Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/17/32332e3136362e3132302e302f32342d3234203d3e203537383730.roa
File:                     32332e3136362e3132302e302f32342d3234203d3e203537383730.roa (raw, json)
Hash identifier:          atidaVeGXWftJ9W9S92xzN1z7RBh94DSk8NNwxccSSM=
Subject key identifier:   56:05:14:25:AA:1D:73:8A:D3:61:1C:C9:B2:85:A3:90:87:3F:0B:8D
Certificate issuer:       /CN=d73656ced88be2df26e8fedea78d903fa24d694b36bf9f1992
Certificate serial:       171D45C71AFF4D2BB19F3DB3B7318C1A6BB434B8
Authority key identifier: C4:7A:79:9B:0B:26:9F:88:E8:38:1E:AD:F1:AA:22:E9:36:05:4D:F9
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/62dfe06a-d178-4b64-b19e-dc6d1fbf52b2/d73656ced88be2df26e8fedea78d903fa24d694b36bf9f1992.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/17/32332e3136362e3132302e302f32342d3234203d3e203537383730.roa
Signing time:             Wed 23 Oct 2024 16:20:37 +0000
ROA not before:           Wed 23 Oct 2024 16:15:37 +0000
ROA not after:            Wed 22 Oct 2025 16:20:37 +0000
asID:                     57870
IP address blocks:        23.166.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:1d:45:c7:1a:ff:4d:2b:b1:9f:3d:b3:b7:31:8c:1a:6b:b4:34:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d73656ced88be2df26e8fedea78d903fa24d694b36bf9f1992
        Validity
            Not Before: Oct 23 16:15:37 2024 GMT
            Not After : Oct 22 16:20:37 2025 GMT
        Subject: CN=56051425AA1D738AD3611CC9B285A390873F0B8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:1d:65:96:26:ac:fc:3f:6f:2f:08:27:a8:
                    fb:da:55:79:05:f3:86:33:48:44:54:0d:d0:b7:e8:
                    32:0e:9c:87:a7:15:fc:ed:9e:8f:79:54:bc:f4:72:
                    fb:b7:33:df:de:3b:fa:85:87:a5:dd:31:ec:bb:9d:
                    80:ac:75:5f:63:75:ab:2a:2f:7a:33:8d:d2:d4:3f:
                    67:eb:ec:e8:de:7e:2a:e2:e3:f0:25:73:4b:ca:f9:
                    05:2b:88:56:a3:bb:41:f0:95:b3:2e:7d:42:9a:e9:
                    ac:5f:b5:e5:20:76:7b:d9:15:ea:e3:57:c7:63:41:
                    53:fa:c3:b1:48:34:88:f7:e3:cf:1b:5e:f1:7b:0f:
                    25:5c:33:49:37:63:b9:f7:d0:38:44:d6:40:99:12:
                    7b:34:7a:55:4c:71:a7:01:b7:5a:9c:81:f2:c8:f9:
                    92:68:81:9d:37:73:3c:46:bf:45:5e:1a:5c:3f:c1:
                    3f:17:1c:74:7e:25:fc:24:18:a2:b1:72:be:30:4f:
                    44:ab:d8:cb:23:25:41:a9:41:36:90:b9:93:ce:fd:
                    e8:0f:b3:dc:1f:79:55:38:b4:70:0a:66:d0:dc:8b:
                    43:cd:a5:65:d9:d0:e6:12:03:d4:18:3f:21:a6:e4:
                    eb:6c:fe:65:07:ad:70:14:5e:72:56:35:c7:10:90:
                    c0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:05:14:25:AA:1D:73:8A:D3:61:1C:C9:B2:85:A3:90:87:3F:0B:8D
            X509v3 Authority Key Identifier:
                keyid:C4:7A:79:9B:0B:26:9F:88:E8:38:1E:AD:F1:AA:22:E9:36:05:4D:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/17/C47A799B0B269F88E8381EADF1AA22E936054DF9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/62dfe06a-d178-4b64-b19e-dc6d1fbf52b2/d73656ced88be2df26e8fedea78d903fa24d694b36bf9f1992.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/17/32332e3136362e3132302e302f32342d3234203d3e203537383730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.166.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:b7:2b:57:aa:01:03:bd:c3:88:ae:e0:da:6a:a0:18:05:6f:
         56:ff:5e:85:26:8a:7d:09:d4:10:cb:dd:8d:bc:08:53:4e:90:
         cb:c7:45:5f:1a:26:ac:1d:8c:6d:fd:fa:08:be:d7:3a:a2:0d:
         25:bd:62:34:78:19:ed:e3:0a:17:d6:72:f6:0c:d1:74:d9:1d:
         ec:69:63:52:d6:62:df:33:ac:f5:cd:eb:46:7a:ed:29:a8:2b:
         cf:43:98:ee:39:58:8d:4a:2c:b5:67:a5:e6:d3:85:67:c1:4d:
         eb:03:38:58:c3:d8:66:90:ec:22:76:57:57:a7:ab:76:c1:8c:
         d9:6c:96:5a:da:48:87:80:b3:50:05:7b:a5:63:45:6f:6d:03:
         44:4f:a0:3e:7e:1d:05:77:ca:69:32:45:4d:23:3d:26:e9:41:
         3c:42:28:cf:2b:25:3b:54:f7:6f:08:0c:ae:6a:86:26:2f:96:
         5e:3b:42:5d:8a:78:45:ab:45:42:d4:d8:4f:54:27:f7:7e:69:
         74:37:36:07:99:d3:f5:28:5d:43:79:1f:e7:dc:19:75:7b:66:
         6f:98:af:ae:68:90:bc:36:81:db:34:2e:81:6e:1a:dd:a6:c5:
         be:83:56:3d:ab:33:78:48:01:e2:3c:b0:8a:87:5d:6c:5c:17:
         52:98:58:c6
-----BEGIN CERTIFICATE-----
MIIF0DCCBLigAwIBAgIUFx1Fxxr/TSuxnz2ztzGMGmu0NLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDczNjU2Y2VkODhiZTJkZjI2ZThmZWRlYTc4ZDkwM2Zh
MjRkNjk0YjM2YmY5ZjE5OTIwHhcNMjQxMDIzMTYxNTM3WhcNMjUxMDIyMTYyMDM3
WjAzMTEwLwYDVQQDEyg1NjA1MTQyNUFBMUQ3MzhBRDM2MTFDQzlCMjg1QTM5MDg3
M0YwQjhEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseYdZZYmrPw/
by8IJ6j72lV5BfOGM0hEVA3Qt+gyDpyHpxX87Z6PeVS89HL7tzPf3jv6hYel3THs
u52ArHVfY3WrKi96M43S1D9n6+zo3n4q4uPwJXNLyvkFK4hWo7tB8JWzLn1Cmums
X7XlIHZ72RXq41fHY0FT+sOxSDSI9+PPG17xew8lXDNJN2O599A4RNZAmRJ7NHpV
THGnAbdanIHyyPmSaIGdN3M8Rr9FXhpcP8E/Fxx0fiX8JBiisXK+ME9Eq9jLIyVB
qUE2kLmTzv3oD7PcH3lVOLRwCmbQ3ItDzaVl2dDmEgPUGD8hpuTrbP5lB61wFF5y
VjXHEJDAtQIDAQABo4IC0DCCAswwHQYDVR0OBBYEFFYFFCWqHXOK02EcybKFo5CH
PwuNMB8GA1UdIwQYMBaAFMR6eZsLJp+I6DgerfGqIuk2BU35MA4GA1UdDwEB/wQE
AwIHgDCBlwYDVR0fBIGPMIGMMIGJoIGGoIGDhoGAcnN5bmM6Ly9yc3luYy5wYWFz
LnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hZTZlZGVlYy0wOGJhLTRjZGUtODk3
OS00ZmFlYTRiMWJjMTIvMTcvQzQ3QTc5OUIwQjI2OUY4OEU4MzgxRUFERjFBQTIy
RTkzNjA1NERGOS5jcmwwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB
03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81
ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvODcxZGE0MGYtNzkz
YS00YTQ1LWEwYTktOTc4MTQ4MzIxYTA3LzYyZGZlMDZhLWQxNzgtNGI2NC1iMTll
LWRjNmQxZmJmNTJiMi9kNzM2NTZjZWQ4OGJlMmRmMjZlOGZlZGVhNzhkOTAzZmEy
NGQ2OTRiMzZiZjlmMTk5Mi5jZXIwga4GCCsGAQUFBwELBIGhMIGeMIGbBggrBgEF
BQcwC4aBjnJzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvYWU2ZWRlZWMtMDhiYS00Y2RlLTg5NzktNGZhZWE0YjFiYzEyLzE3LzMyMzMy
ZTMxMzYzNjJlMzEzMjMwMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNzM4Mzcz
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEABemeDANBgkqhkiG9w0BAQsFAAOCAQEATLcrV6oBA73DiK7g
2mqgGAVvVv9ehSaKfQnUEMvdjbwIU06Qy8dFXxomrB2Mbf36CL7XOqINJb1iNHgZ
7eMKF9Zy9gzRdNkd7GljUtZi3zOs9c3rRnrtKagrz0OY7jlYjUostWel5tOFZ8FN
6wM4WMPYZpDsInZXV6erdsGM2WyWWtpIh4CzUAV7pWNFb20DRE+gPn4dBXfKaTJF
TSM9JulBPEIozyslO1T3bwgMrmqGJi+WXjtCXYp4RatFQtTYT1Qn935pdDc2B5nT
9ShdQ3kf59wZdXtmb5ivrmiQvDaB2zQugW4a3abFvoNWPaszeEgB4jywioddbFwX
UphYxg==
-----END CERTIFICATE-----