Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3130303a3a2f34302d3430203d3e20323136333234.roa
File:                     326131343a373538313a3130303a3a2f34302d3430203d3e20323136333234.roa (raw, json)
Hash identifier:          xYQWcaFWpSvsJl1qevcdc2P+f7g3az/F4Cvlo7Yu5xo=
Subject key identifier:   76:A5:CD:EB:3D:95:47:63:62:A5:EC:44:CA:67:8F:E2:26:B6:2B:99
Certificate issuer:       /CN=30EC341CC59263F48799F70A95490826E78E6E11
Certificate serial:       39C73C3A893C3DE50C50AC93D86416FF40994DD9
Authority key identifier: 30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3130303a3a2f34302d3430203d3e20323136333234.roa
Signing time:             Fri 13 Sep 2024 09:02:07 +0000
ROA not before:           Fri 13 Sep 2024 08:57:07 +0000
ROA not after:            Fri 12 Sep 2025 09:02:07 +0000
asID:                     216324
IP address blocks:        2a14:7581:100::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c7:3c:3a:89:3c:3d:e5:0c:50:ac:93:d8:64:16:ff:40:99:4d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30EC341CC59263F48799F70A95490826E78E6E11
        Validity
            Not Before: Sep 13 08:57:07 2024 GMT
            Not After : Sep 12 09:02:07 2025 GMT
        Subject: CN=76A5CDEB3D95476362A5EC44CA678FE226B62B99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:16:24:84:ce:e5:a3:6c:3e:8b:32:33:1e:e6:
                    09:4b:0e:d8:44:d3:9a:6e:d2:6a:53:b7:54:87:c6:
                    71:21:a9:a8:da:cb:e1:3a:5f:bc:81:10:09:a2:2b:
                    3f:0e:05:9c:5d:81:44:ce:7a:3b:9e:03:49:2c:0c:
                    09:f6:c4:c1:05:ae:31:5a:80:2d:87:bb:c9:2d:0e:
                    7d:b7:82:b5:31:6d:28:42:75:e2:08:47:8b:79:19:
                    ad:4d:3b:aa:df:e6:04:f4:8d:a7:bd:d7:e9:21:8d:
                    58:a4:b3:83:29:cf:ad:e7:ee:21:c4:55:40:a6:5e:
                    79:f9:85:00:73:30:53:81:73:8e:2e:92:07:49:91:
                    6a:9e:d2:7f:ae:ad:94:77:dc:43:9f:a6:61:39:93:
                    11:f1:fc:e6:37:4c:f9:27:19:61:f2:9f:b8:71:b7:
                    b9:50:90:74:63:ae:46:7b:c8:c5:25:3e:66:ea:6a:
                    23:88:45:13:6f:db:10:b4:b6:7e:d7:f8:b6:30:b6:
                    e9:ab:05:2c:a7:ba:60:e1:50:4f:5b:83:6c:e6:e5:
                    40:5b:f6:29:a2:18:61:3e:b3:99:09:46:87:c6:d4:
                    17:d8:3a:4d:f2:45:e9:e7:ec:b4:0f:f9:35:09:2d:
                    f7:8f:4b:56:1b:ec:53:cf:58:e2:98:a0:5c:59:53:
                    f1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A5:CD:EB:3D:95:47:63:62:A5:EC:44:CA:67:8F:E2:26:B6:2B:99
            X509v3 Authority Key Identifier:
                keyid:30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/30EC341CC59263F48799F70A95490826E78E6E11.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3130303a3a2f34302d3430203d3e20323136333234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:20:a4:02:b8:ad:1b:5a:95:7f:87:79:15:18:68:2e:43:9f:
         70:2b:56:e0:33:5e:77:7f:4c:5c:4f:dd:ff:9a:d5:31:6e:2b:
         57:f5:04:74:c5:81:36:98:d2:9f:e4:4c:81:76:02:d5:84:68:
         81:97:9b:29:5d:25:18:3b:8e:9b:3f:a0:8a:ac:af:b0:97:77:
         a3:89:5b:21:45:10:d4:15:9b:e0:86:fc:96:3b:cc:c6:0f:f1:
         cd:e8:86:e7:d9:5a:fe:a5:1f:95:16:39:58:c6:93:c3:40:18:
         6a:d0:8f:2e:58:83:84:b8:bb:77:65:7d:a7:32:8e:68:6f:46:
         73:4c:83:09:10:8e:4c:16:04:9e:64:3d:0b:06:d4:eb:f6:0f:
         27:bb:4d:33:7d:5e:72:11:c1:80:b1:69:67:fa:b7:64:0e:72:
         34:04:88:7a:77:39:f1:86:41:f8:0d:77:c0:66:8e:9a:3e:5b:
         de:c6:78:05:70:48:3e:a1:4d:18:17:2e:b3:f6:9b:fe:3f:18:
         59:be:c9:3e:c6:6c:ae:88:de:95:ab:52:26:1c:f6:72:55:b9:
         08:18:82:cb:06:c6:15:fd:06:73:62:7f:21:48:69:8f:bd:7c:
         95:7e:0a:4f:7f:8f:58:1c:e2:71:50:9a:b4:4a:cd:41:74:d1:
         0e:d0:10:41
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUOcc8Ook8PeUMUKyT2GQW/0CZTdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZF
NzhFNkUxMTAeFw0yNDA5MTMwODU3MDdaFw0yNTA5MTIwOTAyMDdaMDMxMTAvBgNV
BAMTKDc2QTVDREVCM0Q5NTQ3NjM2MkE1RUM0NENBNjc4RkUyMjZCNjJCOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXFiSEzuWjbD6LMjMe5glLDthE
05pu0mpTt1SHxnEhqajay+E6X7yBEAmiKz8OBZxdgUTOejueA0ksDAn2xMEFrjFa
gC2Hu8ktDn23grUxbShCdeIIR4t5Ga1NO6rf5gT0jae91+khjViks4Mpz63n7iHE
VUCmXnn5hQBzMFOBc44ukgdJkWqe0n+urZR33EOfpmE5kxHx/OY3TPknGWHyn7hx
t7lQkHRjrkZ7yMUlPmbqaiOIRRNv2xC0tn7X+LYwtumrBSynumDhUE9bg2zm5UBb
9imiGGE+s5kJRofG1BfYOk3yRenn7LQP+TUJLfePS1Yb7FPPWOKYoFxZU/FVAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUdqXN6z2VR2NipexEymeP4ia2K5kwHwYDVR0j
BBgwFoAUMOw0HMWSY/SHmfcKlUkIJueObhEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNkNWY2ODItYjUxYi00ODEyLWI4YjEtNDMwZTM4Njgz
NzQ4LzEvMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZFNzhFNkUxMS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zMEVDMzQxQ0M1OTI2M0Y0ODc5OUY3MEE5
NTQ5MDgyNkU3OEU2RTExLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yM2Q1ZjY4Mi1iNTFiLTQ4MTItYjhiMS00MzBlMzg2ODM3NDgvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTMxMzAzMDNhM2EyZjM0MzAyZDM0MzAyMDNkM2UyMDMyMzEz
NjMzMzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoUdYEBMA0GCSqGSIb3DQEBCwUAA4IBAQAzIKQC
uK0bWpV/h3kVGGguQ59wK1bgM153f0xcT93/mtUxbitX9QR0xYE2mNKf5EyBdgLV
hGiBl5spXSUYO46bP6CKrK+wl3ejiVshRRDUFZvghvyWO8zGD/HN6Ibn2Vr+pR+V
FjlYxpPDQBhq0I8uWIOEuLt3ZX2nMo5ob0ZzTIMJEI5MFgSeZD0LBtTr9g8nu00z
fV5yEcGAsWln+rdkDnI0BIh6dznxhkH4DXfAZo6aPlvexngFcEg+oU0YFy6z9pv+
PxhZvsk+xmyuiN6Vq1ImHPZyVbkIGILLBsYV/QZzYn8hSGmPvXyVfgpPf49YHOJx
UJq0Ss1BdNEO0BBB
-----END CERTIFICATE-----