Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/326131333a646638373a623430323a3a2f34382d3438203d3e203630383538.roa
File:                     326131333a646638373a623430323a3a2f34382d3438203d3e203630383538.roa (raw, json)
Hash identifier:          T08SLNtMtiZCPh8QPMm164qgq5BXSxaVP+ejmU3ovA8=
Subject key identifier:   A0:19:4F:3B:20:DC:F8:62:95:58:17:44:E1:1F:0C:52:66:FA:48:AA
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       2D39D99470D7EB17AAB23387D7ABB2E2B995B2EF
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/326131333a646638373a623430323a3a2f34382d3438203d3e203630383538.roa
Signing time:             Mon 11 Dec 2023 22:19:50 +0000
ROA not before:           Mon 11 Dec 2023 22:14:50 +0000
ROA not after:            Mon 09 Dec 2024 22:19:50 +0000
asID:                     60858
IP address blocks:        2a13:df87:b402::/48 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:39:d9:94:70:d7:eb:17:aa:b2:33:87:d7:ab:b2:e2:b9:95:b2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Dec 11 22:14:50 2023 GMT
            Not After : Dec  9 22:19:50 2024 GMT
        Subject: CN=A0194F3B20DCF86295581744E11F0C5266FA48AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e0:4a:bf:7f:bc:1d:43:a7:e6:85:84:f4:ee:
                    10:d7:85:7e:02:f4:86:ae:aa:4f:ac:e1:87:c3:7b:
                    0b:21:6a:fd:48:ef:8d:fd:fe:98:b1:0f:7c:95:48:
                    34:1f:0f:d1:1a:41:cb:c9:0a:08:49:d6:ee:cd:d5:
                    76:2f:ab:8f:b0:77:1f:51:1c:35:fc:43:22:b4:5f:
                    70:12:1c:4a:17:df:b4:e9:e4:5b:29:9a:80:38:13:
                    64:e6:e7:9a:c3:88:8b:f4:a3:4d:2f:7e:57:59:27:
                    60:3d:59:ce:f0:41:be:c7:7d:fb:ab:7a:aa:c1:81:
                    df:8b:08:a4:df:a3:ce:ba:70:58:25:0f:04:f2:79:
                    89:06:b5:c8:bf:5a:94:4d:8c:13:56:41:c0:d3:d2:
                    ef:0e:53:f2:ca:a0:bf:c3:64:ad:4f:e6:23:6c:d7:
                    fb:31:b1:81:47:89:80:e4:cc:08:91:11:db:ca:a5:
                    8e:1c:92:38:59:cc:8b:a4:03:de:2f:fa:cb:e1:df:
                    3a:38:1f:04:5b:69:31:a0:79:b7:49:d7:5f:5e:55:
                    1c:9f:fb:28:1a:53:90:eb:40:30:a4:a5:9a:04:1c:
                    1d:53:0d:1e:32:64:d8:c2:30:c8:47:8a:83:a0:bf:
                    1d:1e:13:dd:7c:5f:b2:c2:51:e7:87:bd:39:a7:62:
                    db:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:19:4F:3B:20:DC:F8:62:95:58:17:44:E1:1F:0C:52:66:FA:48:AA
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/326131333a646638373a623430323a3a2f34382d3438203d3e203630383538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df87:b402::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:67:a8:c8:c5:7d:f6:67:30:6a:83:80:65:09:0e:ae:54:ff:
         4d:0b:23:c1:a9:96:55:7b:8f:91:73:46:24:08:b3:5d:be:12:
         21:5b:a2:64:6c:a9:dc:9f:04:7f:2f:ba:98:b7:21:a4:40:c1:
         fd:af:02:31:85:0c:10:50:6e:2f:1d:f6:45:c1:da:00:c8:14:
         67:0e:23:cc:21:58:10:c4:16:b4:cc:63:e3:6e:12:19:56:8f:
         6a:4f:2d:14:41:cb:c2:09:12:7a:79:2d:6c:f9:f7:35:c6:20:
         2b:5f:96:db:25:67:63:88:0d:fd:12:9b:f6:80:3b:1c:b8:d9:
         17:85:a6:ca:5a:8c:29:6e:28:0d:74:d2:dd:74:4f:76:cd:e9:
         01:16:ee:a2:15:3e:05:da:4b:c8:39:a1:d0:cd:32:81:9b:83:
         c6:c4:8b:a8:d0:17:72:08:54:80:20:ea:2f:37:5c:f3:1e:e9:
         d0:bc:e3:c1:8f:da:08:1b:92:74:8a:1b:89:f6:13:70:76:78:
         0c:a1:e2:95:6b:31:a7:cb:ca:d8:ed:b0:57:7d:20:c9:7f:72:
         30:b7:80:41:89:9a:70:22:81:b7:24:79:03:eb:aa:60:27:c6:
         a2:52:cf:a2:b9:74:80:e4:0a:6e:bc:84:cf:b3:da:22:1d:36:
         60:8c:bd:33
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIULTnZlHDX6xeqsjOH16uy4rmVsu8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMTEyMjE0NTBaFw0yNDEyMDkyMjE5NTBaMDMxMTAvBgNV
BAMTKEEwMTk0RjNCMjBEQ0Y4NjI5NTU4MTc0NEUxMUYwQzUyNjZGQTQ4QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj4Eq/f7wdQ6fmhYT07hDXhX4C
9Iauqk+s4YfDewshav1I7439/pixD3yVSDQfD9EaQcvJCghJ1u7N1XYvq4+wdx9R
HDX8QyK0X3ASHEoX37Tp5FspmoA4E2Tm55rDiIv0o00vfldZJ2A9Wc7wQb7Hffur
eqrBgd+LCKTfo866cFglDwTyeYkGtci/WpRNjBNWQcDT0u8OU/LKoL/DZK1P5iNs
1/sxsYFHiYDkzAiREdvKpY4ckjhZzIukA94v+svh3zo4HwRbaTGgebdJ119eVRyf
+ygaU5DrQDCkpZoEHB1TDR4yZNjCMMhHioOgvx0eE918X7LCUeeHvTmnYtt5AgMB
AAGjggJIMIICRDAdBgNVHQ4EFgQUoBlPOyDc+GKVWBdE4R8MUmb6SKowHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYt
MWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYxNjdkLzAvMzI2MTMxMzMzYTY0NjYzODM3
M2E2MjM0MzAzMjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM2MzAzODM1Mzgucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwAqE9+HtAIwDQYJKoZIhvcNAQELBQADggEBAKZnqMjFffZnMGqDgGUJ
Dq5U/00LI8GpllV7j5FzRiQIs12+EiFbomRsqdyfBH8vupi3IaRAwf2vAjGFDBBQ
bi8d9kXB2gDIFGcOI8whWBDEFrTMY+NuEhlWj2pPLRRBy8IJEnp5LWz59zXGICtf
ltslZ2OIDf0Sm/aAOxy42ReFpspajCluKA100t10T3bN6QEW7qIVPgXaS8g5odDN
MoGbg8bEi6jQF3IIVIAg6i83XPMe6dC848GP2ggbknSKG4n2E3B2eAyh4pVrMafL
ytjtsFd9IMl/cjC3gEGJmnAigbckeQPrqmAnxqJSz6K5dIDkCm68hM+z2iIdNmCM
vTM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org