Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a396430303a3a2f34302d3430203d3e203537313130.roa
File:                     326131313a323963303a396430303a3a2f34302d3430203d3e203537313130.roa (raw, json)
Hash identifier:          W5ahDU5JyeZJt4qS2B+lziFP3DcHEZMUnP1JLsA2ZQY=
Subject key identifier:   71:1B:DA:EB:44:33:CD:C6:D5:A3:36:8B:EA:DA:9E:6D:B6:9B:C2:51
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       7E65E9E2232AF1D5AABE46784096C2B20F3BB4FD
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a396430303a3a2f34302d3430203d3e203537313130.roa
Signing time:             Sun 26 Nov 2023 11:08:45 +0000
ROA not before:           Sun 26 Nov 2023 11:03:45 +0000
ROA not after:            Sun 24 Nov 2024 11:08:45 +0000
asID:                     57110
IP address blocks:        2a11:29c0:9d00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:65:e9:e2:23:2a:f1:d5:aa:be:46:78:40:96:c2:b2:0f:3b:b4:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 26 11:03:45 2023 GMT
            Not After : Nov 24 11:08:45 2024 GMT
        Subject: CN=711BDAEB4433CDC6D5A3368BEADA9E6DB69BC251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:da:62:9a:fb:64:66:7a:94:03:90:70:3f:18:
                    0a:be:62:69:a6:1f:9b:7b:47:2d:d1:85:ea:c3:50:
                    fa:75:f7:76:ec:1d:fd:7c:5a:10:77:e3:44:6f:b4:
                    58:8d:79:0d:4a:4e:d8:fa:71:5a:1b:72:7a:4c:66:
                    c0:33:02:fd:5f:05:ee:39:11:c8:9d:61:c8:54:86:
                    72:ca:69:0e:f0:61:82:80:5c:4e:30:20:d9:91:23:
                    20:f8:65:a8:11:0d:e1:98:25:35:58:40:f5:f3:1b:
                    2d:c2:11:d5:e9:34:39:3d:7a:0e:ec:43:c7:0a:0f:
                    28:25:42:52:e1:dc:9a:0b:10:0a:b6:77:a1:ae:65:
                    51:86:d0:79:2b:a9:f8:19:52:09:f1:b9:ed:3b:18:
                    ec:3c:73:6c:b4:34:f7:ac:d5:b2:17:0a:d3:24:bf:
                    74:0f:c2:90:86:82:fc:06:a2:ee:a7:17:c8:6c:2b:
                    6e:d2:c2:8d:bc:f5:c4:83:27:46:28:4b:e8:58:68:
                    01:4b:62:80:09:28:c0:e8:ef:b6:01:91:bc:52:36:
                    df:a3:63:81:39:fd:8b:5e:e9:c5:29:f4:85:04:8e:
                    ec:74:96:9d:82:a3:88:3c:89:92:a3:1a:65:bf:78:
                    93:75:aa:9c:9b:7f:66:e9:14:c3:05:e9:1a:e5:fc:
                    76:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1B:DA:EB:44:33:CD:C6:D5:A3:36:8B:EA:DA:9E:6D:B6:9B:C2:51
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a396430303a3a2f34302d3430203d3e203537313130.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:9d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:46:7b:72:81:dd:3e:a9:1e:fe:47:04:51:e0:a8:4b:5e:35:
         d4:c3:b0:e9:01:27:9e:4f:02:7c:31:3d:43:f1:17:d0:ee:52:
         7a:01:77:f6:91:1f:69:ec:75:88:f4:dd:7d:b6:58:d9:17:dd:
         4b:5c:31:e6:ea:db:6b:40:8d:38:18:00:69:d3:3d:77:ca:db:
         e6:c3:5c:d5:91:47:82:67:1d:4f:bb:44:87:36:c1:66:6d:70:
         59:55:d8:9c:dd:52:1e:4c:87:de:63:ca:5d:38:90:cf:77:f7:
         ad:41:38:7e:0e:7a:a1:84:8b:5d:1b:d6:ee:b9:11:b5:26:37:
         91:df:4e:71:95:0a:75:e7:04:90:78:a7:2d:73:19:19:e4:f2:
         26:48:02:cf:b8:3a:c1:35:36:eb:19:a5:13:60:be:37:fc:48:
         28:80:76:d6:e8:1d:11:6e:68:56:2c:05:37:d9:44:a8:56:e3:
         32:57:7e:da:59:0c:0a:50:7d:56:87:28:79:49:1e:da:a1:64:
         92:26:31:94:39:e8:84:93:ae:30:c7:f0:df:18:89:45:e3:de:
         46:c2:fd:ca:de:d9:e9:52:0f:bf:82:98:e1:f3:36:56:60:7c:
         55:fd:fc:53:2c:5d:f7:9b:69:21:56:96:2a:55:c6:82:d2:fd:
         85:6d:f8:ba
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUfmXp4iMq8dWqvkZ4QJbCsg87tP0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjYxMTAzNDVaFw0yNDExMjQxMTA4NDVaMDMxMTAvBgNV
BAMTKDcxMUJEQUVCNDQzM0NEQzZENUEzMzY4QkVBREE5RTZEQjY5QkMyNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi2mKa+2RmepQDkHA/GAq+Ymmm
H5t7Ry3RherDUPp193bsHf18WhB340RvtFiNeQ1KTtj6cVobcnpMZsAzAv1fBe45
EcidYchUhnLKaQ7wYYKAXE4wINmRIyD4ZagRDeGYJTVYQPXzGy3CEdXpNDk9eg7s
Q8cKDyglQlLh3JoLEAq2d6GuZVGG0HkrqfgZUgnxue07GOw8c2y0NPes1bIXCtMk
v3QPwpCGgvwGou6nF8hsK27Swo289cSDJ0YoS+hYaAFLYoAJKMDo77YBkbxSNt+j
Y4E5/Yte6cUp9IUEjux0lp2Co4g8iZKjGmW/eJN1qpybf2bpFMMF6Rrl/HbjAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUcRva60QzzcbVozaL6tqebbabwlEwHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5NjQzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzUz
NzMxMzEzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoRKcCdMA0GCSqGSIb3DQEBCwUAA4IBAQA7Rnty
gd0+qR7+RwRR4KhLXjXUw7DpASeeTwJ8MT1D8RfQ7lJ6AXf2kR9p7HWI9N19tljZ
F91LXDHm6ttrQI04GABp0z13ytvmw1zVkUeCZx1Pu0SHNsFmbXBZVdic3VIeTIfe
Y8pdOJDPd/etQTh+DnqhhItdG9buuRG1JjeR305xlQp15wSQeKctcxkZ5PImSALP
uDrBNTbrGaUTYL43/EgogHbW6B0RbmhWLAU32USoVuMyV37aWQwKUH1Whyh5SR7a
oWSSJjGUOeiEk64wx/DfGIlF495Gwv3K3tnpUg+/gpjh8zZWYHxV/fxTLF33m2kh
VpYqVcaC0v2Fbfi6
-----END CERTIFICATE-----