Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/323630323a663936643a6130303a3a2f34302d3430203d3e203437323732.roa
File:                     323630323a663936643a6130303a3a2f34302d3430203d3e203437323732.roa (raw, json)
Hash identifier:          Yu1oNnw2w9h+HvMJcZ9U0fkkSMNfKnk7WW7I29GgzzE=
Subject key identifier:   D3:F8:E8:10:9C:48:98:70:3A:04:11:1A:8B:82:8E:FF:E7:44:AE:D0
Certificate issuer:       /CN=f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa
Certificate serial:       086D8D3BA928AFC16345AF568E776F0121A2B02A
Authority key identifier: 6D:7A:26:67:30:92:8D:9D:FD:FD:AC:E3:6F:73:AC:89:E4:24:E2:28
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/323630323a663936643a6130303a3a2f34302d3430203d3e203437323732.roa
Signing time:             Wed 15 Jan 2025 14:13:22 +0000
ROA not before:           Wed 15 Jan 2025 14:08:22 +0000
ROA not after:            Wed 14 Jan 2026 14:13:22 +0000
asID:                     47272
IP address blocks:        2602:f96d:a00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:6d:8d:3b:a9:28:af:c1:63:45:af:56:8e:77:6f:01:21:a2:b0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa
        Validity
            Not Before: Jan 15 14:08:22 2025 GMT
            Not After : Jan 14 14:13:22 2026 GMT
        Subject: CN=D3F8E8109C4898703A04111A8B828EFFE744AED0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:63:5e:e5:cb:c0:17:28:0e:90:ec:38:6a:f5:
                    42:e5:85:e3:86:1a:b7:93:ef:fe:70:d9:16:70:1d:
                    c6:69:8b:62:cd:cd:41:c2:c0:86:77:78:ac:d7:cb:
                    51:ef:0f:e7:2f:95:f4:60:a4:2c:91:e2:4d:a6:1e:
                    d9:a7:48:0f:90:3a:1a:5d:61:3f:e6:1c:b6:bc:cd:
                    a7:b7:f7:ad:80:af:b1:df:6f:2b:89:b9:d6:17:0b:
                    16:40:98:bf:8a:d8:87:99:b0:83:b8:79:4e:2f:a1:
                    d5:3d:51:7d:f1:7b:84:11:f9:0c:4b:34:43:5b:ce:
                    3a:0e:4c:eb:74:3b:d7:1d:a0:14:fa:05:de:e5:b8:
                    aa:b3:da:27:9f:47:cd:29:3e:ef:01:6a:5a:69:7e:
                    02:b9:3a:4c:72:33:1a:ed:f8:1d:98:d3:7d:be:85:
                    be:63:72:f1:cb:e8:d6:cf:f5:6e:8f:19:71:47:b4:
                    08:77:ad:81:50:70:cd:28:59:f2:68:95:14:3a:61:
                    0d:32:d0:fc:47:9a:85:f3:d8:0e:25:cb:88:4e:24:
                    a9:d7:74:79:e6:50:3c:42:b0:74:ab:e7:2d:34:1e:
                    d6:c8:59:7a:a4:b5:e9:b6:36:39:16:b0:37:76:ac:
                    ee:6f:41:ec:86:7d:e3:6f:19:f0:38:0a:39:64:9b:
                    76:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F8:E8:10:9C:48:98:70:3A:04:11:1A:8B:82:8E:FF:E7:44:AE:D0
            X509v3 Authority Key Identifier:
                keyid:6D:7A:26:67:30:92:8D:9D:FD:FD:AC:E3:6F:73:AC:89:E4:24:E2:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/6D7A266730928D9DFDFDACE36F73AC89E424E228.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba68b40f65cfc17445f89b2192a57379d7f13be8fa.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/4/323630323a663936643a6130303a3a2f34302d3430203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f96d:a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         64:81:8a:7d:fb:1b:da:ab:0a:0b:3b:f8:75:e4:71:ee:24:51:
         38:0d:7c:55:f4:cb:8a:38:8f:71:80:43:56:77:68:a8:78:b4:
         fd:6d:ac:77:1f:f4:08:f5:4f:6d:9d:ee:4a:85:24:c1:5b:14:
         3b:89:cb:f7:91:0d:f3:84:53:27:33:af:d9:3c:c9:35:64:2c:
         1a:5a:b2:9a:74:98:c7:89:cb:33:5e:2d:d6:c4:5d:1c:6d:c4:
         ef:af:50:8f:3b:7e:bc:d1:93:fe:ae:ed:e3:a8:d9:09:c3:6c:
         f0:f5:d9:9d:2f:df:fc:bf:16:42:d8:7c:6a:34:d3:8a:06:97:
         09:92:47:96:5b:3e:c7:40:42:8a:48:4f:75:11:de:16:b4:50:
         8a:3f:4d:98:a8:ad:8c:fd:a7:67:c2:d3:ee:50:f1:21:89:c9:
         41:e8:55:dd:85:6d:db:21:b5:c7:54:69:f2:2c:21:a4:a9:54:
         a7:ea:5a:bd:5b:e0:de:84:b1:be:74:38:31:d1:c9:a2:9f:ca:
         50:02:76:08:55:55:5e:06:77:88:91:1f:0b:95:c4:7f:b7:bb:
         37:f0:64:9b:23:e1:1e:33:3e:21:30:d3:0c:4e:50:26:31:4b:
         67:25:87:94:74:3c:f5:a9:43:df:72:9e:ce:96:5a:0b:98:12:
         af:fb:a9:e8
-----BEGIN CERTIFICATE-----
MIIF1TCCBL2gAwIBAgIUCG2NO6kor8FjRa9WjndvASGisCowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZjQ0YzgyZGFiYTY4YjQwZjY1Y2ZjMTc0NDVmODliMjE5
MmE1NzM3OWQ3ZjEzYmU4ZmEwHhcNMjUwMTE1MTQwODIyWhcNMjYwMTE0MTQxMzIy
WjAzMTEwLwYDVQQDEyhEM0Y4RTgxMDlDNDg5ODcwM0EwNDExMUE4QjgyOEVGRkU3
NDRBRUQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32Ne5cvAFygO
kOw4avVC5YXjhhq3k+/+cNkWcB3GaYtizc1BwsCGd3is18tR7w/nL5X0YKQskeJN
ph7Zp0gPkDoaXWE/5hy2vM2nt/etgK+x328ribnWFwsWQJi/itiHmbCDuHlOL6HV
PVF98XuEEfkMSzRDW846DkzrdDvXHaAU+gXe5biqs9onn0fNKT7vAWpaaX4CuTpM
cjMa7fgdmNN9voW+Y3Lxy+jWz/VujxlxR7QId62BUHDNKFnyaJUUOmENMtD8R5qF
89gOJcuITiSp13R55lA8QrB0q+ctNB7WyFl6pLXptjY5FrA3dqzub0Hshn3jbxnw
OAo5ZJt26wIDAQABo4IC1TCCAtEwHQYDVR0OBBYEFNP46BCcSJhwOgQRGouCjv/n
RK7QMB8GA1UdIwQYMBaAFG16Jmcwko2d/f2s429zrInkJOIoMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzMyNTNkOTczLWQ1YmYtNDU0MS1iY2Mx
LTI3NjU0M2EyNWM3ZC80LzZEN0EyNjY3MzA5MjhEOURGREZEQUNFMzZGNzNBQzg5
RTQyNEUyMjguY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8wMmM3NzA2Yi0zYmFmLTQyY2ItYmRmNy03
ODJiMDM2MjUyYjMvZjQ0YzgyZGFiYTY4YjQwZjY1Y2ZjMTc0NDVmODliMjE5MmE1
NzM3OWQ3ZjEzYmU4ZmEuY2VyMIGzBggrBgEFBQcBCwSBpjCBozCBoAYIKwYBBQUH
MAuGgZNyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzMyNTNkOTczLWQ1YmYtNDU0MS1iY2MxLTI3NjU0M2EyNWM3ZC80LzMyMzYzMDMy
M2E2NjM5MzY2NDNhNjEzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzQzNzMy
MzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB
/wQSMBAwDgQCAAIwCAMGACYC+W0KMA0GCSqGSIb3DQEBCwUAA4IBAQBkgYp9+xva
qwoLO/h15HHuJFE4DXxV9MuKOI9xgENWd2ioeLT9bax3H/QI9U9tne5KhSTBWxQ7
icv3kQ3zhFMnM6/ZPMk1ZCwaWrKadJjHicszXi3WxF0cbcTvr1CPO3680ZP+ru3j
qNkJw2zw9dmdL9/8vxZC2HxqNNOKBpcJkkeWWz7HQEKKSE91Ed4WtFCKP02YqK2M
/adnwtPuUPEhiclB6FXdhW3bIbXHVGnyLCGkqVSn6lq9W+DehLG+dDgx0cmin8pQ
AnYIVVVeBneIkR8LlcR/t7s38GSbI+EeMz4hMNMMTlAmMUtnJYeUdDz1qUPfcp7O
lloLmBKv+6no
-----END CERTIFICATE-----