Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e203530323234.roa
File:                     3139382e3133352e3136392e302f32342d3234203d3e203530323234.roa (raw, json)
Hash identifier:          Mx/kFglfvAPnjYvfeyBt9IUgZPMM2ZL8SCsIka6Ach0=
Subject key identifier:   2E:83:9A:D3:F9:D7:87:06:E4:55:37:39:2C:DB:D4:A3:19:E0:32:F7
Certificate issuer:       /CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
Certificate serial:       111E38ABAE29F0C25CDFFEA45AE26DBAEFD0E311
Authority key identifier: 6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e203530323234.roa
Signing time:             Sat 04 Jan 2025 05:09:33 +0000
ROA not before:           Sat 04 Jan 2025 05:04:33 +0000
ROA not after:            Sat 03 Jan 2026 05:09:33 +0000
asID:                     50224
IP address blocks:        198.135.169.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:1e:38:ab:ae:29:f0:c2:5c:df:fe:a4:5a:e2:6d:ba:ef:d0:e3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
        Validity
            Not Before: Jan  4 05:04:33 2025 GMT
            Not After : Jan  3 05:09:33 2026 GMT
        Subject: CN=2E839AD3F9D78706E45537392CDBD4A319E032F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b6:3a:bf:f5:04:fe:d1:09:9e:93:5e:79:9e:
                    cb:0d:40:a7:d4:b0:66:34:e4:2e:ab:23:d0:0c:7a:
                    2b:70:ca:98:e8:4c:41:72:a5:35:93:4a:7a:33:7c:
                    9b:6d:69:f4:d8:dd:54:50:6d:0c:af:0a:ab:1b:7c:
                    7f:74:81:5d:14:08:26:54:b4:c2:56:1a:53:07:2a:
                    73:89:b6:f2:c2:92:aa:fc:8e:1c:c1:ed:88:92:e3:
                    5d:fd:47:1a:db:2c:dc:c5:ba:ea:ad:aa:3c:c5:94:
                    f8:8c:b5:ac:51:58:64:a1:15:38:38:f6:f7:33:c1:
                    7e:61:5d:96:a4:8a:5a:4d:0b:64:e7:8d:73:04:c9:
                    f7:47:31:ff:c0:86:4b:04:99:97:c4:c0:bf:f9:5f:
                    89:cc:30:98:dd:a5:a5:50:87:06:81:7e:76:ba:5c:
                    60:d4:2f:b7:e6:ce:04:ed:84:75:f8:45:b5:1b:35:
                    ab:53:48:9f:ee:7d:17:e2:23:31:fb:15:00:c7:a4:
                    a5:16:c9:28:4b:87:ef:56:0a:9c:a2:4d:c6:0f:38:
                    a2:e4:de:61:b4:8c:90:e8:be:6a:bf:79:52:e6:7b:
                    a8:f8:83:d6:2d:5f:10:03:2b:9f:c1:d2:c6:26:cc:
                    a7:ca:d6:92:4b:5b:2f:18:ce:2b:20:ee:56:65:ea:
                    c3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:83:9A:D3:F9:D7:87:06:E4:55:37:39:2C:DB:D4:A3:19:E0:32:F7
            X509v3 Authority Key Identifier:
                keyid:6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e203530323234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.135.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:a9:d8:e4:1f:a6:cd:e4:4d:99:f9:b1:ca:41:88:9d:c3:bb:
         4b:1d:25:8d:5c:0c:f2:3b:33:cd:74:ea:fc:7e:3d:1a:3b:8d:
         f0:8e:dc:b9:e1:b0:bf:bd:55:ef:f5:f5:41:ba:35:40:a4:23:
         4f:db:7b:1e:0d:5f:f9:66:85:5a:a7:09:2f:69:f9:34:96:e7:
         1e:e4:df:cc:7e:5e:e0:08:51:c7:19:42:bb:5f:e0:75:2d:5f:
         a7:49:fb:33:9b:43:46:20:12:3c:7d:1c:f0:cf:32:b1:9d:62:
         cd:08:fd:61:b6:88:ab:94:c3:bc:a0:72:f2:e1:b0:4d:39:a0:
         2e:8f:00:b2:22:38:a9:b4:64:a4:9c:6b:d3:d7:c4:91:76:30:
         39:2b:7b:80:53:8c:e3:69:48:31:20:ae:03:ca:70:94:90:6a:
         d6:1a:1e:46:c0:9a:85:19:17:d8:2f:87:72:b4:05:eb:73:95:
         4f:7a:86:fa:36:47:c3:eb:5b:24:68:c9:bd:af:6e:38:92:cf:
         7f:a7:c3:83:df:90:99:de:fd:26:f2:b9:35:04:e2:7e:92:80:
         93:f7:e7:1a:94:a6:c0:75:95:b9:19:ac:38:3a:0f:3a:a8:7c:
         ca:73:36:dd:26:06:8c:c1:a7:63:99:f8:40:59:40:ed:86:4f:
         9d:ea:2c:13
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIUER44q64p8MJc3/6kWuJtuu/Q4xEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIw
MjY3OTY2MDExMmJlOWEyZDcwHhcNMjUwMTA0MDUwNDMzWhcNMjYwMTAzMDUwOTMz
WjAzMTEwLwYDVQQDEygyRTgzOUFEM0Y5RDc4NzA2RTQ1NTM3MzkyQ0RCRDRBMzE5
RTAzMkY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rY6v/UE/tEJ
npNeeZ7LDUCn1LBmNOQuqyPQDHorcMqY6ExBcqU1k0p6M3ybbWn02N1UUG0Mrwqr
G3x/dIFdFAgmVLTCVhpTBypzibbywpKq/I4cwe2IkuNd/Uca2yzcxbrqrao8xZT4
jLWsUVhkoRU4OPb3M8F+YV2WpIpaTQtk541zBMn3RzH/wIZLBJmXxMC/+V+JzDCY
3aWlUIcGgX52ulxg1C+35s4E7YR1+EW1GzWrU0if7n0X4iMx+xUAx6SlFskoS4fv
Vgqcok3GDzii5N5htIyQ6L5qv3lS5nuo+IPWLV8QAyufwdLGJsynytaSS1svGM4r
IO5WZerDQwIDAQABo4ICzzCCAsswHQYDVR0OBBYEFC6DmtP514cG5FU3OSzb1KMZ
4DL3MB8GA1UdIwQYMBaAFGpvbsJypevcGCQcLITR2f6UwSWqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC83LzZBNkY2RUMyNzJBNUVCREMxODI0MUMyQzg0RDFEOUZF
OTRDMTI1QUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTIt
NDk5NC04ZjZjLWQ2YzkxYjBiODQxNS84MjlmYjg3Mi0xNWJiLTRhNGUtOWVkOS0y
NTk5NjBiMDQ5YmQvNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIwMjY3
OTY2MDExMmJlOWEyZDcuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUH
MAuGgY9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC83LzMxMzkzODJl
MzEzMzM1MmUzMTM2MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzIzMjM0
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAxoepMA0GCSqGSIb3DQEBCwUAA4IBAQA6qdjkH6bN5E2Z+bHK
QYidw7tLHSWNXAzyOzPNdOr8fj0aO43wjty54bC/vVXv9fVBujVApCNP23seDV/5
ZoVapwkvafk0luce5N/Mfl7gCFHHGUK7X+B1LV+nSfszm0NGIBI8fRzwzzKxnWLN
CP1htoirlMO8oHLy4bBNOaAujwCyIjiptGSknGvT18SRdjA5K3uAU4zjaUgxIK4D
ynCUkGrWGh5GwJqFGRfYL4dytAXrc5VPeob6NkfD61skaMm9r244ks9/p8OD35CZ
3v0m8rk1BOJ+koCT9+calKbAdZW5Gaw4Og86qHzKczbdJgaMwadjmfhAWUDthk+d
6iwT
-----END CERTIFICATE-----