Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/326130613a363034343a383530303a3a2f34302d3430203d3e20323134383039.roa
File:                     326130613a363034343a383530303a3a2f34302d3430203d3e20323134383039.roa (raw, json)
Hash identifier:          BW6ky+6CFugwvR5bM9gBM+2MBg3Zgjy+mVE9dRIKmpw=
Subject key identifier:   FF:ED:6F:C3:4A:D2:E3:87:E2:A4:8C:8A:8D:CD:30:56:89:80:3F:63
Certificate issuer:       /CN=B89BFA84DC5AFE05076A0800B960FEA22FC90D09
Certificate serial:       66F8DE1069FFEB9AF38D2CA08517544AD2430D3B
Authority key identifier: B8:9B:FA:84:DC:5A:FE:05:07:6A:08:00:B9:60:FE:A2:2F:C9:0D:09
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/B89BFA84DC5AFE05076A0800B960FEA22FC90D09.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/326130613a363034343a383530303a3a2f34302d3430203d3e20323134383039.roa
Signing time:             Fri 23 Aug 2024 15:55:00 +0000
ROA not before:           Fri 23 Aug 2024 15:50:00 +0000
ROA not after:            Fri 22 Aug 2025 15:55:00 +0000
asID:                     214809
IP address blocks:        2a0a:6044:8500::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:f8:de:10:69:ff:eb:9a:f3:8d:2c:a0:85:17:54:4a:d2:43:0d:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B89BFA84DC5AFE05076A0800B960FEA22FC90D09
        Validity
            Not Before: Aug 23 15:50:00 2024 GMT
            Not After : Aug 22 15:55:00 2025 GMT
        Subject: CN=FFED6FC34AD2E387E2A48C8A8DCD305689803F63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:06:5a:05:46:c7:d3:a6:b1:aa:dc:32:2d:ba:
                    dd:fb:fa:44:3e:f2:d9:ad:2d:3f:ca:38:c4:39:c6:
                    22:31:07:c9:81:35:1b:17:46:4c:3b:dd:90:9e:28:
                    7e:fa:56:7f:96:eb:9b:38:1e:df:a1:1b:d2:a7:ba:
                    b3:a9:45:c6:83:2b:f8:32:b2:12:0f:b3:35:21:29:
                    e6:cf:54:69:12:53:8b:b4:73:38:a3:cb:da:c5:a2:
                    7b:cb:69:5b:da:f8:63:31:16:9e:10:fd:0d:50:d1:
                    ad:e7:76:23:37:0e:3a:d6:35:8c:36:b2:60:a6:01:
                    7c:4d:9d:42:1a:cb:37:1d:46:72:22:f9:df:96:dd:
                    5d:bf:8f:68:92:c6:78:be:64:98:8c:16:c7:35:25:
                    1a:e9:fa:a6:69:a8:54:fd:db:3f:55:51:f5:16:bf:
                    4c:db:73:32:9e:04:6e:4f:71:4d:9c:69:a7:b0:be:
                    e7:54:ee:d4:03:82:b9:e8:56:79:5e:d5:0a:86:90:
                    3b:ca:d9:e5:69:18:fb:81:8b:d2:09:72:ab:3b:aa:
                    4d:aa:c0:78:4b:b8:5f:86:cf:6f:d3:7f:2a:c0:18:
                    41:3e:1b:06:57:8d:6b:58:5d:dd:16:b1:f9:96:df:
                    27:cc:2c:a8:af:e3:5e:19:04:77:df:32:da:90:72:
                    2e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:ED:6F:C3:4A:D2:E3:87:E2:A4:8C:8A:8D:CD:30:56:89:80:3F:63
            X509v3 Authority Key Identifier:
                keyid:B8:9B:FA:84:DC:5A:FE:05:07:6A:08:00:B9:60:FE:A2:2F:C9:0D:09

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/B89BFA84DC5AFE05076A0800B960FEA22FC90D09.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/B89BFA84DC5AFE05076A0800B960FEA22FC90D09.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662cb/1/326130613a363034343a383530303a3a2f34302d3430203d3e20323134383039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:8500::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:a5:7f:36:44:e8:b1:0f:8f:f1:07:4a:a0:50:f3:51:ba:6e:
         8c:a6:a6:8e:e5:20:b4:c7:9c:15:59:c0:a2:76:38:88:c6:d0:
         ac:eb:7d:a5:78:08:96:5b:82:55:4d:9a:bf:90:50:b6:ba:9c:
         ee:7d:69:83:84:1f:b5:37:c5:0a:9e:94:36:29:48:4b:f0:eb:
         14:0b:31:3c:3c:eb:7d:01:20:33:0e:e9:85:ce:7f:95:bb:f4:
         dc:ee:47:fc:b4:17:92:7c:9d:fe:c6:fc:eb:0e:ae:b7:8e:fc:
         8e:5c:69:04:9f:bf:15:69:a2:3c:18:70:38:47:3c:9e:3e:35:
         6c:0e:71:b3:3e:be:52:9a:7a:bd:c0:fb:c1:f4:f6:7d:37:93:
         1f:59:06:de:4d:ff:42:24:61:a9:28:52:f1:cc:d7:1d:49:92:
         0a:6f:3c:61:70:5c:22:d5:3a:d0:05:d6:d1:d9:52:c3:c3:51:
         a9:07:d3:4a:87:80:dd:89:fe:44:70:d3:a2:e7:a5:b8:f4:dc:
         eb:08:81:80:80:85:79:6a:df:0e:28:21:76:4f:da:79:f4:07:
         b1:be:23:66:3a:08:15:b0:c4:51:85:0c:d6:ca:99:fb:ed:dd:
         86:58:9b:93:e1:c5:3a:bb:d4:30:c6:a8:7e:ad:08:44:2c:57:
         25:17:88:b8
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUZvjeEGn/65rzjSyghRdUStJDDTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjg5QkZBODREQzVBRkUwNTA3NkEwODAwQjk2MEZFQTIy
RkM5MEQwOTAeFw0yNDA4MjMxNTUwMDBaFw0yNTA4MjIxNTU1MDBaMDMxMTAvBgNV
BAMTKEZGRUQ2RkMzNEFEMkUzODdFMkE0OEM4QThEQ0QzMDU2ODk4MDNGNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyBloFRsfTprGq3DItut37+kQ+
8tmtLT/KOMQ5xiIxB8mBNRsXRkw73ZCeKH76Vn+W65s4Ht+hG9KnurOpRcaDK/gy
shIPszUhKebPVGkSU4u0czijy9rFonvLaVva+GMxFp4Q/Q1Q0a3ndiM3DjrWNYw2
smCmAXxNnUIayzcdRnIi+d+W3V2/j2iSxni+ZJiMFsc1JRrp+qZpqFT92z9VUfUW
v0zbczKeBG5PcU2caaewvudU7tQDgrnoVnle1QqGkDvK2eVpGPuBi9IJcqs7qk2q
wHhLuF+Gz2/TfyrAGEE+GwZXjWtYXd0WsfmW3yfMLKiv414ZBHffMtqQci4rAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQU/+1vw0rS44fipIyKjc0wVomAP2MwHwYDVR0j
BBgwFoAUuJv6hNxa/gUHaggAuWD+oi/JDQkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDkxYTQzYmMtNzZlYy00YWJlLWJhN2QtZTczZTkwZDY2
MmNiLzEvQjg5QkZBODREQzVBRkUwNTA3NkEwODAwQjk2MEZFQTIyRkM5MEQwOS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zMjUzZDk3My1kNWJmLTQ1
NDEtYmNjMS0yNzY1NDNhMjVjN2QvMC9CODlCRkE4NERDNUFGRTA1MDc2QTA4MDBC
OTYwRkVBMjJGQzkwRDA5LmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS80OTFhNDNiYy03NmVjLTRhYmUtYmE3ZC1lNzNlOTBkNjYyY2IvMS8zMjYxMzA2
MTNhMzYzMDM0MzQzYTM4MzUzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzIz
MTM0MzgzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYAKgpgRIUwDQYJKoZIhvcNAQELBQADggEBAC6l
fzZE6LEPj/EHSqBQ81G6boympo7lILTHnBVZwKJ2OIjG0KzrfaV4CJZbglVNmr+Q
ULa6nO59aYOEH7U3xQqelDYpSEvw6xQLMTw8630BIDMO6YXOf5W79NzuR/y0F5J8
nf7G/OsOrreO/I5caQSfvxVpojwYcDhHPJ4+NWwOcbM+vlKaer3A+8H09n03kx9Z
Bt5N/0IkYakoUvHM1x1JkgpvPGFwXCLVOtAF1tHZUsPDUakH00qHgN2J/kRw06Ln
pbj03OsIgYCAhXlq3w4oIXZP2nn0B7G+I2Y6CBWwxFGFDNbKmfvt3YZYm5PhxTq7
1DDGqH6tCEQsVyUXiLg=
-----END CERTIFICATE-----