Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0229bc11-dc0c-4ee5-838d-077696223e74/1/3230382e38352e382e302f32322d3232203d3e20323030343534.roa
File:                     3230382e38352e382e302f32322d3232203d3e20323030343534.roa (raw, json)
Hash identifier:          SD4J1wO9P+c3hSDh+j69SfrxNU1xXAc8cWvCxMtne+o=
Subject key identifier:   BC:9F:B6:13:96:C2:20:2E:83:11:25:4B:05:88:9B:58:1C:7C:D2:9F
Certificate issuer:       /CN=01286d5411268f5f57e93c54df7894cce768bbb76730a62111
Certificate serial:       23D21C5AC90A5B183525C2307610C2C7A8EC8E81
Authority key identifier: 74:8F:02:5C:6A:24:87:27:80:55:99:1C:C1:69:5E:2C:FE:46:AE:59
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/26ce408d-5581-483d-90b3-5119fc830064/01286d5411268f5f57e93c54df7894cce768bbb76730a62111.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0229bc11-dc0c-4ee5-838d-077696223e74/1/3230382e38352e382e302f32322d3232203d3e20323030343534.roa
Signing time:             Thu 26 Dec 2024 02:35:06 +0000
ROA not before:           Thu 26 Dec 2024 02:30:06 +0000
ROA not after:            Thu 25 Dec 2025 02:35:06 +0000
asID:                     200454
IP address blocks:        208.85.8.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:d2:1c:5a:c9:0a:5b:18:35:25:c2:30:76:10:c2:c7:a8:ec:8e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01286d5411268f5f57e93c54df7894cce768bbb76730a62111
        Validity
            Not Before: Dec 26 02:30:06 2024 GMT
            Not After : Dec 25 02:35:06 2025 GMT
        Subject: CN=BC9FB61396C2202E8311254B05889B581C7CD29F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:54:89:4c:16:33:32:ba:a4:b6:16:d9:85:1c:
                    b9:20:a2:b2:0e:ff:ab:b2:48:15:32:8a:27:7b:5d:
                    c5:a8:df:60:64:23:d8:22:e5:48:30:75:0c:a0:c6:
                    b4:26:c2:35:1e:40:54:77:e5:35:2f:ce:99:57:e5:
                    ce:b3:14:f1:8d:94:64:00:07:27:ef:2b:46:4b:84:
                    86:35:da:12:9f:11:9a:98:f0:e2:6e:d2:77:36:97:
                    c3:45:3a:2c:f3:3f:db:7e:b5:2a:fd:3f:0c:de:09:
                    55:5f:1d:fa:4a:fc:2a:d1:ee:94:88:58:9e:4b:96:
                    45:6a:3e:54:37:b7:dc:e7:79:e4:38:0a:cc:82:7b:
                    6c:29:e7:7e:66:ea:13:63:c5:c4:41:36:d2:40:88:
                    17:87:f6:9c:f2:87:c7:98:4c:ac:a6:8d:57:bd:59:
                    d0:7c:dd:73:47:a2:53:56:ca:0f:ae:b6:72:91:ee:
                    41:e0:b0:b7:fa:c1:8d:85:d1:e8:ac:64:18:28:61:
                    06:59:7c:fc:e5:cf:66:81:76:1d:ec:53:84:04:94:
                    e0:7c:31:4a:5b:92:a5:a6:c7:bc:91:65:09:5c:27:
                    70:54:80:de:25:b8:7e:43:ef:7a:00:70:dd:85:bd:
                    d5:8b:10:8a:82:5a:d3:26:9a:8f:61:21:e6:7d:bf:
                    15:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9F:B6:13:96:C2:20:2E:83:11:25:4B:05:88:9B:58:1C:7C:D2:9F
            X509v3 Authority Key Identifier:
                keyid:74:8F:02:5C:6A:24:87:27:80:55:99:1C:C1:69:5E:2C:FE:46:AE:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0229bc11-dc0c-4ee5-838d-077696223e74/1/748F025C6A2487278055991CC1695E2CFE46AE59.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/26ce408d-5581-483d-90b3-5119fc830064/01286d5411268f5f57e93c54df7894cce768bbb76730a62111.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0229bc11-dc0c-4ee5-838d-077696223e74/1/3230382e38352e382e302f32322d3232203d3e20323030343534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.85.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:1f:57:55:89:2e:ce:b8:f8:ab:22:42:1e:b1:48:e2:71:2d:
         cc:bb:22:c9:85:1e:4f:76:10:69:95:93:8d:41:7b:4e:8f:6c:
         37:46:b3:72:d4:27:73:dc:c6:91:0f:7a:57:95:af:8d:02:b8:
         65:bb:17:dd:5d:e1:74:ab:bb:c7:47:ef:9f:01:a0:8f:ba:f8:
         57:48:c5:12:7e:68:23:af:be:fa:5a:0f:98:08:bc:9f:54:cf:
         46:64:74:fa:03:12:1d:c8:70:61:cc:8c:53:cf:9f:90:b1:89:
         22:e1:0c:15:b6:f7:aa:62:89:00:fc:ee:8b:eb:aa:83:bd:15:
         f6:86:50:05:e3:39:d6:87:0f:a6:d0:b4:78:cf:0d:28:56:35:
         7b:6b:b3:8d:ab:3e:58:26:ae:fd:9d:99:fc:7e:d9:12:49:77:
         db:f6:22:a1:95:f3:74:2e:aa:11:fa:ab:ce:3f:60:05:d9:08:
         6b:7f:bc:50:4d:d5:04:d4:72:fb:b6:82:75:45:77:d1:f4:a6:
         48:ca:d0:c2:b3:83:c5:1b:21:74:1b:7d:24:69:bc:5f:51:f6:
         f3:2e:b9:b4:ae:6c:11:76:44:fc:3f:6c:18:71:68:28:bb:00:
         6f:1e:93:ce:df:09:e6:39:28:b7:84:dd:c9:54:51:96:5c:40:
         28:bf:41:44
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUI9IcWskKWxg1JcIwdhDCx6jsjoEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMDEyODZkNTQxMTI2OGY1ZjU3ZTkzYzU0ZGY3ODk0Y2Nl
NzY4YmJiNzY3MzBhNjIxMTEwHhcNMjQxMjI2MDIzMDA2WhcNMjUxMjI1MDIzNTA2
WjAzMTEwLwYDVQQDEyhCQzlGQjYxMzk2QzIyMDJFODMxMTI1NEIwNTg4OUI1ODFD
N0NEMjlGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VSJTBYzMrqk
thbZhRy5IKKyDv+rskgVMoone13FqN9gZCPYIuVIMHUMoMa0JsI1HkBUd+U1L86Z
V+XOsxTxjZRkAAcn7ytGS4SGNdoSnxGamPDibtJ3NpfDRTos8z/bfrUq/T8M3glV
Xx36Svwq0e6UiFieS5ZFaj5UN7fc53nkOArMgntsKed+ZuoTY8XEQTbSQIgXh/ac
8ofHmEyspo1XvVnQfN1zR6JTVsoPrrZyke5B4LC3+sGNhdHorGQYKGEGWXz85c9m
gXYd7FOEBJTgfDFKW5Klpse8kWUJXCdwVIDeJbh+Q+96AHDdhb3VixCKglrTJpqP
YSHmfb8VEwIDAQABo4ICyzCCAscwHQYDVR0OBBYEFLyfthOWwiAugxElSwWIm1gc
fNKfMB8GA1UdIwQYMBaAFHSPAlxqJIcngFWZHMFpXiz+Rq5ZMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzAyMjliYzExLWRjMGMtNGVlNS04Mzhk
LTA3NzY5NjIyM2U3NC8xLzc0OEYwMjVDNkEyNDg3Mjc4MDU1OTkxQ0MxNjk1RTJD
RkU0NkFFNTkuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8yNmNlNDA4ZC01NTgxLTQ4M2QtOTBiMy01
MTE5ZmM4MzAwNjQvMDEyODZkNTQxMTI2OGY1ZjU3ZTkzYzU0ZGY3ODk0Y2NlNzY4
YmJiNzY3MzBhNjIxMTEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzAyMjliYzExLWRjMGMtNGVlNS04MzhkLTA3NzY5NjIyM2U3NC8xLzMyMzAzODJl
MzgzNTJlMzgyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMjMwMzAzNDM1MzQucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBALQVQgwDQYJKoZIhvcNAQELBQADggEBAH8fV1WJLs64+KsiQh6xSOJx
Lcy7IsmFHk92EGmVk41Be06PbDdGs3LUJ3PcxpEPeleVr40CuGW7F91d4XSru8dH
758BoI+6+FdIxRJ+aCOvvvpaD5gIvJ9Uz0ZkdPoDEh3IcGHMjFPPn5CxiSLhDBW2
96piiQD87ovrqoO9FfaGUAXjOdaHD6bQtHjPDShWNXtrs42rPlgmrv2dmfx+2RJJ
d9v2IqGV83QuqhH6q84/YAXZCGt/vFBN1QTUcvu2gnVFd9H0pkjK0MKzg8UbIXQb
fSRpvF9R9vMuubSubBF2RPw/bBhxaCi7AG8ek87fCeY5KLeE3clUUZZcQCi/QUQ=
-----END CERTIFICATE-----