Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062623a3a2f34382d3438203d3e203437323732.roa
File:                     326131313a323963303a393062623a3a2f34382d3438203d3e203437323732.roa (raw, json)
Hash identifier:          HAGYZXYTPAoUiYIwskKEAXZ21/GIem/0cRz65CQujug=
Subject key identifier:   BC:88:37:F6:4B:CA:44:CC:CB:09:A4:2A:32:04:B3:4C:54:44:3E:28
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       0EB5116BEFA26B65A38EF5F1043A4908134607C5
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062623a3a2f34382d3438203d3e203437323732.roa
Signing time:             Tue 28 Nov 2023 12:29:10 +0000
ROA not before:           Tue 28 Nov 2023 12:24:10 +0000
ROA not after:            Tue 26 Nov 2024 12:29:10 +0000
asID:                     47272
IP address blocks:        2a11:29c0:90bb::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:b5:11:6b:ef:a2:6b:65:a3:8e:f5:f1:04:3a:49:08:13:46:07:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 28 12:24:10 2023 GMT
            Not After : Nov 26 12:29:10 2024 GMT
        Subject: CN=BC8837F64BCA44CCCB09A42A3204B34C54443E28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:86:69:0f:22:7c:d2:25:0d:39:ee:28:0d:9d:
                    57:97:9f:e1:1f:be:48:8d:d9:ae:92:90:0b:a6:af:
                    8e:b4:9f:f2:bc:3a:75:71:26:31:b4:62:f1:de:0b:
                    b1:0e:cd:a1:c8:6f:05:92:a4:37:01:a4:aa:51:da:
                    94:72:03:3e:b2:b3:59:74:2c:3a:58:0c:5b:1a:e3:
                    f2:ba:ba:ef:37:60:31:a9:d4:56:4f:d2:19:2f:72:
                    d3:c8:b2:07:26:85:c4:ba:cb:12:4d:de:d0:8d:ec:
                    fd:4b:72:81:d2:f2:2b:4a:81:37:25:d6:4e:fc:27:
                    e8:26:03:73:a1:f2:90:a0:ec:86:91:1b:2a:2f:85:
                    47:c9:82:c5:ed:18:16:38:a5:10:40:fc:a1:94:75:
                    8e:9d:73:c6:88:59:ac:44:90:77:69:f6:21:18:51:
                    21:70:29:fa:88:c6:2f:15:35:41:fc:37:1d:73:f7:
                    fd:ae:98:d5:9d:f0:fe:63:5f:3f:88:54:8d:d9:e9:
                    23:46:cd:c3:5d:6d:44:10:9f:b9:ac:e3:54:a7:db:
                    ba:ab:f0:55:92:c8:ee:ae:90:1a:d6:d5:50:3f:07:
                    e0:71:d5:4d:5e:ba:c5:76:8c:7e:27:66:5d:a3:c7:
                    3c:bb:bd:a8:99:f9:9f:49:62:17:75:af:67:11:75:
                    00:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:88:37:F6:4B:CA:44:CC:CB:09:A4:2A:32:04:B3:4C:54:44:3E:28
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062623a3a2f34382d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:90bb::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:33:7f:94:21:57:3d:8f:bb:50:90:22:4d:ba:0a:1d:ff:23:
         1e:f8:5a:7f:70:44:8c:5b:ba:cc:10:f6:b4:fb:62:53:5c:3c:
         44:09:b5:fc:2b:e8:ff:03:c2:94:42:1f:32:2e:03:ae:07:58:
         fe:f8:c3:35:fc:bd:37:be:33:1e:e5:5d:c4:78:f0:67:ea:80:
         80:29:a0:ba:36:d1:d4:30:99:b5:cc:1b:53:0d:95:f3:dd:e6:
         2c:f5:59:4a:d3:4a:2c:5b:1e:96:17:70:62:21:a6:1b:34:d6:
         ea:91:3a:dd:08:df:06:5a:2f:4c:4f:54:d0:76:02:b9:32:8c:
         86:7f:37:de:ac:d6:a4:8f:c4:f7:02:b2:4d:e9:c5:21:99:57:
         01:ef:81:de:e4:6a:44:e0:75:a9:c6:2e:b5:cb:07:4c:d0:40:
         86:35:7a:75:14:a7:b3:1a:ce:33:aa:4d:94:5d:c9:0e:fe:12:
         e6:9a:92:43:ce:a6:54:20:fc:fe:40:0a:70:e0:5d:96:9b:2c:
         47:16:04:14:ce:51:c8:fa:50:08:08:94:7e:fd:8f:b5:ce:11:
         ce:63:0d:9d:b9:3b:92:aa:d3:54:24:08:b3:91:1c:73:d9:90:
         ed:90:03:71:d4:78:80:76:8e:83:61:8d:ba:d3:e9:33:a8:68:
         ec:d7:f1:ff
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUDrURa++ia2WjjvXxBDpJCBNGB8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjgxMjI0MTBaFw0yNDExMjYxMjI5MTBaMDMxMTAvBgNV
BAMTKEJDODgzN0Y2NEJDQTQ0Q0NDQjA5QTQyQTMyMDRCMzRDNTQ0NDNFMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hmkPInzSJQ057igNnVeXn+Ef
vkiN2a6SkAumr460n/K8OnVxJjG0YvHeC7EOzaHIbwWSpDcBpKpR2pRyAz6ys1l0
LDpYDFsa4/K6uu83YDGp1FZP0hkvctPIsgcmhcS6yxJN3tCN7P1LcoHS8itKgTcl
1k78J+gmA3Oh8pCg7IaRGyovhUfJgsXtGBY4pRBA/KGUdY6dc8aIWaxEkHdp9iEY
USFwKfqIxi8VNUH8Nx1z9/2umNWd8P5jXz+IVI3Z6SNGzcNdbUQQn7ms41Sn27qr
8FWSyO6ukBrW1VA/B+Bx1U1eusV2jH4nZl2jxzy7vaiZ+Z9JYhd1r2cRdQBZAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUvIg39kvKRMzLCaQqMgSzTFREPigwHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzA2MjYyM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoRKcCQuzANBgkqhkiG9w0BAQsFAAOCAQEAnzN/
lCFXPY+7UJAiTboKHf8jHvhaf3BEjFu6zBD2tPtiU1w8RAm1/Cvo/wPClEIfMi4D
rgdY/vjDNfy9N74zHuVdxHjwZ+qAgCmgujbR1DCZtcwbUw2V893mLPVZStNKLFse
lhdwYiGmGzTW6pE63QjfBlovTE9U0HYCuTKMhn833qzWpI/E9wKyTenFIZlXAe+B
3uRqROB1qcYutcsHTNBAhjV6dRSnsxrOM6pNlF3JDv4S5pqSQ86mVCD8/kAKcOBd
lpssRxYEFM5RyPpQCAiUfv2Ptc4RzmMNnbk7kqrTVCQIs5Ecc9mQ7ZADcdR4gHaO
g2GNutPpM6ho7Nfx/w==
-----END CERTIFICATE-----