Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216402.roa
File:                     AS216402.roa (raw, json)
Hash identifier:          oUQ3TrEGGYREd0VN156UZrm++dzocTC0gVI4jzE/keg=
Subject key identifier:   1D:33:69:DE:76:EF:D7:F8:81:EB:4F:82:AE:88:D1:73:C5:F1:B5:8E
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       35A17FDCB0D1DFB64737A052572AADFB9D4A835B
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216402.roa
Signing time:             Wed 20 Dec 2023 16:21:40 +0000
ROA not before:           Wed 20 Dec 2023 16:16:40 +0000
ROA not after:            Wed 18 Dec 2024 16:21:40 +0000
asID:                     216402
IP address blocks:        2a13:df80:1e00::/40 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:a1:7f:dc:b0:d1:df:b6:47:37:a0:52:57:2a:ad:fb:9d:4a:83:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Dec 20 16:16:40 2023 GMT
            Not After : Dec 18 16:21:40 2024 GMT
        Subject: CN=1D3369DE76EFD7F881EB4F82AE88D173C5F1B58E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7c:99:f3:f1:2f:67:1f:26:de:70:d8:d5:ef:
                    6c:d0:c7:43:75:24:32:2a:09:f2:29:3f:19:e6:08:
                    3f:50:e0:ae:ad:8e:ba:83:ba:43:d3:38:0c:53:24:
                    c4:0b:48:63:94:31:ed:fd:f7:fc:ab:41:7d:47:4e:
                    de:cb:37:27:94:8b:a5:93:79:7f:fa:87:73:b1:f3:
                    8d:a4:30:81:8d:19:c4:33:9b:82:a9:86:3d:74:1a:
                    70:9c:89:7b:ec:08:3f:de:93:b3:f6:3c:00:89:9a:
                    3d:2f:fe:b0:46:7d:8b:d5:c9:29:c3:4c:65:a7:76:
                    2e:16:39:d1:dc:54:79:85:7b:eb:bc:5a:10:6d:d5:
                    1e:50:4b:31:64:74:60:43:38:71:3f:f4:df:d3:e7:
                    6d:b4:3d:d3:6a:ec:ed:02:d1:4f:59:e3:e6:d1:6f:
                    f8:16:d6:ef:42:a6:15:6d:b5:50:ca:62:cb:ac:73:
                    db:97:30:76:b1:0e:a3:46:cf:28:45:91:c6:91:19:
                    78:dc:c6:ed:36:6b:05:c3:9a:37:56:c0:ba:1e:90:
                    c2:9c:3a:ec:b1:05:35:bd:1a:f3:59:52:a2:14:9d:
                    e2:da:99:01:d8:21:20:97:4c:23:2f:60:7c:2c:10:
                    91:d8:a2:3c:b1:52:79:d1:ac:8b:81:c5:17:f5:e8:
                    9a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:33:69:DE:76:EF:D7:F8:81:EB:4F:82:AE:88:D1:73:C5:F1:B5:8E
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df80:1e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         67:77:b3:ae:d3:a1:a3:3e:07:3c:04:dd:9a:92:5e:1c:25:67:
         0f:4c:5c:cf:cf:39:a1:dd:a9:fd:6e:80:1c:6f:ac:97:20:cd:
         e2:66:8d:4c:47:81:3b:a8:98:12:7e:47:88:96:b5:99:d1:54:
         06:f9:7a:4c:ea:e9:d2:ec:1b:f2:c8:a5:8a:44:ce:46:ee:0b:
         34:4f:24:20:34:93:00:b9:3f:36:38:fe:05:d0:f3:01:53:d6:
         fb:de:ed:05:f8:3b:94:6a:9e:86:32:bb:1a:2e:2c:fc:cb:a6:
         a2:2b:a0:4d:f8:95:9d:4b:61:c4:9e:a9:2c:51:a5:23:9c:58:
         9e:0b:f2:2e:e6:1a:44:17:76:90:c3:d3:3c:01:58:9b:9d:c1:
         42:6f:9f:36:c3:91:ba:ee:c8:a9:d8:c2:ba:e7:62:e2:06:e3:
         8d:f3:8b:8f:04:1a:2e:e0:24:94:7a:d4:e1:8a:6c:52:b8:38:
         cc:4d:10:76:c9:fb:67:39:ef:85:51:e9:bf:0e:62:ed:1f:a1:
         0a:a9:31:3e:73:36:ae:b2:65:73:a8:7e:8b:e5:f9:fa:ee:5d:
         be:d5:88:bd:c3:37:51:85:bc:a3:c5:99:4f:0f:8c:86:7e:7e:
         ed:a9:e8:e2:71:0c:e9:a0:de:e9:e9:0b:bb:7e:28:40:db:85:
         64:14:13:99
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUNaF/3LDR37ZHN6BSVyqt+51Kg1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE2NDBaFw0yNDEyMTgxNjIxNDBaMDMxMTAvBgNV
BAMTKDFEMzM2OURFNzZFRkQ3Rjg4MUVCNEY4MkFFODhEMTczQzVGMUI1OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7fJnz8S9nHybecNjV72zQx0N1
JDIqCfIpPxnmCD9Q4K6tjrqDukPTOAxTJMQLSGOUMe399/yrQX1HTt7LNyeUi6WT
eX/6h3Ox842kMIGNGcQzm4Kphj10GnCciXvsCD/ek7P2PACJmj0v/rBGfYvVySnD
TGWndi4WOdHcVHmFe+u8WhBt1R5QSzFkdGBDOHE/9N/T5220PdNq7O0C0U9Z4+bR
b/gW1u9CphVttVDKYsusc9uXMHaxDqNGzyhFkcaRGXjcxu02awXDmjdWwLoekMKc
OuyxBTW9GvNZUqIUneLamQHYISCXTCMvYHwsEJHYojyxUnnRrIuBxRf16JovAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUHTNp3nbv1/iB60+CrojRc8XxtY4wHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjE2NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPf
gB4wDQYJKoZIhvcNAQELBQADggEBAGd3s67ToaM+BzwE3ZqSXhwlZw9MXM/POaHd
qf1ugBxvrJcgzeJmjUxHgTuomBJ+R4iWtZnRVAb5ekzq6dLsG/LIpYpEzkbuCzRP
JCA0kwC5PzY4/gXQ8wFT1vve7QX4O5RqnoYyuxouLPzLpqIroE34lZ1LYcSeqSxR
pSOcWJ4L8i7mGkQXdpDD0zwBWJudwUJvnzbDkbruyKnYwrrnYuIG443zi48EGi7g
JJR61OGKbFK4OMxNEHbJ+2c574VR6b8OYu0foQqpMT5zNq6yZXOofovl+fruXb7V
iL3DN1GFvKPFmU8PjIZ+fu2p6OJxDOmg3unpC7t+KEDbhWQUE5k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org