Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393030303a3a2f33362d3336203d3e203437323732.roa
File:                     326131313a323963303a393030303a3a2f33362d3336203d3e203437323732.roa (raw, json)
Hash identifier:          liH6zPLTX2cvmjt+ddNSgisjmq8BGQ97a6xUkwrxPt4=
Subject key identifier:   C3:32:F9:80:C6:42:3D:AA:2A:CE:28:11:C0:6C:A1:50:80:44:2E:DA
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       0F27D85E4849C83CC72FA64E93F2D2B63F7BF910
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393030303a3a2f33362d3336203d3e203437323732.roa
Signing time:             Thu 04 Jan 2024 18:29:23 +0000
ROA not before:           Thu 04 Jan 2024 18:24:23 +0000
ROA not after:            Thu 02 Jan 2025 18:29:23 +0000
asID:                     47272
IP address blocks:        2a11:29c0:9000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:27:d8:5e:48:49:c8:3c:c7:2f:a6:4e:93:f2:d2:b6:3f:7b:f9:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Jan  4 18:24:23 2024 GMT
            Not After : Jan  2 18:29:23 2025 GMT
        Subject: CN=C332F980C6423DAA2ACE2811C06CA15080442EDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9c:a9:fe:62:10:d1:42:3f:b6:46:80:ed:e7:
                    60:44:24:0b:87:e1:7d:cb:ec:1a:39:6d:73:6c:85:
                    01:71:f0:71:70:27:94:40:03:c5:e4:6f:fd:d8:b3:
                    63:2f:ea:3c:08:63:43:1a:41:42:ca:dd:dd:58:26:
                    e0:5a:54:bf:82:5d:ee:cc:4d:be:d1:a4:10:16:db:
                    59:57:fa:15:39:e2:06:1b:5d:65:66:4a:a6:b0:e7:
                    4d:00:a9:12:7e:ef:82:47:29:d7:10:08:ca:a7:0f:
                    f6:c2:1a:50:e2:35:a3:67:e0:ed:c1:e9:a0:5e:fa:
                    48:e1:37:b2:cf:24:c7:4b:ac:88:ec:6b:85:4d:c9:
                    e1:8d:d4:5e:e0:66:7d:09:98:c0:af:8e:12:08:86:
                    a6:fb:70:6e:14:c3:75:cb:d5:7d:41:aa:34:33:f3:
                    e8:72:86:87:e5:0e:31:9d:86:3c:d6:c1:f6:69:26:
                    14:59:fe:7c:33:1b:ef:ab:36:5a:7f:25:3b:52:3f:
                    67:be:df:ae:28:d8:cd:50:72:a0:13:61:6a:6d:61:
                    7a:87:5c:20:ea:e3:09:7d:11:c4:95:9a:df:40:4f:
                    a2:47:e0:1a:f0:51:ae:a9:f0:02:43:84:fd:32:c2:
                    31:7f:e2:31:98:bf:0e:9a:8f:28:7b:d5:6a:6d:88:
                    8f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:32:F9:80:C6:42:3D:AA:2A:CE:28:11:C0:6C:A1:50:80:44:2E:DA
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393030303a3a2f33362d3336203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         02:a3:3b:9a:8e:d2:cf:e6:d1:ae:35:6b:0b:15:eb:aa:45:e7:
         7d:1c:70:27:f3:5f:15:91:9d:9f:82:02:17:6a:f9:9d:26:de:
         25:fe:2d:3a:2c:f9:fb:88:48:78:8e:cf:9d:83:73:40:fe:10:
         b4:91:6e:f4:64:8c:f7:d4:1a:cb:ea:6c:fb:a0:67:df:be:50:
         74:cf:d3:7f:b6:b3:e5:af:9a:bd:30:a6:24:ed:de:90:87:2f:
         92:2f:09:1f:f3:eb:1b:29:39:36:9f:44:2b:e8:26:bb:17:6e:
         dc:44:6c:bd:f3:83:86:dc:88:07:42:3a:74:f7:b7:ff:aa:97:
         50:cb:7c:33:46:58:ad:58:93:f4:13:35:45:89:9b:71:a4:88:
         4a:07:6b:73:1f:61:4e:e1:1f:7c:36:98:b3:c2:17:a6:3e:9c:
         a8:ee:e9:c3:ce:1a:c6:9e:3b:1d:4f:ba:5f:d1:01:10:7b:6c:
         ef:d8:c7:1d:73:fb:8e:0d:94:03:01:06:33:f4:f3:ac:d6:32:
         05:6c:6c:67:0f:0c:4b:cb:7d:30:dd:34:4f:02:4c:94:3b:80:
         3c:11:85:81:8d:36:a9:95:93:6a:fc:23:34:24:38:db:28:20:
         8f:ff:e5:34:53:1e:de:83:28:f1:2b:a1:b4:65:8f:07:6f:0b:
         af:7a:b2:38
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUDyfYXkhJyDzHL6ZOk/LStj97+RAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yNDAxMDQxODI0MjNaFw0yNTAxMDIxODI5MjNaMDMxMTAvBgNV
BAMTKEMzMzJGOTgwQzY0MjNEQUEyQUNFMjgxMUMwNkNBMTUwODA0NDJFREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJnKn+YhDRQj+2RoDt52BEJAuH
4X3L7Bo5bXNshQFx8HFwJ5RAA8Xkb/3Ys2Mv6jwIY0MaQULK3d1YJuBaVL+CXe7M
Tb7RpBAW21lX+hU54gYbXWVmSqaw500AqRJ+74JHKdcQCMqnD/bCGlDiNaNn4O3B
6aBe+kjhN7LPJMdLrIjsa4VNyeGN1F7gZn0JmMCvjhIIhqb7cG4Uw3XL1X1BqjQz
8+hyhoflDjGdhjzWwfZpJhRZ/nwzG++rNlp/JTtSP2e+364o2M1QcqATYWptYXqH
XCDq4wl9EcSVmt9AT6JH4BrwUa6p8AJDhP0ywjF/4jGYvw6ajyh71WptiI9zAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUwzL5gMZCPaoqzigRwGyhUIBELtowHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzAzMDMwM2EzYTJmMzMzNjJkMzMzNjIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGBCoRKcCQMA0GCSqGSIb3DQEBCwUAA4IBAQACozua
jtLP5tGuNWsLFeuqRed9HHAn818VkZ2fggIXavmdJt4l/i06LPn7iEh4js+dg3NA
/hC0kW70ZIz31BrL6mz7oGffvlB0z9N/trPlr5q9MKYk7d6Qhy+SLwkf8+sbKTk2
n0Qr6Ca7F27cRGy984OG3IgHQjp097f/qpdQy3wzRlitWJP0EzVFiZtxpIhKB2tz
H2FO4R98NpizwhemPpyo7unDzhrGnjsdT7pf0QEQe2zv2Mcdc/uODZQDAQYz9POs
1jIFbGxnDwxLy30w3TRPAkyUO4A8EYWBjTaplZNq/CM0JDjbKCCP/+U0Ux7egyjx
K6G0ZY8HbwuverI4
-----END CERTIFICATE-----