Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/1/323630323a663764653a3a2f34302d3438203d3e203236393534.roa
File:                     323630323a663764653a3a2f34302d3438203d3e203236393534.roa (raw, json)
Hash identifier:          dVW6ZUsxUgXCaz0kq7P1NzZswddC3cxPIFG0EovOzUk=
Subject key identifier:   A0:A8:21:E0:3C:4D:43:A7:57:35:9C:30:95:DB:2E:C7:90:01:00:1E
Certificate issuer:       /CN=324ffe39a98a0146b503d8a015ca2c2e767cf3d0b9fde6231b
Certificate serial:       422E24BF730196D80BE65DF2BE76B074AEA8DD1B
Authority key identifier: 3F:CD:3A:83:9E:A1:41:7F:D9:88:F3:DD:FD:04:54:19:7F:AA:F4:7A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/69fd0156-bb1f-48b6-bf32-c9492286f195/51cd99f7-2f42-4dec-b2c6-09bafaa3780e/324ffe39a98a0146b503d8a015ca2c2e767cf3d0b9fde6231b.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/1/323630323a663764653a3a2f34302d3438203d3e203236393534.roa
Signing time:             Thu 31 Oct 2024 15:39:02 +0000
ROA not before:           Thu 31 Oct 2024 15:34:02 +0000
ROA not after:            Thu 30 Oct 2025 15:39:02 +0000
asID:                     26954
IP address blocks:        2602:f7de::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:2e:24:bf:73:01:96:d8:0b:e6:5d:f2:be:76:b0:74:ae:a8:dd:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=324ffe39a98a0146b503d8a015ca2c2e767cf3d0b9fde6231b
        Validity
            Not Before: Oct 31 15:34:02 2024 GMT
            Not After : Oct 30 15:39:02 2025 GMT
        Subject: CN=A0A821E03C4D43A757359C3095DB2EC79001001E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fa:42:37:28:85:17:ee:94:e5:59:61:91:b0:
                    10:23:30:78:1b:3f:88:d2:07:51:d9:ce:62:98:64:
                    b2:e9:63:72:9c:79:ad:a3:88:5b:1f:a4:d3:6b:83:
                    87:64:37:2e:7a:95:b6:1e:4f:21:c5:9e:b4:bd:d4:
                    32:64:38:9a:93:df:b0:ef:7f:35:0e:f4:13:ab:8a:
                    0d:2d:87:d2:dc:7d:0b:41:8c:26:fc:8b:98:a7:b1:
                    19:60:a0:22:57:f0:c9:12:e2:d1:84:c2:de:af:fd:
                    87:71:08:14:26:03:1f:c1:ad:3c:80:49:82:64:98:
                    aa:a9:c3:1e:7d:a0:2c:f4:a0:68:40:43:96:5f:6f:
                    3d:64:f8:0c:59:e4:d0:0d:a8:b4:58:a5:1b:11:b0:
                    d8:db:7e:e9:2d:62:56:68:e6:e1:09:b9:af:da:13:
                    66:9f:35:a1:b6:97:cf:07:30:7e:b5:9e:89:fd:1a:
                    0d:3a:4f:05:3a:e8:27:31:ea:27:f1:f0:7f:1e:db:
                    4d:b7:b0:d4:ec:d5:bd:05:f8:d8:3c:24:a2:4b:b9:
                    f0:02:41:fb:09:ef:4d:53:46:54:b6:bb:07:d2:8e:
                    27:ff:93:17:c9:09:96:cd:b7:1c:60:6c:30:5d:05:
                    bc:c5:5d:73:da:5b:0d:87:36:bd:a2:db:93:72:0d:
                    60:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A8:21:E0:3C:4D:43:A7:57:35:9C:30:95:DB:2E:C7:90:01:00:1E
            X509v3 Authority Key Identifier:
                keyid:3F:CD:3A:83:9E:A1:41:7F:D9:88:F3:DD:FD:04:54:19:7F:AA:F4:7A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/1/3FCD3A839EA1417FD988F3DDFD0454197FAAF47A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/69fd0156-bb1f-48b6-bf32-c9492286f195/51cd99f7-2f42-4dec-b2c6-09bafaa3780e/324ffe39a98a0146b503d8a015ca2c2e767cf3d0b9fde6231b.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/73b8ec01-8ba5-479f-a229-0ab70e4815bb/1/323630323a663764653a3a2f34302d3438203d3e203236393534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f7de::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:0b:b1:3c:61:4d:ed:c4:1f:3c:7b:1c:cf:23:38:25:1a:55:
         a5:40:bb:88:22:fd:e1:5e:ba:51:c5:e0:7e:22:bb:7a:88:8a:
         03:e9:82:bd:2a:1d:16:df:5a:75:7d:2e:a9:78:11:78:eb:b1:
         8a:91:ec:a0:7e:3b:36:2c:85:34:c8:5e:59:c7:ad:99:62:c2:
         de:aa:e9:6c:04:3c:48:f8:53:a8:78:ef:b2:ad:88:e8:17:0d:
         b9:bc:1b:13:4a:60:14:8a:84:ea:fa:81:29:24:4c:3c:1f:c8:
         4d:2d:3d:54:d1:4b:5b:f7:de:2f:4a:f5:af:dc:1c:f7:ee:27:
         e9:63:1d:4b:66:d3:67:7a:28:2a:30:b3:70:fa:0c:c4:a7:2e:
         23:46:11:a1:a6:83:69:92:c9:1c:77:89:8c:89:d7:d2:25:41:
         78:a8:e9:fe:82:a2:25:95:e4:87:b1:49:58:e0:8a:07:8e:f9:
         a3:0e:aa:36:a0:a2:34:1a:6c:96:1a:a9:ab:7d:af:d2:06:d5:
         7a:56:c8:c2:32:db:3e:04:6e:6f:8b:49:2c:ff:03:a3:bf:9e:
         d1:8f:63:b0:d4:9e:db:ec:ed:23:09:e4:b1:bd:05:f3:d5:d0:
         db:09:fe:73:11:18:7b:16:43:f1:a2:93:71:d6:4b:b2:f3:c7:
         70:a6:f6:66
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUQi4kv3MBltgL5l3yvnawdK6o3RswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMzI0ZmZlMzlhOThhMDE0NmI1MDNkOGEwMTVjYTJjMmU3
NjdjZjNkMGI5ZmRlNjIzMWIwHhcNMjQxMDMxMTUzNDAyWhcNMjUxMDMwMTUzOTAy
WjAzMTEwLwYDVQQDEyhBMEE4MjFFMDNDNEQ0M0E3NTczNTlDMzA5NURCMkVDNzkw
MDEwMDFFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/pCNyiFF+6U
5VlhkbAQIzB4Gz+I0gdR2c5imGSy6WNynHmto4hbH6TTa4OHZDcuepW2Hk8hxZ60
vdQyZDiak9+w7381DvQTq4oNLYfS3H0LQYwm/IuYp7EZYKAiV/DJEuLRhMLer/2H
cQgUJgMfwa08gEmCZJiqqcMefaAs9KBoQEOWX289ZPgMWeTQDai0WKUbEbDY237p
LWJWaObhCbmv2hNmnzWhtpfPBzB+tZ6J/RoNOk8FOugnMeon8fB/HttNt7DU7NW9
BfjYPCSiS7nwAkH7Ce9NU0ZUtrsH0o4n/5MXyQmWzbccYGwwXQW8xV1z2lsNhza9
otuTcg1gxQIDAQABo4ICzTCCAskwHQYDVR0OBBYEFKCoIeA8TUOnVzWcMJXbLseQ
AQAeMB8GA1UdIwQYMBaAFD/NOoOeoUF/2Yjz3f0EVBl/qvR6MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzczYjhlYzAxLThiYTUtNDc5Zi1hMjI5
LTBhYjcwZTQ4MTViYi8xLzNGQ0QzQTgzOUVBMTQxN0ZEOTg4RjNEREZEMDQ1NDE5
N0ZBQUY0N0EuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzY5ZmQwMTU2LWJiMWYt
NDhiNi1iZjMyLWM5NDkyMjg2ZjE5NS81MWNkOTlmNy0yZjQyLTRkZWMtYjJjNi0w
OWJhZmFhMzc4MGUvMzI0ZmZlMzlhOThhMDE0NmI1MDNkOGEwMTVjYTJjMmU3Njdj
ZjNkMGI5ZmRlNjIzMWIuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzczYjhlYzAxLThiYTUtNDc5Zi1hMjI5LTBhYjcwZTQ4MTViYi8xLzMyMzYzMDMy
M2E2NjM3NjQ2NTNhM2EyZjM0MzAyZDM0MzgyMDNkM2UyMDMyMzYzOTM1MzQucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAmAvfeADANBgkqhkiG9w0BAQsFAAOCAQEAeQuxPGFN7cQfPHsczyM4
JRpVpUC7iCL94V66UcXgfiK7eoiKA+mCvSodFt9adX0uqXgReOuxipHsoH47NiyF
NMheWcetmWLC3qrpbAQ8SPhTqHjvsq2I6BcNubwbE0pgFIqE6vqBKSRMPB/ITS09
VNFLW/feL0r1r9wc9+4n6WMdS2bTZ3ooKjCzcPoMxKcuI0YRoaaDaZLJHHeJjInX
0iVBeKjp/oKiJZXkh7FJWOCKB475ow6qNqCiNBpslhqpq32v0gbVelbIwjLbPgRu
b4tJLP8Do7+e0Y9jsNSe2+ztIwnksb0F89XQ2wn+cxEYexZD8aKTcdZLsvPHcKb2
Zg==
-----END CERTIFICATE-----
Generated at Tue Apr 8 14:37:07 2025 by rpki-client