Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/1/326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa
File:                     326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa (raw, json)
Hash identifier:          /CFUhpNUUZNwoRgflpnALQIis6DpR20ZsBTAXpcqHGA=
Subject key identifier:   21:BF:C9:4E:B8:B4:5D:D1:E1:14:9B:1F:1A:C1:A8:58:00:A9:14:27
Certificate issuer:       /CN=FA8F32A0B21DD2779315422B5A2184C649E03C0B
Certificate serial:       1451D3F3F23032EE42CF29D165DBFCB80854529D
Authority key identifier: FA:8F:32:A0:B2:1D:D2:77:93:15:42:2B:5A:21:84:C6:49:E0:3C:0B
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/FA8F32A0B21DD2779315422B5A2184C649E03C0B.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/1/326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa
Signing time:             Fri 07 Mar 2025 16:03:58 +0000
ROA not before:           Fri 07 Mar 2025 15:58:58 +0000
ROA not after:            Fri 06 Mar 2026 16:03:58 +0000
asID:                     208453
IP address blocks:        2a07:54c1:f000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:51:d3:f3:f2:30:32:ee:42:cf:29:d1:65:db:fc:b8:08:54:52:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FA8F32A0B21DD2779315422B5A2184C649E03C0B
        Validity
            Not Before: Mar  7 15:58:58 2025 GMT
            Not After : Mar  6 16:03:58 2026 GMT
        Subject: CN=21BFC94EB8B45DD1E1149B1F1AC1A85800A91427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:50:d5:c8:8b:e5:42:45:2b:8d:0d:d7:bb:c2:
                    aa:2a:a9:13:2d:28:e4:8c:c8:d3:c4:35:fa:bc:08:
                    1c:37:d4:88:94:16:c8:3b:ca:a1:12:80:98:92:12:
                    70:97:cc:c9:65:ea:40:30:27:81:3d:a4:1c:e9:b4:
                    b3:ff:50:71:11:d8:31:25:69:98:44:16:d2:85:11:
                    80:1a:85:c8:f6:42:fe:ba:b7:b0:5c:ef:14:07:2c:
                    77:e8:75:49:0b:80:46:86:45:16:fd:94:df:e1:af:
                    cf:64:c0:f2:ed:48:25:85:5a:0e:ad:1f:3d:ac:e5:
                    81:1a:52:b8:f5:9c:e4:14:68:36:66:21:79:cc:76:
                    71:0a:e4:a6:79:47:d3:4f:3f:f0:c5:80:40:5a:99:
                    a5:20:61:a9:3d:82:e3:a8:18:13:50:b3:be:12:8d:
                    44:5b:20:4c:b4:9c:af:ad:d1:a8:db:f8:ae:04:e4:
                    08:12:dd:49:98:7b:55:e0:ec:dd:89:18:9f:dc:70:
                    13:db:09:4d:92:87:04:f4:2f:10:75:7f:55:64:ce:
                    07:36:33:e1:10:c1:71:2f:5b:8d:d7:52:6d:d1:59:
                    8c:c2:44:37:87:dd:d3:35:e4:e8:96:b0:e0:f2:36:
                    82:29:44:3c:24:5e:c0:16:41:08:c2:51:d0:87:ba:
                    44:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BF:C9:4E:B8:B4:5D:D1:E1:14:9B:1F:1A:C1:A8:58:00:A9:14:27
            X509v3 Authority Key Identifier:
                keyid:FA:8F:32:A0:B2:1D:D2:77:93:15:42:2B:5A:21:84:C6:49:E0:3C:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/1/FA8F32A0B21DD2779315422B5A2184C649E03C0B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa004ba1-419b-4db5-bbd3-5cca633cae3f/0/FA8F32A0B21DD2779315422B5A2184C649E03C0B.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/71476d62-9cfa-4871-a2d9-fadf5781c11b/1/326130373a353463313a663030303a3a2f33362d3438203d3e20323038343533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:54c1:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         43:2a:57:41:b1:97:45:32:ac:72:41:a0:b8:27:c9:56:d1:16:
         64:7f:be:ee:c4:d7:c5:17:86:01:48:b7:fe:f7:40:6b:a8:ee:
         08:f5:23:9c:7e:fd:4c:be:a6:3b:08:4c:29:a8:46:dc:ed:2f:
         96:a7:b4:d6:f7:ec:3f:38:b1:0d:ef:5a:49:61:d9:3c:81:b6:
         34:1c:77:46:93:10:a2:d3:a9:06:4b:9b:05:3a:a7:4c:9d:55:
         79:2b:11:eb:af:a1:9a:68:97:bc:4f:f8:73:1b:29:e2:4c:ca:
         a4:1b:62:7a:f5:7f:5c:13:5e:bf:65:d9:48:de:62:38:93:14:
         a7:50:90:55:4f:1e:52:79:d3:e7:8b:88:f2:af:2c:5d:0a:d2:
         28:56:ec:d8:a6:38:81:eb:9d:ee:5e:ab:74:b0:52:67:43:54:
         df:cd:0f:61:50:58:9a:f6:22:10:25:88:a7:e9:8e:77:7b:57:
         bc:a8:b9:50:3b:c6:bc:5b:28:2f:33:3e:d9:34:af:fe:c9:65:
         82:40:e9:de:e2:97:5b:27:59:a5:2b:50:c2:f6:cd:46:73:0a:
         0e:ee:2e:b3:b9:1b:26:97:fb:dd:6b:71:5c:8c:b1:30:69:15:
         5a:32:e2:94:84:0b:4e:3a:bd:ad:18:0a:f2:b7:14:38:3e:b0:
         b5:2d:8f:25
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUFFHT8/IwMu5CzynRZdv8uAhUUp0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkE4RjMyQTBCMjFERDI3NzkzMTU0MjJCNUEyMTg0QzY0
OUUwM0MwQjAeFw0yNTAzMDcxNTU4NThaFw0yNjAzMDYxNjAzNThaMDMxMTAvBgNV
BAMTKDIxQkZDOTRFQjhCNDVERDFFMTE0OUIxRjFBQzFBODU4MDBBOTE0MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHUNXIi+VCRSuNDde7wqoqqRMt
KOSMyNPENfq8CBw31IiUFsg7yqESgJiSEnCXzMll6kAwJ4E9pBzptLP/UHER2DEl
aZhEFtKFEYAahcj2Qv66t7Bc7xQHLHfodUkLgEaGRRb9lN/hr89kwPLtSCWFWg6t
Hz2s5YEaUrj1nOQUaDZmIXnMdnEK5KZ5R9NPP/DFgEBamaUgYak9guOoGBNQs74S
jURbIEy0nK+t0ajb+K4E5AgS3UmYe1Xg7N2JGJ/ccBPbCU2ShwT0LxB1f1Vkzgc2
M+EQwXEvW43XUm3RWYzCRDeH3dM15OiWsODyNoIpRDwkXsAWQQjCUdCHukQhAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQUIb/JTri0XdHhFJsfGsGoWACpFCcwHwYDVR0j
BBgwFoAU+o8yoLId0neTFUIrWiGExkngPAswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE0NzZkNjItOWNmYS00ODcxLWEyZDktZmFkZjU3ODFj
MTFiLzEvRkE4RjMyQTBCMjFERDI3NzkzMTU0MjJCNUEyMTg0QzY0OUUwM0MwQi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hYTAwNGJhMS00MTliLTRk
YjUtYmJkMy01Y2NhNjMzY2FlM2YvMC9GQThGMzJBMEIyMUREMjc3OTMxNTQyMkI1
QTIxODRDNjQ5RTAzQzBCLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS83MTQ3NmQ2Mi05Y2ZhLTQ4NzEtYTJkOS1mYWRmNTc4MWMxMWIvMS8zMjYxMzAz
NzNhMzUzNDYzMzEzYTY2MzAzMDMwM2EzYTJmMzMzNjJkMzQzODIwM2QzZTIwMzIz
MDM4MzQzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYEKgdUwfAwDQYJKoZIhvcNAQELBQADggEBAEMq
V0Gxl0UyrHJBoLgnyVbRFmR/vu7E18UXhgFIt/73QGuo7gj1I5x+/Uy+pjsITCmo
RtztL5antNb37D84sQ3vWklh2TyBtjQcd0aTEKLTqQZLmwU6p0ydVXkrEeuvoZpo
l7xP+HMbKeJMyqQbYnr1f1wTXr9l2UjeYjiTFKdQkFVPHlJ50+eLiPKvLF0K0ihW
7NimOIHrne5eq3SwUmdDVN/ND2FQWJr2IhAliKfpjnd7V7youVA7xrxbKC8zPtk0
r/7JZYJA6d7il1snWaUrUML2zUZzCg7uLrO5GyaX+91rcVyMsTBpFVoy4pSEC046
va0YCvK3FDg+sLUtjyU=
-----END CERTIFICATE-----