Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393030303a3a2f34382d3438203d3e203437323732.roa
File:                     326131313a323963303a393030303a3a2f34382d3438203d3e203437323732.roa (raw, json)
Hash identifier:          UwO4hN+ZCdHk2YL18D2u+pPYoRMaN6p481osc8WCbJI=
Subject key identifier:   B9:2D:1B:D1:27:D6:C3:56:6F:A4:DB:35:D6:FF:16:07:B9:80:B5:E1
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       24E820A273CF5B21878DDF11EA5235AE9AC1DC6E
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393030303a3a2f34382d3438203d3e203437323732.roa
Signing time:             Sun 26 Nov 2023 11:08:46 +0000
ROA not before:           Sun 26 Nov 2023 11:03:46 +0000
ROA not after:            Sun 24 Nov 2024 11:08:46 +0000
asID:                     47272
IP address blocks:        2a11:29c0:9000::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:e8:20:a2:73:cf:5b:21:87:8d:df:11:ea:52:35:ae:9a:c1:dc:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 26 11:03:46 2023 GMT
            Not After : Nov 24 11:08:46 2024 GMT
        Subject: CN=B92D1BD127D6C3566FA4DB35D6FF1607B980B5E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:be:2d:4f:89:ca:41:97:ea:a4:46:01:17:90:
                    b4:49:36:46:50:22:5b:fa:1b:d0:92:c3:25:e5:68:
                    37:42:0c:69:81:dc:57:98:80:c3:33:33:cf:19:5c:
                    48:d7:ba:73:23:6b:1d:d2:b0:d1:79:f6:bc:71:8e:
                    84:c0:72:0f:91:4e:9b:2e:ee:26:bf:9d:c7:f9:98:
                    63:d5:2b:43:f2:e5:11:5b:4c:cc:28:ae:08:75:13:
                    fd:da:24:7a:79:71:78:57:0c:66:89:56:ea:76:59:
                    7b:f0:9d:64:ea:69:96:28:b6:be:b3:3d:72:3c:ac:
                    1a:bc:94:f7:69:f2:80:41:53:3a:06:97:c8:0a:d4:
                    13:db:f8:63:cc:80:8d:f5:01:b0:47:13:29:b0:ed:
                    4e:0e:cf:a7:91:b6:f6:5a:be:7b:e0:68:33:9a:22:
                    f8:fc:34:68:64:c7:e1:e1:fc:56:52:82:08:ae:da:
                    13:8f:68:59:59:5c:38:5e:a6:d3:5f:cf:da:34:48:
                    30:25:94:2d:ab:da:08:84:62:80:1f:88:78:6a:25:
                    b9:7c:00:56:08:73:5a:f5:f5:af:de:9e:66:b6:58:
                    96:6b:53:18:77:9f:61:31:d4:5c:34:41:98:e9:27:
                    b5:8a:a7:10:0d:00:7a:8a:70:24:e9:0f:76:f1:bd:
                    96:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2D:1B:D1:27:D6:C3:56:6F:A4:DB:35:D6:FF:16:07:B9:80:B5:E1
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393030303a3a2f34382d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:9000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:f7:db:f0:bb:31:0e:9a:14:a4:57:1e:00:44:7e:fa:50:7e:
         04:2a:74:e7:47:b4:e9:c8:9b:48:a1:d5:76:e9:8e:be:68:c1:
         3e:7e:68:24:3a:9c:46:14:b8:ad:72:ec:a5:02:73:89:4e:da:
         76:c7:6f:5b:08:a0:e7:3e:e5:d1:94:60:c1:87:7c:fb:bb:b5:
         2b:81:0a:f7:bd:3c:5f:53:d4:50:d4:76:f6:c4:12:4a:43:ee:
         2f:12:d3:46:7f:80:86:fd:c2:41:05:fd:82:ab:ec:f6:b9:aa:
         c9:78:38:cb:38:06:3c:f1:eb:da:a2:b8:cf:b2:43:0b:d2:54:
         63:83:4d:76:2e:34:b3:3c:e7:c4:ac:c6:4a:16:df:ae:19:60:
         b3:7b:14:96:a6:dd:0b:ac:05:8a:4a:0f:ab:b6:53:ff:1f:7a:
         7d:90:83:44:72:3d:5c:12:00:86:f2:6f:f7:c0:7e:47:5e:d8:
         e5:1d:d6:1a:89:dd:0a:f7:3f:ff:7a:31:87:ec:03:5f:5d:78:
         8e:f6:0b:20:ed:0c:74:7b:eb:08:d8:0c:41:d7:fa:55:d9:4d:
         60:a3:0b:51:4d:3a:96:76:e2:7b:1a:0d:57:e8:d7:10:ac:f8:
         57:5f:8f:1c:6c:7a:b0:cd:53:5f:81:ad:17:51:fa:f1:f0:f4:
         d4:14:e0:9c
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUJOggonPPWyGHjd8R6lI1rprB3G4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjYxMTAzNDZaFw0yNDExMjQxMTA4NDZaMDMxMTAvBgNV
BAMTKEI5MkQxQkQxMjdENkMzNTY2RkE0REIzNUQ2RkYxNjA3Qjk4MEI1RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWvi1PicpBl+qkRgEXkLRJNkZQ
Ilv6G9CSwyXlaDdCDGmB3FeYgMMzM88ZXEjXunMjax3SsNF59rxxjoTAcg+RTpsu
7ia/ncf5mGPVK0Py5RFbTMworgh1E/3aJHp5cXhXDGaJVup2WXvwnWTqaZYotr6z
PXI8rBq8lPdp8oBBUzoGl8gK1BPb+GPMgI31AbBHEymw7U4Oz6eRtvZavnvgaDOa
Ivj8NGhkx+Hh/FZSggiu2hOPaFlZXDheptNfz9o0SDAllC2r2giEYoAfiHhqJbl8
AFYIc1r19a/enma2WJZrUxh3n2Ex1Fw0QZjpJ7WKpxANAHqKcCTpD3bxvZZ1AgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUuS0b0SfWw1ZvpNs11v8WB7mAteEwHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzAzMDMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoRKcCQADANBgkqhkiG9w0BAQsFAAOCAQEAqffb
8LsxDpoUpFceAER++lB+BCp050e06cibSKHVdumOvmjBPn5oJDqcRhS4rXLspQJz
iU7adsdvWwig5z7l0ZRgwYd8+7u1K4EK9708X1PUUNR29sQSSkPuLxLTRn+Ahv3C
QQX9gqvs9rmqyXg4yzgGPPHr2qK4z7JDC9JUY4NNdi40szznxKzGShbfrhlgs3sU
lqbdC6wFikoPq7ZT/x96fZCDRHI9XBIAhvJv98B+R17Y5R3WGondCvc//3oxh+wD
X114jvYLIO0MdHvrCNgMQdf6VdlNYKMLUU06lnbiexoNV+jXEKz4V1+PHGx6sM1T
X4GtF1H68fD01BTgnA==
-----END CERTIFICATE-----