Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a66663a3a2f34382d3438203d3e203633333930.roa
File:                     323630323a663939323a66663a3a2f34382d3438203d3e203633333930.roa (raw, json)
Hash identifier:          ofYyhY8QxgV7oA+K00vYAeRxc4dVjV27+J0ru1bGCjk=
Subject key identifier:   38:10:12:11:0C:FC:6E:2C:C1:67:F9:32:EA:F2:4E:68:E4:F0:3B:A8
Certificate issuer:       /CN=a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355
Certificate serial:       0874A41266BDF3D7671CBCFBC098A4850AA3B8AF
Authority key identifier: 2F:0F:1B:C6:7D:D2:B9:A7:E2:54:56:38:C1:73:D5:EC:06:0C:27:D0
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a66663a3a2f34382d3438203d3e203633333930.roa
Signing time:             Wed 22 Jan 2025 01:56:43 +0000
ROA not before:           Wed 22 Jan 2025 01:51:43 +0000
ROA not after:            Wed 21 Jan 2026 01:56:43 +0000
asID:                     63390
IP address blocks:        2602:f992:ff::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:74:a4:12:66:bd:f3:d7:67:1c:bc:fb:c0:98:a4:85:0a:a3:b8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355
        Validity
            Not Before: Jan 22 01:51:43 2025 GMT
            Not After : Jan 21 01:56:43 2026 GMT
        Subject: CN=381012110CFC6E2CC167F932EAF24E68E4F03BA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0b:a1:cc:08:36:f5:f9:52:0d:62:cc:2c:b4:
                    1d:3c:4a:4a:5e:51:8c:54:e7:cc:5d:d7:14:1a:a6:
                    24:71:c5:8c:81:85:15:93:b6:6d:d5:e6:e4:84:1d:
                    fe:36:8c:ef:db:62:9a:55:a5:04:a8:51:f7:f5:bf:
                    30:a9:5e:b4:1f:01:09:5c:09:d7:af:8e:6b:25:93:
                    c2:28:6f:dc:f6:b2:84:a3:c6:5d:26:f1:0a:d7:ca:
                    c5:3f:af:dc:4b:90:d4:0f:12:bf:c8:e3:f3:e7:c6:
                    ee:5a:c4:9d:67:8f:87:ea:31:96:51:0a:2c:27:64:
                    db:d0:54:16:f7:d6:c0:69:1a:7f:5f:0c:87:1c:54:
                    d5:9c:93:15:ef:9c:a8:9b:85:c5:b5:ac:48:25:23:
                    f4:28:cb:c9:84:d1:6c:85:bf:73:ee:f0:b8:c7:52:
                    ee:66:51:99:16:4b:08:ed:69:91:97:c8:86:72:06:
                    64:32:17:15:ae:a7:0a:4f:c6:08:a0:77:f8:d1:10:
                    cc:d3:22:96:14:e1:b8:56:67:e8:6c:bb:74:4b:91:
                    fd:e0:d2:ad:0e:08:bf:e8:a2:a2:8b:ee:19:25:fe:
                    77:12:ae:e6:c1:ef:ba:9e:5e:3a:47:ef:ef:ac:c8:
                    84:57:07:22:e3:90:b0:8b:32:20:0a:bd:32:e7:f5:
                    8a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:10:12:11:0C:FC:6E:2C:C1:67:F9:32:EA:F2:4E:68:E4:F0:3B:A8
            X509v3 Authority Key Identifier:
                keyid:2F:0F:1B:C6:7D:D2:B9:A7:E2:54:56:38:C1:73:D5:EC:06:0C:27:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/2F0F1BC67DD2B9A7E2545638C173D5EC060C27D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a66663a3a2f34382d3438203d3e203633333930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f992:ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:70:5b:81:b2:a6:9f:20:36:5f:01:ca:a7:05:ad:5e:bb:ab:
         e7:25:88:3a:3c:4d:a7:b6:30:d3:17:da:29:01:3e:5d:35:9b:
         cf:bc:5b:8d:0c:dc:8a:e6:fe:46:3b:e8:5d:89:ec:dc:05:03:
         90:d3:6f:fd:29:74:46:46:da:96:3e:b3:5b:27:1e:dc:46:39:
         13:aa:de:76:9d:06:74:fe:93:ce:2a:8a:b7:b8:57:f0:4d:c0:
         e9:9a:70:6a:30:9b:75:65:d6:99:29:31:e7:79:54:cf:34:45:
         5e:a1:2d:60:cf:08:e0:0e:90:55:90:aa:0c:96:ba:b6:01:c4:
         d9:21:57:cc:88:b7:15:11:9a:37:21:a8:75:47:15:ab:cc:6f:
         22:3d:98:b7:f2:06:6b:87:4d:73:7e:92:b0:70:70:7e:9f:93:
         a5:a6:24:93:f2:c9:bd:45:7a:e1:62:cb:ef:97:2f:51:60:d6:
         30:fa:01:d1:46:3e:10:b6:81:18:bb:e4:7e:f2:9d:a4:67:f4:
         76:38:4c:49:cf:c6:be:d0:4a:17:a4:a3:64:8c:f0:dd:90:a6:
         3f:fc:47:c6:7e:d3:4f:5d:59:a2:48:21:1c:5d:b8:f6:04:37:
         da:08:5f:85:bd:ba:42:20:36:42:f1:ad:00:af:a9:51:53:ea:
         fc:6a:b4:bd
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgIUCHSkEma989dnHLz7wJikhQqjuK8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYTFiYTEwOTNiYmYzNDk5MWJmNTlhMzViMmJjYWY0OWFi
ODI4MTc2ZmE0MzEwYjYzNTUwHhcNMjUwMTIyMDE1MTQzWhcNMjYwMTIxMDE1NjQz
WjAzMTEwLwYDVQQDEygzODEwMTIxMTBDRkM2RTJDQzE2N0Y5MzJFQUYyNEU2OEU0
RjAzQkE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AuhzAg29flS
DWLMLLQdPEpKXlGMVOfMXdcUGqYkccWMgYUVk7Zt1ebkhB3+Nozv22KaVaUEqFH3
9b8wqV60HwEJXAnXr45rJZPCKG/c9rKEo8ZdJvEK18rFP6/cS5DUDxK/yOPz58bu
WsSdZ4+H6jGWUQosJ2Tb0FQW99bAaRp/XwyHHFTVnJMV75yom4XFtaxIJSP0KMvJ
hNFshb9z7vC4x1LuZlGZFksI7WmRl8iGcgZkMhcVrqcKT8YIoHf40RDM0yKWFOG4
VmfobLt0S5H94NKtDgi/6KKii+4ZJf53Eq7mwe+6nl46R+/vrMiEVwci45CwizIg
Cr0y5/WKIwIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFDgQEhEM/G4swWf5MuryTmjk
8DuoMB8GA1UdIwQYMBaAFC8PG8Z90rmn4lRWOMFz1ewGDCfQMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUtNDI5OS1iMDc5
LTMwOWVkOTdmMzgyNC8xLzJGMEYxQkM2N0REMkI5QTdFMjU0NTYzOEMxNzNENUVD
MDYwQzI3RDAuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC9iOTE1ODEwZC1iOTdhLTQ2OTYtOTU1ZC00
OTVkNWQxMmMzYjUvYTFiYTEwOTNiYmYzNDk5MWJmNTlhMzViMmJjYWY0OWFiODI4
MTc2ZmE0MzEwYjYzNTUuY2VyMIGxBggrBgEFBQcBCwSBpDCBoTCBngYIKwYBBQUH
MAuGgZFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
Lzg5MjcwZjZjLWEzZmUtNDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8xLzMyMzYzMDMy
M2E2NjM5MzkzMjNhNjY2NjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM2MzMzMzM5
MzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAmAvmSAP8wDQYJKoZIhvcNAQELBQADggEBAHNwW4Gypp8g
Nl8ByqcFrV67q+cliDo8Tae2MNMX2ikBPl01m8+8W40M3Irm/kY76F2J7NwFA5DT
b/0pdEZG2pY+s1snHtxGOROq3nadBnT+k84qire4V/BNwOmacGowm3Vl1pkpMed5
VM80RV6hLWDPCOAOkFWQqgyWurYBxNkhV8yItxURmjchqHVHFavMbyI9mLfyBmuH
TXN+krBwcH6fk6WmJJPyyb1FeuFiy++XL1Fg1jD6AdFGPhC2gRi75H7ynaRn9HY4
TEnPxr7QSheko2SM8N2Qpj/8R8Z+009dWaJIIRxduPYEN9oIX4W9ukIgNkLxrQCv
qVFT6vxqtL0=
-----END CERTIFICATE-----