Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/7/326131313a323963303a396562653a3a2f34372d3438203d3e203136353039.roa
File:                     326131313a323963303a396562653a3a2f34372d3438203d3e203136353039.roa (raw, json)
Hash identifier:          LtDvF6lcPeJLttOBWT/Zzw0wthPxFB7Ws7QQZAQdc/4=
Subject key identifier:   14:85:2A:61:34:C0:9D:24:CE:46:A4:0B:45:72:DB:A5:79:23:6D:BB
Certificate issuer:       /CN=2C68D9AD77CBE389FA0C83BF07FB699791262CCA
Certificate serial:       0E8ABC8D3EC10340A9BD8CFE7AAAF059B21C76CE
Authority key identifier: 2C:68:D9:AD:77:CB:E3:89:FA:0C:83:BF:07:FB:69:97:91:26:2C:CA
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/bc90f4f6-f2c4-4882-91cf-9b8f0b38d7da/2/2C68D9AD77CBE389FA0C83BF07FB699791262CCA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/7/326131313a323963303a396562653a3a2f34372d3438203d3e203136353039.roa
Signing time:             Thu 23 Nov 2023 05:56:17 +0000
ROA not before:           Thu 23 Nov 2023 05:51:17 +0000
ROA not after:            Thu 21 Nov 2024 05:56:17 +0000
asID:                     16509
IP address blocks:        2a11:29c0:9ebe::/47 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:8a:bc:8d:3e:c1:03:40:a9:bd:8c:fe:7a:aa:f0:59:b2:1c:76:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2C68D9AD77CBE389FA0C83BF07FB699791262CCA
        Validity
            Not Before: Nov 23 05:51:17 2023 GMT
            Not After : Nov 21 05:56:17 2024 GMT
        Subject: CN=14852A6134C09D24CE46A40B4572DBA579236DBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:eb:a0:45:a5:dc:11:09:fd:39:e8:27:b7:b1:
                    ee:96:2e:f6:19:f3:1c:bf:11:17:8c:d7:26:38:51:
                    a6:a7:1f:37:f9:da:9e:22:b6:57:61:f1:d6:99:bd:
                    da:00:2c:66:87:55:36:fe:e0:fa:be:c0:e8:9c:bc:
                    77:43:9f:5c:8c:72:6c:b7:72:7d:9b:2f:38:39:39:
                    d4:45:6f:1a:fd:e1:af:94:8c:e9:be:7a:13:57:f1:
                    48:79:8e:3a:a4:43:3f:16:39:d1:23:21:41:a4:02:
                    b4:5b:d7:5c:36:a6:3a:96:2d:ce:f3:78:45:16:1e:
                    56:df:c7:36:9f:71:0b:12:a9:c7:94:fc:94:7b:75:
                    49:17:bb:d0:ba:78:1e:aa:00:22:f5:3c:08:2e:05:
                    96:08:04:c4:b3:1a:d6:b6:fc:27:b9:8b:fa:32:d1:
                    a5:3e:c0:bc:a2:71:5d:69:8c:eb:0b:b5:08:28:e8:
                    f2:9a:8b:f5:d3:29:36:a4:f9:8b:4b:ec:2b:b3:d0:
                    7e:17:12:3f:26:09:38:70:53:08:47:d8:b0:22:c4:
                    4b:b3:c1:f5:b9:3c:e9:44:ca:12:f0:3b:f1:ec:d0:
                    e6:f0:51:87:f6:c3:0f:6f:da:0f:bf:a4:eb:92:e9:
                    07:cd:1c:5c:b0:f1:e7:ed:79:59:f6:26:ed:f7:65:
                    5b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:85:2A:61:34:C0:9D:24:CE:46:A4:0B:45:72:DB:A5:79:23:6D:BB
            X509v3 Authority Key Identifier:
                keyid:2C:68:D9:AD:77:CB:E3:89:FA:0C:83:BF:07:FB:69:97:91:26:2C:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/7/2C68D9AD77CBE389FA0C83BF07FB699791262CCA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/bc90f4f6-f2c4-4882-91cf-9b8f0b38d7da/2/2C68D9AD77CBE389FA0C83BF07FB699791262CCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/7/326131313a323963303a396562653a3a2f34372d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:9ebe::/47

    Signature Algorithm: sha256WithRSAEncryption
         5c:1a:e8:ca:ec:99:89:d1:42:4a:1d:9d:fa:4a:6b:9d:0d:00:
         d9:f4:ed:ba:62:af:4c:3d:d1:fc:9b:1c:04:80:9d:e1:3a:02:
         0a:8e:d1:ba:c8:61:9e:4c:ff:31:88:90:cd:a1:fd:8b:30:7e:
         a8:16:6d:96:26:4d:27:90:fd:1b:c0:4e:6b:8b:ff:58:d7:3e:
         f8:8d:0e:58:19:6e:69:6f:16:d9:1d:d7:27:0d:71:b5:a5:4b:
         02:cb:c9:b4:6d:4d:50:85:18:8c:b0:c4:f4:20:e9:48:77:5e:
         1a:ef:52:87:09:57:66:76:c2:8b:f7:b4:f7:ab:8e:ff:36:4c:
         0f:67:ad:cd:46:26:e9:2b:7d:23:75:c3:9d:2a:74:99:09:e2:
         b5:b7:da:3c:95:27:eb:53:a3:66:e0:4f:1e:01:67:22:f7:ad:
         99:9d:fe:ac:54:f8:1d:c2:f9:f7:a2:99:d3:21:13:f7:e1:36:
         9f:da:39:3c:e8:a0:2a:36:53:16:95:38:86:45:71:b3:95:a8:
         dd:0e:50:f7:bf:09:b7:24:4b:93:cb:95:d7:c1:79:14:07:f6:
         68:5d:84:8b:91:a9:41:86:37:89:65:fb:b4:2e:13:13:94:f4:
         4a:6c:e6:47:3c:55:a0:f1:9e:8c:60:26:9a:3a:d8:84:eb:a3:
         bd:88:e6:a5
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUDoq8jT7BA0CpvYz+eqrwWbIcds4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkM2OEQ5QUQ3N0NCRTM4OUZBMEM4M0JGMDdGQjY5OTc5
MTI2MkNDQTAeFw0yMzExMjMwNTUxMTdaFw0yNDExMjEwNTU2MTdaMDMxMTAvBgNV
BAMTKDE0ODUyQTYxMzRDMDlEMjRDRTQ2QTQwQjQ1NzJEQkE1NzkyMzZEQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC266BFpdwRCf056Ce3se6WLvYZ
8xy/EReM1yY4UaanHzf52p4itldh8daZvdoALGaHVTb+4Pq+wOicvHdDn1yMcmy3
cn2bLzg5OdRFbxr94a+UjOm+ehNX8Uh5jjqkQz8WOdEjIUGkArRb11w2pjqWLc7z
eEUWHlbfxzafcQsSqceU/JR7dUkXu9C6eB6qACL1PAguBZYIBMSzGta2/Ce5i/oy
0aU+wLyicV1pjOsLtQgo6PKai/XTKTak+YtL7Cuz0H4XEj8mCThwUwhH2LAixEuz
wfW5POlEyhLwO/Hs0ObwUYf2ww9v2g+/pOuS6QfNHFyw8efteVn2Ju33ZVu7AgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUFIUqYTTAnSTORqQLRXLbpXkjbbswHwYDVR0j
BBgwFoAULGjZrXfL44n6DIO/B/tpl5EmLMowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWJmOGU5NzctNzI3OC00NmNmLWFiZDEtOTljZDFmZDJi
ZTRlLzcvMkM2OEQ5QUQ3N0NCRTM4OUZBMEM4M0JGMDdGQjY5OTc5MTI2MkNDQS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9iYzkwZjRmNi1mMmM0LTQ4
ODItOTFjZi05YjhmMGIzOGQ3ZGEvMi8yQzY4RDlBRDc3Q0JFMzg5RkEwQzgzQkYw
N0ZCNjk5NzkxMjYyQ0NBLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8xYmY4ZTk3Ny03Mjc4LTQ2Y2YtYWJkMS05OWNkMWZkMmJlNGUvNy8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5NjU2MjY1M2EzYTJmMzQzNzJkMzQzODIwM2QzZTIwMzEz
NjM1MzAzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHASoRKcCevjANBgkqhkiG9w0BAQsFAAOCAQEAXBro
yuyZidFCSh2d+kprnQ0A2fTtumKvTD3R/JscBICd4ToCCo7Rushhnkz/MYiQzaH9
izB+qBZtliZNJ5D9G8BOa4v/WNc++I0OWBluaW8W2R3XJw1xtaVLAsvJtG1NUIUY
jLDE9CDpSHdeGu9ShwlXZnbCi/e096uO/zZMD2etzUYm6St9I3XDnSp0mQnitbfa
PJUn61OjZuBPHgFnIvetmZ3+rFT4HcL596KZ0yET9+E2n9o5POigKjZTFpU4hkVx
s5Wo3Q5Q978JtyRLk8uV18F5FAf2aF2Ei5GpQYY3iWX7tC4TE5T0SmzmRzxVoPGe
jGAmmjrYhOujvYjmpQ==
-----END CERTIFICATE-----