Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3b86cb77-69ac-43d9-9f6c-fc53066beb88/2/323630323a663966613a3a2f33362d3438203d3e203630383538.roa
File:                     323630323a663966613a3a2f33362d3438203d3e203630383538.roa (raw, json)
Hash identifier:          5c3OaxW1qKZrY2FscDnJyFNXHvDxQCbXNLWzxHU/wc8=
Subject key identifier:   CD:32:E6:E9:0C:6E:D3:BB:69:60:52:11:5B:5A:8C:2E:37:7C:D8:C9
Certificate issuer:       /CN=d90d8aba2a52e658722522ec42c626f029750e015dbdba418f
Certificate serial:       45C860FB14E8672542A33850C5959E2DA371AC32
Authority key identifier: B7:3B:05:97:1A:1A:76:BD:F1:BC:61:A5:17:8B:00:B4:FF:71:BA:BB
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a52e658722522ec42c626f029750e015dbdba418f.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3b86cb77-69ac-43d9-9f6c-fc53066beb88/2/323630323a663966613a3a2f33362d3438203d3e203630383538.roa
Signing time:             Thu 20 Mar 2025 17:35:34 +0000
ROA not before:           Thu 20 Mar 2025 17:30:34 +0000
ROA not after:            Thu 19 Mar 2026 17:35:34 +0000
asID:                     60858
IP address blocks:        2602:f9fa::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:c8:60:fb:14:e8:67:25:42:a3:38:50:c5:95:9e:2d:a3:71:ac:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90d8aba2a52e658722522ec42c626f029750e015dbdba418f
        Validity
            Not Before: Mar 20 17:30:34 2025 GMT
            Not After : Mar 19 17:35:34 2026 GMT
        Subject: CN=CD32E6E90C6ED3BB696052115B5A8C2E377CD8C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:09:e4:1d:30:d4:08:c3:dd:e7:45:bc:5b:ca:
                    f6:2d:d8:b2:30:ad:2b:83:e2:d0:ba:98:de:70:55:
                    48:4e:7b:49:17:ee:4c:2d:67:ce:69:5d:3d:00:b2:
                    70:fe:50:1e:59:d4:1a:ea:34:38:a9:7f:35:42:1c:
                    dc:19:38:02:0d:1d:b7:60:08:5d:fe:a5:7f:eb:c6:
                    c1:b4:10:97:8e:83:b5:b9:ea:68:0d:eb:0f:6a:0e:
                    88:0b:a1:54:87:66:b9:da:86:4d:99:7a:51:6b:20:
                    ae:7e:34:79:c8:51:60:ea:7b:05:89:7f:8e:12:07:
                    95:2e:f8:ac:38:ec:91:24:ed:aa:ba:69:6e:6d:b8:
                    29:c4:73:7e:d4:5d:06:19:e7:76:45:de:c6:9d:07:
                    eb:22:84:00:ba:2a:8d:3b:d5:75:48:52:c9:c8:e3:
                    e7:9f:8a:42:5a:82:4f:b5:3a:10:bf:8e:a0:34:24:
                    11:69:ac:fe:3f:53:28:a2:ee:2c:e4:8f:e1:bf:be:
                    8e:38:9f:9e:85:ce:e5:a1:73:9e:05:75:ed:f4:33:
                    1a:cf:29:29:29:9e:cf:3b:aa:ef:8a:da:85:07:cc:
                    65:aa:9b:b3:04:56:d5:25:12:54:2a:02:99:47:47:
                    e4:fd:ec:46:11:ca:4a:af:2b:c9:8f:17:f7:4d:74:
                    e2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:32:E6:E9:0C:6E:D3:BB:69:60:52:11:5B:5A:8C:2E:37:7C:D8:C9
            X509v3 Authority Key Identifier:
                keyid:B7:3B:05:97:1A:1A:76:BD:F1:BC:61:A5:17:8B:00:B4:FF:71:BA:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3b86cb77-69ac-43d9-9f6c-fc53066beb88/2/B73B05971A1A76BDF1BC61A5178B00B4FF71BABB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a52e658722522ec42c626f029750e015dbdba418f.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3b86cb77-69ac-43d9-9f6c-fc53066beb88/2/323630323a663966613a3a2f33362d3438203d3e203630383538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f9fa::/36

    Signature Algorithm: sha256WithRSAEncryption
         30:8c:7e:c8:e0:63:32:99:8d:01:cd:ee:af:02:5c:56:ee:76:
         00:91:7a:5d:6d:86:f6:c2:4a:8f:60:90:96:c1:df:3f:19:b8:
         35:f4:c4:59:c7:d1:f5:9e:03:28:f3:6f:3e:d6:6c:2b:a7:03:
         df:e0:28:f4:34:e5:ad:0e:b4:8e:49:cc:82:34:3e:05:f7:b5:
         80:1d:dc:e9:4d:55:8f:0a:f5:d2:18:c5:b3:f2:93:72:2d:cd:
         30:5b:7a:9e:26:3d:7c:03:29:14:69:dc:d7:d5:39:85:86:12:
         02:38:b7:57:aa:b4:c0:05:5e:91:7d:ff:bb:14:a9:0f:dc:b2:
         e2:25:41:d7:d5:d2:8a:cd:85:6a:44:68:81:14:9b:66:c5:07:
         7a:2a:12:63:e3:92:8e:f9:85:ec:a1:93:55:65:94:3d:fd:75:
         ce:61:af:80:d3:af:13:b4:e1:ff:78:0a:80:ef:cd:75:d5:3f:
         8b:31:f0:6c:60:ff:09:30:b6:ff:b9:5e:2d:5a:db:aa:23:d9:
         62:4e:67:27:bf:a6:53:66:dd:7c:d8:a8:9a:4c:06:c3:8f:b6:
         33:e3:f5:18:7b:99:9e:62:44:83:50:ff:2f:c0:ce:83:d1:b6:
         5b:c2:b7:90:b4:ca:4d:41:07:c0:db:8b:9f:c0:7f:8b:b7:24:
         0b:77:7c:87
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIURchg+xToZyVCozhQxZWeLaNxrDIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDkwZDhhYmEyYTUyZTY1ODcyMjUyMmVjNDJjNjI2ZjAy
OTc1MGUwMTVkYmRiYTQxOGYwHhcNMjUwMzIwMTczMDM0WhcNMjYwMzE5MTczNTM0
WjAzMTEwLwYDVQQDEyhDRDMyRTZFOTBDNkVEM0JCNjk2MDUyMTE1QjVBOEMyRTM3
N0NEOEM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAnkHTDUCMPd
50W8W8r2LdiyMK0rg+LQupjecFVITntJF+5MLWfOaV09ALJw/lAeWdQa6jQ4qX81
QhzcGTgCDR23YAhd/qV/68bBtBCXjoO1uepoDesPag6IC6FUh2a52oZNmXpRayCu
fjR5yFFg6nsFiX+OEgeVLvisOOyRJO2qumlubbgpxHN+1F0GGed2Rd7GnQfrIoQA
uiqNO9V1SFLJyOPnn4pCWoJPtToQv46gNCQRaaz+P1Moou4s5I/hv76OOJ+ehc7l
oXOeBXXt9DMazykpKZ7PO6rvitqFB8xlqpuzBFbVJRJUKgKZR0fk/exGEcpKryvJ
jxf3TXTibwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFM0y5ukMbtO7aWBSEVtajC43
fNjJMB8GA1UdIwQYMBaAFLc7BZcaGna98bxhpReLALT/cbq7MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzNiODZjYjc3LTY5YWMtNDNkOS05ZjZj
LWZjNTMwNjZiZWI4OC8yL0I3M0IwNTk3MUExQTc2QkRGMUJDNjFBNTE3OEIwMEI0
RkY3MUJBQkIuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzg3MWRhNDBmLTc5M2Et
NGE0NS1hMGE5LTk3ODE0ODMyMWEwNy8wZWMxNzE1Ny02NmRlLTRhYWItODVlNy0y
OGFmNGRlNDMwZTIvZDkwZDhhYmEyYTUyZTY1ODcyMjUyMmVjNDJjNjI2ZjAyOTc1
MGUwMTVkYmRiYTQxOGYuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzNiODZjYjc3LTY5YWMtNDNkOS05ZjZjLWZjNTMwNjZiZWI4OC8yLzMyMzYzMDMy
M2E2NjM5NjY2MTNhM2EyZjMzMzYyZDM0MzgyMDNkM2UyMDM2MzAzODM1Mzgucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgQmAvn6ADANBgkqhkiG9w0BAQsFAAOCAQEAMIx+yOBjMpmNAc3urwJc
Vu52AJF6XW2G9sJKj2CQlsHfPxm4NfTEWcfR9Z4DKPNvPtZsK6cD3+Ao9DTlrQ60
jknMgjQ+Bfe1gB3c6U1Vjwr10hjFs/KTci3NMFt6niY9fAMpFGnc19U5hYYSAji3
V6q0wAVekX3/uxSpD9yy4iVB19XSis2FakRogRSbZsUHeioSY+OSjvmF7KGTVWWU
Pf11zmGvgNOvE7Th/3gKgO/NddU/izHwbGD/CTC2/7leLVrbqiPZYk5nJ7+mU2bd
fNiomkwGw4+2M+P1GHuZnmJEg1D/L8DOg9G2W8K3kLTKTUEHwNuLn8B/i7ckC3d8
hw==
-----END CERTIFICATE-----