Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa
File:                     326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa (raw, json)
Hash identifier:          HVQR2cbKt8VVrQisjkBAhrhp4KsXJej/OLSmUeqTsY0=
Subject key identifier:   BB:FF:E7:A0:85:A0:D6:52:D0:0B:5C:03:C6:C1:12:96:B1:96:75:24
Certificate issuer:       /CN=52285B8754F215EBEAB614DEB86E66DA3B37320C
Certificate serial:       20BBBB3533DB780495E434A3D875B293BA860852
Authority key identifier: 52:28:5B:87:54:F2:15:EB:EA:B6:14:DE:B8:6E:66:DA:3B:37:32:0C
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/52285B8754F215EBEAB614DEB86E66DA3B37320C.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa
Signing time:             Sun 28 Jul 2024 14:07:55 +0000
ROA not before:           Sun 28 Jul 2024 14:02:55 +0000
ROA not after:            Sun 27 Jul 2025 14:07:55 +0000
asID:                     153176
IP address blocks:        2a14:7581:f20::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:bb:bb:35:33:db:78:04:95:e4:34:a3:d8:75:b2:93:ba:86:08:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52285B8754F215EBEAB614DEB86E66DA3B37320C
        Validity
            Not Before: Jul 28 14:02:55 2024 GMT
            Not After : Jul 27 14:07:55 2025 GMT
        Subject: CN=BBFFE7A085A0D652D00B5C03C6C11296B1967524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9b:de:d6:62:2a:50:46:5e:f7:c5:42:dc:85:
                    3b:c3:dc:85:6e:32:b5:07:c9:2e:53:48:ff:c9:d3:
                    a3:aa:33:46:73:76:21:ee:39:4a:9a:ec:be:ac:3a:
                    12:80:00:fd:6b:54:f0:c0:d0:11:47:02:c5:a0:6f:
                    50:98:19:c7:b9:61:61:80:47:5c:ac:17:4b:06:fa:
                    1c:af:cf:be:55:0a:75:45:ca:99:ec:9a:9d:67:7a:
                    0a:7b:e4:36:d5:08:f6:af:22:aa:d0:c0:46:53:04:
                    53:04:e6:c7:0d:50:c2:e7:46:7d:94:77:38:97:c1:
                    ee:b8:33:c1:e2:9a:96:79:c6:60:51:8a:6f:1c:42:
                    4c:7c:08:76:ae:7f:bc:ca:27:96:af:96:22:ed:23:
                    29:f0:b1:e1:e5:48:f5:79:1b:3d:48:94:5c:5e:be:
                    52:1a:a9:21:26:31:cc:2f:bd:41:b1:c1:f1:5a:59:
                    7d:33:6c:65:d2:94:81:bd:65:58:a7:27:44:49:c7:
                    4b:69:f5:cc:7d:cf:ba:e8:73:be:59:ab:d7:e0:e1:
                    28:85:6b:f6:f7:65:19:f5:3a:4a:a1:13:04:ed:8e:
                    f5:9d:c1:e3:15:f0:5c:d0:a9:ec:35:0a:d3:51:f4:
                    09:71:62:fa:8f:bb:67:c7:68:ae:6a:62:17:00:ad:
                    c2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FF:E7:A0:85:A0:D6:52:D0:0B:5C:03:C6:C1:12:96:B1:96:75:24
            X509v3 Authority Key Identifier:
                keyid:52:28:5B:87:54:F2:15:EB:EA:B6:14:DE:B8:6E:66:DA:3B:37:32:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/52285B8754F215EBEAB614DEB86E66DA3B37320C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/52285B8754F215EBEAB614DEB86E66DA3B37320C.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:f20::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:a1:6b:3f:12:2d:13:d2:25:c5:da:95:30:ac:a6:c7:82:f3:
         78:19:36:68:ff:9b:b3:0c:1a:71:c3:45:03:42:4d:9b:c1:9e:
         bd:73:5e:5f:37:ee:52:93:50:1c:73:15:84:01:9a:db:1a:4f:
         7f:aa:55:58:1b:1a:86:d4:09:30:fc:89:c4:30:34:a6:b0:42:
         e2:46:b8:5f:cc:ee:06:2e:b1:dc:a8:ca:37:d5:7a:5c:03:73:
         26:15:1a:31:4b:70:00:f7:98:31:51:50:dd:97:49:ba:7d:e2:
         91:21:99:07:87:c7:80:39:a5:2e:8e:97:59:1f:b6:38:1b:5c:
         07:00:12:1b:92:3e:12:74:9e:b8:42:af:fe:d3:cf:9f:12:2a:
         ec:01:17:cf:b7:92:9e:02:ae:4d:17:b6:b3:84:2c:97:64:81:
         80:cf:50:25:d2:60:89:03:e6:72:bf:d8:a4:5b:59:4f:c1:6a:
         98:52:1e:23:33:62:74:0a:a3:51:45:d8:e5:b4:81:af:72:4c:
         6a:0b:8e:75:d1:16:f5:b0:cd:de:b0:2e:fd:37:e5:83:2e:13:
         e0:50:8e:45:f7:b5:e1:1b:eb:14:ca:f4:1e:15:a0:6c:d7:21:
         10:7d:67:fc:7c:20:c7:39:fb:58:bb:05:d4:99:e6:33:56:85:
         42:81:ed:04
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUILu7NTPbeASV5DSj2HWyk7qGCFIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTIyODVCODc1NEYyMTVFQkVBQjYxNERFQjg2RTY2REEz
QjM3MzIwQzAeFw0yNDA3MjgxNDAyNTVaFw0yNTA3MjcxNDA3NTVaMDMxMTAvBgNV
BAMTKEJCRkZFN0EwODVBMEQ2NTJEMDBCNUMwM0M2QzExMjk2QjE5Njc1MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4m97WYipQRl73xULchTvD3IVu
MrUHyS5TSP/J06OqM0ZzdiHuOUqa7L6sOhKAAP1rVPDA0BFHAsWgb1CYGce5YWGA
R1ysF0sG+hyvz75VCnVFypnsmp1negp75DbVCPavIqrQwEZTBFME5scNUMLnRn2U
dziXwe64M8HimpZ5xmBRim8cQkx8CHauf7zKJ5avliLtIynwseHlSPV5Gz1IlFxe
vlIaqSEmMcwvvUGxwfFaWX0zbGXSlIG9ZVinJ0RJx0tp9cx9z7roc75Zq9fg4SiF
a/b3ZRn1OkqhEwTtjvWdweMV8FzQqew1CtNR9AlxYvqPu2fHaK5qYhcArcLRAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUu//noIWg1lLQC1wDxsESlrGWdSQwHwYDVR0j
BBgwFoAUUihbh1TyFevqthTeuG5m2js3MgwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGQ1Y2QxNGUtNWY2My00ZjFjLTk0ZTMtMjcwNTBjMjY2
NDgwLzEvNTIyODVCODc1NEYyMTVFQkVBQjYxNERFQjg2RTY2REEzQjM3MzIwQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC81MjI4NUI4NzU0RjIxNUVCRUFCNjE0REVC
ODZFNjZEQTNCMzczMjBDLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS84ZDVjZDE0ZS01ZjYzLTRmMWMtOTRlMy0yNzA1MGMyNjY0ODAvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTY2MzIzMDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzUz
MzMxMzczNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoUdYEPIDANBgkqhkiG9w0BAQsFAAOCAQEALqFr
PxItE9IlxdqVMKymx4LzeBk2aP+bswwaccNFA0JNm8GevXNeXzfuUpNQHHMVhAGa
2xpPf6pVWBsahtQJMPyJxDA0prBC4ka4X8zuBi6x3KjKN9V6XANzJhUaMUtwAPeY
MVFQ3ZdJun3ikSGZB4fHgDmlLo6XWR+2OBtcBwASG5I+EnSeuEKv/tPPnxIq7AEX
z7eSngKuTRe2s4Qsl2SBgM9QJdJgiQPmcr/YpFtZT8FqmFIeIzNidAqjUUXY5bSB
r3JMaguOddEW9bDN3rAu/Tflgy4T4FCORfe14RvrFMr0HhWgbNchEH1n/Hwgxzn7
WLsF1JnmM1aFQoHtBA==
-----END CERTIFICATE-----