Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a3130303a3a2f34302d3430203d3e203336383332.roa
File:                     326130623a346530373a3130303a3a2f34302d3430203d3e203336383332.roa (raw, json)
Hash identifier:          fiQaLpzMCkl/83w4AJhIbVRwvnr26wV6DC3Nrm7QdHI=
Subject key identifier:   41:B5:12:02:96:04:85:C7:B5:77:9E:BC:76:E3:04:E5:AA:76:0D:C9
Certificate issuer:       /CN=D18207466AB0A7D7D1EF3C7CD02E80BED58340BC
Certificate serial:       0A08BEF163BE71F45D6B6AFC488AE6F2EC621554
Authority key identifier: D1:82:07:46:6A:B0:A7:D7:D1:EF:3C:7C:D0:2E:80:BE:D5:83:40:BC
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a3130303a3a2f34302d3430203d3e203336383332.roa
Signing time:             Thu 15 Aug 2024 15:38:00 +0000
ROA not before:           Thu 15 Aug 2024 15:33:00 +0000
ROA not after:            Thu 14 Aug 2025 15:38:00 +0000
asID:                     36832
IP address blocks:        2a0b:4e07:100::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:08:be:f1:63:be:71:f4:5d:6b:6a:fc:48:8a:e6:f2:ec:62:15:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D18207466AB0A7D7D1EF3C7CD02E80BED58340BC
        Validity
            Not Before: Aug 15 15:33:00 2024 GMT
            Not After : Aug 14 15:38:00 2025 GMT
        Subject: CN=41B51202960485C7B5779EBC76E304E5AA760DC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:88:f6:fa:ed:98:85:58:aa:93:95:ed:3d:8f:
                    3f:d0:24:6e:be:62:2e:9d:52:f3:55:51:75:53:c0:
                    0d:fa:dd:84:53:99:a4:74:7d:09:e2:28:76:60:3f:
                    1f:8b:99:c2:67:70:8e:0f:b4:24:b3:d8:72:62:e4:
                    3e:56:9f:0c:09:76:77:3b:c4:ac:58:87:8a:ea:4e:
                    2d:e0:cf:2f:72:03:12:58:ad:38:5b:fd:32:4d:cc:
                    8b:e6:2e:6e:67:f6:7b:d8:cd:e4:59:a1:0c:39:62:
                    c3:53:ed:75:71:c2:c5:3d:d6:4c:32:4b:c4:5a:ff:
                    99:8c:02:76:b4:0f:f9:92:c6:c0:5f:6e:7b:a3:66:
                    85:87:b9:e9:70:17:93:6d:51:e9:2a:2f:e2:2e:85:
                    f7:49:41:60:f3:c4:6d:97:17:c3:08:b2:d2:51:46:
                    e6:aa:b1:56:3b:4b:0f:26:f3:36:c5:c9:e3:fc:15:
                    7a:e9:53:ef:32:89:57:e8:31:03:c9:1b:f6:fb:3f:
                    8e:21:55:72:2b:5c:b5:2f:26:50:85:ce:f8:a7:99:
                    a5:7e:9e:fc:ff:e7:73:22:03:bf:1e:81:dd:43:5e:
                    57:21:a1:13:f9:d9:7e:08:3f:76:48:3b:cb:01:e0:
                    c7:74:17:bf:aa:d4:30:37:3d:55:b9:fb:6b:9e:3b:
                    21:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B5:12:02:96:04:85:C7:B5:77:9E:BC:76:E3:04:E5:AA:76:0D:C9
            X509v3 Authority Key Identifier:
                keyid:D1:82:07:46:6A:B0:A7:D7:D1:EF:3C:7C:D0:2E:80:BE:D5:83:40:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/0/D18207466AB0A7D7D1EF3C7CD02E80BED58340BC.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/2/326130623a346530373a3130303a3a2f34302d3430203d3e203336383332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4e07:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:30:22:21:4c:9f:f2:c8:b1:3a:1a:50:be:96:40:10:f7:3d:
         6f:23:11:69:0c:46:5e:f2:da:5c:d8:af:7f:92:9a:43:91:65:
         48:a3:c1:83:75:02:38:52:50:df:76:30:cf:15:c1:c8:ba:2a:
         e5:02:dd:d3:c4:aa:8d:46:20:2b:b2:b1:1c:a9:d2:8c:35:b3:
         69:48:b7:9b:dc:b1:b4:c7:93:a5:e8:9c:0b:8e:53:e1:76:1e:
         d1:53:10:d7:b0:74:49:f5:5b:14:98:71:4c:8d:bb:67:ed:d3:
         9d:24:7d:a3:f5:6e:5d:0d:99:62:ce:80:7d:86:b6:ff:34:0f:
         fa:7a:46:a2:63:93:50:d1:3c:53:82:33:38:7f:4a:ac:df:bb:
         18:87:46:1d:d1:cb:c8:4d:11:33:99:f5:fa:ba:68:2a:4f:94:
         d6:32:08:04:b0:79:db:61:34:96:94:8d:5c:d4:83:24:18:d4:
         f9:a2:6d:61:b9:6f:67:d6:d6:78:d3:bb:1c:3c:4d:99:c0:f6:
         cb:fc:74:bf:3a:2c:07:78:b2:62:60:08:cd:f5:f9:47:96:28:
         c3:54:3b:b4:01:cb:93:03:3b:e4:2b:1a:59:60:64:2d:a1:79:
         03:26:d2:e2:bd:46:e2:46:9b:07:36:b8:76:1b:ff:48:20:3d:
         6e:0c:71:a3
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIUCgi+8WO+cfRda2r8SIrm8uxiFVQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDE4MjA3NDY2QUIwQTdEN0QxRUYzQzdDRDAyRTgwQkVE
NTgzNDBCQzAeFw0yNDA4MTUxNTMzMDBaFw0yNTA4MTQxNTM4MDBaMDMxMTAvBgNV
BAMTKDQxQjUxMjAyOTYwNDg1QzdCNTc3OUVCQzc2RTMwNEU1QUE3NjBEQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMiPb67ZiFWKqTle09jz/QJG6+
Yi6dUvNVUXVTwA363YRTmaR0fQniKHZgPx+LmcJncI4PtCSz2HJi5D5WnwwJdnc7
xKxYh4rqTi3gzy9yAxJYrThb/TJNzIvmLm5n9nvYzeRZoQw5YsNT7XVxwsU91kwy
S8Ra/5mMAna0D/mSxsBfbnujZoWHuelwF5NtUekqL+IuhfdJQWDzxG2XF8MIstJR
RuaqsVY7Sw8m8zbFyeP8FXrpU+8yiVfoMQPJG/b7P44hVXIrXLUvJlCFzvinmaV+
nvz/53MiA78egd1DXlchoRP52X4IP3ZIO8sB4Md0F7+q1DA3PVW5+2ueOyG3AgMB
AAGjggKAMIICfDAdBgNVHQ4EFgQUQbUSApYEhce1d568duME5ap2DckwHwYDVR0j
BBgwFoAU0YIHRmqwp9fR7zx80C6AvtWDQLwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM3MDQwMWMtN2Y0MS00YTZiLTk0MzQtY2M4MGRjYTA5
M2U2LzIvRDE4MjA3NDY2QUIwQTdEN0QxRUYzQzdDRDAyRTgwQkVENTgzNDBCQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS83M2I4ZWMwMS04YmE1LTQ3
OWYtYTIyOS0wYWI3MGU0ODE1YmIvMC9EMTgyMDc0NjZBQjBBN0Q3RDFFRjNDN0NE
MDJFODBCRUQ1ODM0MEJDLmNlcjCBswYIKwYBBQUHAQsEgaYwgaMwgaAGCCsGAQUF
BzALhoGTcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8wYzcwNDAxYy03ZjQxLTRhNmItOTQzNC1jYzgwZGNhMDkzZTYvMi8zMjYxMzA2
MjNhMzQ2NTMwMzczYTMxMzAzMDNhM2EyZjM0MzAyZDM0MzAyMDNkM2UyMDMzMzYz
ODMzMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcB
Af8EEjAQMA4EAgACMAgDBgAqC04HATANBgkqhkiG9w0BAQsFAAOCAQEALjAiIUyf
8sixOhpQvpZAEPc9byMRaQxGXvLaXNivf5KaQ5FlSKPBg3UCOFJQ33YwzxXByLoq
5QLd08SqjUYgK7KxHKnSjDWzaUi3m9yxtMeTpeicC45T4XYe0VMQ17B0SfVbFJhx
TI27Z+3TnSR9o/VuXQ2ZYs6AfYa2/zQP+npGomOTUNE8U4IzOH9KrN+7GIdGHdHL
yE0RM5n1+rpoKk+U1jIIBLB522E0lpSNXNSDJBjU+aJtYblvZ9bWeNO7HDxNmcD2
y/x0vzosB3iyYmAIzfX5R5Yow1Q7tAHLkwM75CsaWWBkLaF5AybS4r1G4kabBza4
dhv/SCA9bgxxow==
-----END CERTIFICATE-----