de:70:ad:
                    b0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:3D:23:4D:DB:84:FC:21:A4:89:BC:84:D0:BE:66:31:EE:C3:42:95
            X509v3 Authority Key Identifier:
                keyid:CC:D5:D3:BE:49:45:6F:7D:48:B7:32:10:29:C8:86:F3:18:C2:3B:36

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/CCD5D3BE49456F7D48B7321029C886F318C23B36.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/CCD5D3BE49456F7D48B7321029C886F318C23B36.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/326130613a363034343a623430303a3a2f34302d3430203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:b400::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:66:e7:c3:c9:9f:e8:3c:16:46:df:6b:02:3a:8a:00:ea:e0:
         64:17:70:12:d3:41:4a:15:f6:f3:6a:f5:f7:73:c2:8d:d8:05:
         60:c2:87:b2:0c:e5:16:49:35:64:fa:00:c8:af:b6:06:37:22:
         80:5e:83:f5:6f:b5:4a:e7:4e:ba:01:82:5e:6e:3c:d7:4a:f6:
         3f:37:61:e5:21:7d:d5:43:eb:17:fc:8e:ce:f6:7f:52:98:81:
         8b:b2:7f:e6:74:b0:67:3e:8e:7c:89:d7:36:a1:63:37:46:3a:
         64:ae:f3:5c:52:39:76:ad:7e:72:39:a6:fa:2b:41:0d:08:28:
         bf:40:1c:93:80:ad:c7:87:7c:32:87:40:f0:6b:23:9f:fc:88:
         31:cd:9b:fb:5b:65:c6:bf:ce:7b:d8:0a:9d:6a:b6:c9:2e:3c:
         b0:b5:78:32:9b:1b:bf:db:85:73:3b:d9:5d:0f:b8:e7:2f:45:
         1f:b1:94:2f:d4:f7:63:9c:9b:e0:79:77:e0:ef:13:5f:43:59:
         2d:3a:ec:40:24:74:ec:a8:87:98:aa:eb:24:ac:17:b0:30:59:
         25:a2:fb:66:90:41:56:bc:6d:3b:1a:0c:a1:dd:7b:24:cc:fe:
         7a:9f:cd:6a:70:8b:ca:85:67:1d:e4:34:2f:98:04:30:79:10:
         42:3d:c3:ac
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIUCd14zAqlSlu1EvxS7a74DEDgLYwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0NENUQzQkU0OTQ1NkY3RDQ4QjczMjEwMjlDODg2RjMx
OEMyM0IzNjAeFw0yNTA2MTUyMjI1MDNaFw0yNjA2MTQyMjMwMDNaMDMxMTAvBgNV
BAMTKDEzM0QyMzREREI4NEZDMjFBNDg5QkM4NEQwQkU2NjMxRUVDMzQyOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaGKVXqcApHR2dmme6TYiNZyd1
7qids502jszqFmyKo2+t1toHZ+HJm+/h2mBWuxjHwB9pNQSYdKlDoY18Oyu4F+zU
YJHKHzYMkrHiTMGBeP0qzUk0RRBk8psGuV/BNcxRnARp6h8JtD/dZyiu3AvhgqBe
EuDH7KxmYnfgYGCr4plYuzNHTT0PQoHa1qDadFgqQHp5C9xcLvj22Sa3lr2f0BWW
7RpnjKle82sP1DCWOHafk9L/Lyc+/LvESgMuz4CKhR7fcsugHUrA7ZrhnSLNvi+3
SZbBZJizqYRGDu5JE7Ia/uEPNnQRYbsGLOb1XpYoH8AtQa1I6Op2eN5wrbDvAgMB
AAGjggJvMIICazAdBgNVHQ4EFgQUEz0jTduE/CGkibyE0L5mMe7DQpUwHwYDVR0j
BBgwFoAUzNXTvklFb31ItzIQKciG8xjCOzYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjc5NDg3MzgtMzI1NS00OWY5LTliNmMtOWM5ZjM4OTg5
OTVkLzMvQ0NENUQzQkU0OTQ1NkY3RDQ4QjczMjEwMjlDODg2RjMxOEMyM0IzNi5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvQ0NENUQzQkU0OTQ1NkY3RDQ4QjczMjEwMjlDODg2RjMxOEMy
M0IzNi5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjc5NDg3Mzgt
MzI1NS00OWY5LTliNmMtOWM5ZjM4OTg5OTVkLzMvMzI2MTMwNjEzYTM2MzAzNDM0
M2E2MjM0MzAzMDNhM2EyZjM0MzAyZDM0MzAyMDNkM2UyMDMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYA
KgpgRLQwDQYJKoZIhvcNAQELBQADggEBADJm58PJn+g8FkbfawI6igDq4GQXcBLT
QUoV9vNq9fdzwo3YBWDCh7IM5RZJNWT6AMivtgY3IoBeg/VvtUrnTroBgl5uPNdK
9j83YeUhfdVD6xf8js72f1KYgYuyf+Z0sGc+jnyJ1zahYzdGOmSu81xSOXatfnI5
pvorQQ0IKL9AHJOArceHfDKHQPBrI5/8iDHNm/tbZca/znvYCp1qtskuPLC1eDKb
G7/bhXM72V0PuOcvRR+xlC/U92Ocm+B5d+DvE19DWS067EAkdOyoh5iq6ySsF7Aw
WSWi+2aQQVa8bTsaDKHdeyTM/nqfzWpwi8qFZx3kNC+YBDB5EEI9w6w=
-----END CERTIFICATE-----
Generated at Thu Jul 24 03:50:12 2025 by rpki-client