Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/75704d48-5a15-4128-af8d-fc769c5c25a1/4/32332e3134352e35362e302f32342d3234203d3e20323033343533.roa
File:                     32332e3134352e35362e302f32342d3234203d3e20323033343533.roa (raw, json)
Hash identifier:          3uaS2cOgKlg/Dldobr5vUUZ+x6BeuVB/9K0vSYfDydk=
Subject key identifier:   30:62:B1:33:2A:57:A8:D5:0E:49:2D:5C:C1:3C:B8:86:97:D4:15:56
Certificate issuer:       /CN=1822fe9c8a0d2b8ebcb09d2b5bf7a33a8d8cd035f17f496a83
Certificate serial:       226D9ED40D293FC9EADFBCAF1FDADB158F12E9EF
Authority key identifier: 42:6D:91:E7:ED:4E:D7:1A:64:D0:AB:27:FA:C8:A4:C5:68:7B:40:BB
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a0d2b8ebcb09d2b5bf7a33a8d8cd035f17f496a83.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/75704d48-5a15-4128-af8d-fc769c5c25a1/4/32332e3134352e35362e302f32342d3234203d3e20323033343533.roa
Signing time:             Sun 29 Jan 2023 16:05:42 +0000
ROA not before:           Sun 29 Jan 2023 16:00:42 +0000
ROA not after:            Sun 28 Jan 2024 16:05:42 +0000
asID:                     203453
IP address blocks:        23.145.56.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:6d:9e:d4:0d:29:3f:c9:ea:df:bc:af:1f:da:db:15:8f:12:e9:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1822fe9c8a0d2b8ebcb09d2b5bf7a33a8d8cd035f17f496a83
        Validity
            Not Before: Jan 29 16:00:42 2023 GMT
            Not After : Jan 28 16:05:42 2024 GMT
        Subject: CN=3062B1332A57A8D50E492D5CC13CB88697D41556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c4:4c:bd:ad:79:2f:1e:e8:9a:53:6b:41:f2:
                    c2:36:a4:0f:1e:39:33:0f:d9:13:5a:8d:8d:93:c4:
                    c6:ff:70:fc:91:51:75:f8:81:35:bd:c2:a7:6a:4f:
                    ba:b8:c8:73:53:5a:90:04:3b:02:68:1b:eb:33:b4:
                    6e:34:42:09:57:5a:f7:15:76:da:8a:dd:a1:4d:59:
                    a6:56:ed:1b:74:44:64:37:48:00:7d:e1:18:30:53:
                    02:2b:3f:52:85:79:19:28:9e:a7:15:57:a8:fc:da:
                    ef:88:f9:67:19:e8:51:d4:1d:67:fc:4e:47:f3:65:
                    05:34:99:a9:8e:5f:32:b1:77:09:60:bb:8c:55:d5:
                    8a:24:e9:87:c3:07:9a:97:88:05:8c:25:3e:9e:ad:
                    0a:5e:f3:81:e0:4f:d8:b4:dd:e1:50:fd:7c:fd:9e:
                    27:82:01:bf:dc:1d:1f:d7:30:62:d4:6a:f0:85:bb:
                    ea:98:f9:55:fd:74:7b:f2:10:45:b3:fb:53:e2:11:
                    23:0a:4e:4e:30:f9:67:ff:fd:65:ee:48:28:00:bd:
                    f7:cf:ad:aa:e7:6f:cb:0f:52:dd:2c:97:91:26:c2:
                    57:23:fa:be:c6:66:85:e3:28:43:85:8e:3b:b8:6e:
                    30:6e:9d:dd:fb:36:b3:c0:25:6c:e1:1f:b5:9c:49:
                    7b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:62:B1:33:2A:57:A8:D5:0E:49:2D:5C:C1:3C:B8:86:97:D4:15:56
            X509v3 Authority Key Identifier:
                keyid:42:6D:91:E7:ED:4E:D7:1A:64:D0:AB:27:FA:C8:A4:C5:68:7B:40:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/75704d48-5a15-4128-af8d-fc769c5c25a1/4/426D91E7ED4ED71A64D0AB27FAC8A4C5687B40BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a0d2b8ebcb09d2b5bf7a33a8d8cd035f17f496a83.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/75704d48-5a15-4128-af8d-fc769c5c25a1/4/32332e3134352e35362e302f32342d3234203d3e20323033343533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.145.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:53:16:d4:ff:d6:69:76:d2:47:51:73:c8:3f:9b:b7:a7:ad:
         ec:fc:cf:73:b0:d0:88:b2:df:23:8c:f0:b3:a9:37:f9:98:52:
         c2:d2:50:f6:df:8b:40:cc:69:8e:6c:62:d4:23:50:ea:7a:85:
         88:7d:dc:4a:a8:cd:7d:f1:66:de:60:f3:e0:88:46:2a:ed:56:
         e7:61:20:4f:3c:22:36:c1:da:1e:77:2d:06:cb:08:4b:a2:90:
         e2:97:e0:a6:e8:3e:53:09:d2:8e:c1:f7:28:f0:95:a4:36:d6:
         5a:c6:2a:4d:9c:40:e7:dc:6a:a2:6b:49:8d:7a:45:36:fd:5a:
         03:0d:cf:92:90:eb:b6:cf:5e:3e:91:b2:14:8c:fb:e2:92:6d:
         17:c4:00:5d:39:34:62:ac:8b:25:1d:3c:15:c2:ed:ab:48:f5:
         1f:87:ca:af:d5:6d:c4:d0:51:3a:9f:8c:f6:33:fe:e8:a1:9b:
         26:6e:25:40:4a:43:f2:4e:28:66:87:db:88:62:40:27:98:bf:
         d6:ac:1c:93:fb:14:cf:8a:e5:ea:56:d3:ed:0a:3b:30:f0:0a:
         90:de:f8:05:c1:48:be:bb:44:06:58:f4:5f:9f:07:98:a7:f6:
         a2:f1:38:02:f6:e2:96:58:bb:08:33:7b:e9:bb:88:ee:1c:d6:
         c2:75:b4:7c
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUIm2e1A0pP8nq37yvH9rbFY8S6e8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTgyMmZlOWM4YTBkMmI4ZWJjYjA5ZDJiNWJmN2EzM2E4
ZDhjZDAzNWYxN2Y0OTZhODMwHhcNMjMwMTI5MTYwMDQyWhcNMjQwMTI4MTYwNTQy
WjAzMTEwLwYDVQQDEygzMDYyQjEzMzJBNTdBOEQ1MEU0OTJENUNDMTNDQjg4Njk3
RDQxNTU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cRMva15Lx7o
mlNrQfLCNqQPHjkzD9kTWo2Nk8TG/3D8kVF1+IE1vcKnak+6uMhzU1qQBDsCaBvr
M7RuNEIJV1r3FXbait2hTVmmVu0bdERkN0gAfeEYMFMCKz9ShXkZKJ6nFVeo/Nrv
iPlnGehR1B1n/E5H82UFNJmpjl8ysXcJYLuMVdWKJOmHwweal4gFjCU+nq0KXvOB
4E/YtN3hUP18/Z4nggG/3B0f1zBi1GrwhbvqmPlV/XR78hBFs/tT4hEjCk5OMPln
//1l7kgoAL33z62q52/LD1LdLJeRJsJXI/q+xmaF4yhDhY47uG4wbp3d+zazwCVs
4R+1nEl7FwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFDBisTMqV6jVDkktXME8uIaX
1BVWMB8GA1UdIwQYMBaAFEJtkeftTtcaZNCrJ/rIpMVoe0C7MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzc1NzA0ZDQ4LTVhMTUtNDEyOC1hZjhk
LWZjNzY5YzVjMjVhMS80LzQyNkQ5MUU3RUQ0RUQ3MUE2NEQwQUIyN0ZBQzhBNEM1
Njg3QjQwQkIuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS81NTYzZTJmOS00ZDliLTQwYzMtYWZhMi1j
ZTcwNDVmZmQyM2EvMTgyMmZlOWM4YTBkMmI4ZWJjYjA5ZDJiNWJmN2EzM2E4ZDhj
ZDAzNWYxN2Y0OTZhODMuY2VyMIGtBggrBgEFBQcBCwSBoDCBnTCBmgYIKwYBBQUH
MAuGgY1yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
Lzc1NzA0ZDQ4LTVhMTUtNDEyOC1hZjhkLWZjNzY5YzVjMjVhMS80LzMyMzMyZTMx
MzQzNTJlMzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMzM0MzUzMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEABeRODANBgkqhkiG9w0BAQsFAAOCAQEAK1MW1P/WaXbSR1FzyD+b
t6et7PzPc7DQiLLfI4zws6k3+ZhSwtJQ9t+LQMxpjmxi1CNQ6nqFiH3cSqjNffFm
3mDz4IhGKu1W52EgTzwiNsHaHnctBssIS6KQ4pfgpug+UwnSjsH3KPCVpDbWWsYq
TZxA59xqomtJjXpFNv1aAw3PkpDrts9ePpGyFIz74pJtF8QAXTk0YqyLJR08FcLt
q0j1H4fKr9VtxNBROp+M9jP+6KGbJm4lQEpD8k4oZofbiGJAJ5i/1qwck/sUz4rl
6lbT7Qo7MPAKkN74BcFIvrtEBlj0X58HmKf2ovE4Avbilli7CDN76buI7hzWwnW0
fA==
-----END CERTIFICATE-----