Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1d20be4c-8db3-45e1-8169-0f2e4084132c/3/326130373a353463313a633061373a3a2f34382d3438203d3e20323134393634.roa
File:                     326130373a353463313a633061373a3a2f34382d3438203d3e20323134393634.roa (raw, json)
Hash identifier:          j9ikSe3yqd3VwdW18I/F8SyoJuAy6W9crWUhzD9Gq2w=
Subject key identifier:   36:03:DE:DA:3E:56:4E:18:4A:B2:67:81:C6:2B:E4:F7:3E:86:75:7A
Certificate issuer:       /CN=9AADF71FF51D952A77F564D5BA373A7D55BC9C0A
Certificate serial:       75A5A37037538846FEED64ED2B18AEF2A563E5FF
Authority key identifier: 9A:AD:F7:1F:F5:1D:95:2A:77:F5:64:D5:BA:37:3A:7D:55:BC:9C:0A
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/9AADF71FF51D952A77F564D5BA373A7D55BC9C0A.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1d20be4c-8db3-45e1-8169-0f2e4084132c/3/326130373a353463313a633061373a3a2f34382d3438203d3e20323134393634.roa
Signing time:             Tue 25 Jun 2024 19:00:43 +0000
ROA not before:           Tue 25 Jun 2024 18:55:43 +0000
ROA not after:            Tue 24 Jun 2025 19:00:43 +0000
asID:                     214964
IP address blocks:        2a07:54c1:c0a7::/48 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:a5:a3:70:37:53:88:46:fe:ed:64:ed:2b:18:ae:f2:a5:63:e5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9AADF71FF51D952A77F564D5BA373A7D55BC9C0A
        Validity
            Not Before: Jun 25 18:55:43 2024 GMT
            Not After : Jun 24 19:00:43 2025 GMT
        Subject: CN=3603DEDA3E564E184AB26781C62BE4F73E86757A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:04:46:15:bf:31:c7:9c:1a:e5:80:9f:61:b1:
                    52:7e:07:f0:f4:de:d7:5d:9b:ef:57:55:51:71:fc:
                    2b:e4:8f:2f:b9:6a:da:3d:3c:e2:e1:ce:45:0f:bd:
                    69:a0:d5:92:18:fa:e4:6d:04:0e:52:ca:98:4f:4f:
                    0a:8a:ca:c0:0a:f0:26:f8:dd:d5:2d:02:d7:63:19:
                    09:31:ec:ad:c4:fb:33:d9:c6:f5:09:40:6e:b5:d1:
                    e0:24:26:0b:32:13:90:d0:06:67:14:9e:20:50:ce:
                    2c:4f:5f:5c:fc:4d:13:fd:f9:e2:44:80:fc:57:63:
                    07:7c:2f:33:ab:ea:9f:be:01:8e:d0:8a:05:53:31:
                    b1:f5:ff:41:c2:bc:e7:b8:9f:43:2e:ce:11:9b:de:
                    bd:10:32:7d:2b:2a:7f:34:e9:12:eb:9c:ff:7f:a0:
                    11:38:71:1f:6d:09:b3:0c:e0:b8:1d:42:82:21:6a:
                    f4:87:c6:b9:60:b6:b0:5d:0e:fc:4b:3e:ff:a8:da:
                    55:33:cb:ba:5b:6e:61:e0:7e:19:d8:0b:bb:12:33:
                    fd:e5:fb:b0:60:1e:2a:8d:18:65:80:23:55:5a:b2:
                    f5:d9:b0:99:dd:68:53:19:37:f9:90:91:83:bf:b1:
                    c8:a4:45:aa:5d:77:a7:de:ba:7a:a9:4c:ff:e3:1c:
                    9b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:03:DE:DA:3E:56:4E:18:4A:B2:67:81:C6:2B:E4:F7:3E:86:75:7A
            X509v3 Authority Key Identifier:
                keyid:9A:AD:F7:1F:F5:1D:95:2A:77:F5:64:D5:BA:37:3A:7D:55:BC:9C:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1d20be4c-8db3-45e1-8169-0f2e4084132c/3/9AADF71FF51D952A77F564D5BA373A7D55BC9C0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/9AADF71FF51D952A77F564D5BA373A7D55BC9C0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1d20be4c-8db3-45e1-8169-0f2e4084132c/3/326130373a353463313a633061373a3a2f34382d3438203d3e20323134393634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:54c1:c0a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:ec:5f:cb:69:9a:32:ba:cd:97:6b:3c:84:45:30:fd:7b:22:
         65:3b:85:1e:d1:83:11:c4:5d:d8:af:1b:50:21:03:52:e5:1d:
         6a:b7:bc:2d:8c:d8:d9:03:ba:58:cd:41:0c:6c:66:3d:51:27:
         4b:98:f5:01:07:00:90:87:9c:bd:b5:ab:77:3b:c8:5a:0d:fc:
         d8:56:c2:a3:c1:15:62:7d:f5:04:38:14:24:cf:62:3a:73:99:
         b5:ac:d4:9e:14:2c:69:f3:c3:9f:ef:27:73:95:e1:4e:21:d8:
         bb:38:96:29:0d:cb:25:ef:2c:8e:18:f8:d8:cd:77:82:85:cc:
         02:ae:e3:98:0c:06:9d:7d:58:55:b7:22:fc:0f:4b:63:3a:ea:
         81:50:8f:27:bc:0f:b4:cf:f3:59:18:d1:d5:11:5c:ac:14:5c:
         8b:87:cd:cb:aa:7c:b6:d2:62:97:62:d2:db:2b:87:1a:9a:9c:
         e3:26:19:3b:78:0a:d5:9e:80:5e:49:9d:a5:51:b5:67:56:c6:
         43:48:02:15:d6:a5:bd:3c:02:e6:89:6f:68:f3:33:59:c5:4c:
         6a:c4:de:b7:8e:e3:16:88:6f:ff:19:73:26:ce:ef:ce:23:0c:
         16:86:0b:d4:1a:df:a2:06:eb:d1:36:db:83:6c:09:34:d5:f2:
         ed:3d:8d:d8
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUdaWjcDdTiEb+7WTtKxiu8qVj5f8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUFBREY3MUZGNTFEOTUyQTc3RjU2NEQ1QkEzNzNBN0Q1
NUJDOUMwQTAeFw0yNDA2MjUxODU1NDNaFw0yNTA2MjQxOTAwNDNaMDMxMTAvBgNV
BAMTKDM2MDNERURBM0U1NjRFMTg0QUIyNjc4MUM2MkJFNEY3M0U4Njc1N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1BEYVvzHHnBrlgJ9hsVJ+B/D0
3tddm+9XVVFx/Cvkjy+5ato9POLhzkUPvWmg1ZIY+uRtBA5SyphPTwqKysAK8Cb4
3dUtAtdjGQkx7K3E+zPZxvUJQG610eAkJgsyE5DQBmcUniBQzixPX1z8TRP9+eJE
gPxXYwd8LzOr6p++AY7QigVTMbH1/0HCvOe4n0MuzhGb3r0QMn0rKn806RLrnP9/
oBE4cR9tCbMM4LgdQoIhavSHxrlgtrBdDvxLPv+o2lUzy7pbbmHgfhnYC7sSM/3l
+7BgHiqNGGWAI1VasvXZsJndaFMZN/mQkYO/scikRapdd6feunqpTP/jHJvTAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUNgPe2j5WThhKsmeBxivk9z6GdXowHwYDVR0j
BBgwFoAUmq33H/UdlSp39WTVujc6fVW8nAowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWQyMGJlNGMtOGRiMy00NWUxLTgxNjktMGYyZTQwODQx
MzJjLzMvOUFBREY3MUZGNTFEOTUyQTc3RjU2NEQ1QkEzNzNBN0Q1NUJDOUMwQS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hYTAwNGJhMS00MTliLTRk
YjUtYmJkMy01Y2NhNjMzY2FlM2YvMC85QUFERjcxRkY1MUQ5NTJBNzdGNTY0RDVC
QTM3M0E3RDU1QkM5QzBBLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8xZDIwYmU0Yy04ZGIzLTQ1ZTEtODE2OS0wZjJlNDA4NDEzMmMvMy8zMjYxMzAz
NzNhMzUzNDYzMzEzYTYzMzA2MTM3M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIz
MTM0MzkzNjM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAKgdUwcCnMA0GCSqGSIb3DQEBCwUAA4IBAQCu
7F/LaZoyus2XazyERTD9eyJlO4Ue0YMRxF3YrxtQIQNS5R1qt7wtjNjZA7pYzUEM
bGY9USdLmPUBBwCQh5y9tat3O8haDfzYVsKjwRViffUEOBQkz2I6c5m1rNSeFCxp
88Of7ydzleFOIdi7OJYpDcsl7yyOGPjYzXeChcwCruOYDAadfVhVtyL8D0tjOuqB
UI8nvA+0z/NZGNHVEVysFFyLh83Lqny20mKXYtLbK4campzjJhk7eArVnoBeSZ2l
UbVnVsZDSAIV1qW9PALmiW9o8zNZxUxqxN63juMWiG//GXMmzu/OIwwWhgvUGt+i
BuvRNtuDbAk01fLtPY3Y
-----END CERTIFICATE-----