Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/20/32332e3138332e3133362e302f32342d3234203d3e20343031323138.roa
File:                     32332e3138332e3133362e302f32342d3234203d3e20343031323138.roa (raw, json)
Hash identifier:          u0E/viGirNEUp45vEU97j6kWjgEtK5Y+kJuX8UlUAjM=
Subject key identifier:   9B:51:5A:33:D8:61:15:9C:B1:83:C9:67:00:11:B1:FD:03:20:18:0C
Certificate issuer:       /CN=ba59c15b9777a4a5270c9b7a584e46978e09a7bd2d154bfa9d
Certificate serial:       69256A3458B78C0C7EB73142E71E6A57D60F8CE3
Authority key identifier: D7:0A:91:D8:9E:34:C7:A2:00:09:B1:E1:60:FB:6C:62:70:63:63:0C
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/6ead073c-b9f0-4523-b39e-a3c7dab97c25/32619ff9-4a46-4e93-a9b5-dda2a33a9ffd/ba59c15b9777a4a5270c9b7a584e46978e09a7bd2d154bfa9d.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/20/32332e3138332e3133362e302f32342d3234203d3e20343031323138.roa
Signing time:             Fri 10 Jan 2025 19:51:22 +0000
ROA not before:           Fri 10 Jan 2025 19:46:22 +0000
ROA not after:            Fri 09 Jan 2026 19:51:22 +0000
asID:                     401218
IP address blocks:        23.183.136.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:25:6a:34:58:b7:8c:0c:7e:b7:31:42:e7:1e:6a:57:d6:0f:8c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba59c15b9777a4a5270c9b7a584e46978e09a7bd2d154bfa9d
        Validity
            Not Before: Jan 10 19:46:22 2025 GMT
            Not After : Jan  9 19:51:22 2026 GMT
        Subject: CN=9B515A33D861159CB183C9670011B1FD0320180C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:d4:7d:b7:58:3a:50:71:72:87:cc:01:8f:d0:
                    a8:41:15:c7:99:99:30:10:81:e6:00:fe:da:66:e9:
                    88:07:7f:59:a8:2f:51:8e:68:6d:db:02:c8:62:f2:
                    53:c2:30:23:61:c6:99:b8:6e:ce:7a:03:8c:25:98:
                    b9:9c:14:53:4e:00:03:e3:06:67:2f:ed:b2:5f:77:
                    c4:c6:83:87:59:5b:da:92:49:62:bb:91:3b:11:27:
                    50:57:16:4c:2b:01:d6:f2:e9:34:86:92:25:15:3e:
                    a0:0b:6d:a5:2a:17:74:95:0d:08:5e:52:06:45:f1:
                    9c:ef:ad:ca:88:4c:0e:53:15:e6:bb:2c:48:bf:28:
                    db:c8:52:85:97:64:21:fe:ab:e3:aa:6b:0b:49:51:
                    f1:1f:6a:e7:0c:31:7b:54:29:63:df:28:50:33:e3:
                    e8:ca:d8:3a:50:10:71:e9:9e:72:a7:af:1c:28:81:
                    0a:ab:20:ca:ff:55:1d:76:23:1b:87:66:2b:10:83:
                    18:b2:df:07:34:9b:b9:b4:b8:c4:e4:0f:47:ba:29:
                    29:51:30:30:66:8a:c5:c4:30:ab:06:14:25:4e:fd:
                    8b:b8:34:9b:92:63:ee:d6:c3:15:10:eb:b3:9e:4c:
                    ac:65:53:41:fc:aa:e2:f4:8f:5c:a4:a4:1c:98:49:
                    31:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:51:5A:33:D8:61:15:9C:B1:83:C9:67:00:11:B1:FD:03:20:18:0C
            X509v3 Authority Key Identifier:
                keyid:D7:0A:91:D8:9E:34:C7:A2:00:09:B1:E1:60:FB:6C:62:70:63:63:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/20/D70A91D89E34C7A20009B1E160FB6C627063630C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/6ead073c-b9f0-4523-b39e-a3c7dab97c25/32619ff9-4a46-4e93-a9b5-dda2a33a9ffd/ba59c15b9777a4a5270c9b7a584e46978e09a7bd2d154bfa9d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/20/32332e3138332e3133362e302f32342d3234203d3e20343031323138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.183.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:00:3c:3b:90:1e:5f:4e:be:57:b7:4b:03:af:9e:07:90:9f:
         19:96:94:15:57:34:df:72:76:0c:c6:69:63:88:f9:bc:8c:8e:
         5e:85:02:41:5c:9f:fd:fe:86:37:96:6d:e8:d4:66:01:4d:d6:
         e3:87:52:94:dd:ec:eb:3f:83:f2:b3:78:9b:06:30:cf:77:9e:
         06:f7:70:b4:aa:b9:12:c4:a0:e1:36:11:68:50:e8:91:b2:f9:
         30:f8:86:59:eb:34:c4:84:e0:56:31:a4:a7:6d:92:df:06:36:
         b2:94:b0:19:e6:a1:b8:11:d1:d3:4b:1e:30:f4:12:c7:d3:34:
         53:af:1b:77:5c:21:01:71:d1:cd:1f:03:c8:0a:90:41:3b:1f:
         df:99:93:a5:7c:3b:1b:eb:d7:88:12:62:d2:65:ee:d5:1d:e2:
         11:34:97:0a:f7:e9:aa:27:13:1d:b8:c4:3a:f6:88:cb:8b:70:
         4f:9c:c3:7c:05:9e:b9:5c:52:d7:5d:8a:42:d4:1a:73:cd:4f:
         f5:8a:23:94:ad:0a:c1:0c:66:56:d3:86:8c:7c:13:a7:7d:46:
         72:9c:c9:e4:09:8c:bf:0f:06:bc:59:8f:7c:93:29:e2:ab:8b:
         8f:ec:85:b1:25:b3:c6:4e:0f:aa:b7:0e:0b:b6:d7:c6:c2:73:
         6f:32:6f:1c
-----BEGIN CERTIFICATE-----
MIIF0jCCBLqgAwIBAgIUaSVqNFi3jAx+tzFC5x5qV9YPjOMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYmE1OWMxNWI5Nzc3YTRhNTI3MGM5YjdhNTg0ZTQ2OTc4
ZTA5YTdiZDJkMTU0YmZhOWQwHhcNMjUwMTEwMTk0NjIyWhcNMjYwMTA5MTk1MTIy
WjAzMTEwLwYDVQQDEyg5QjUxNUEzM0Q4NjExNTlDQjE4M0M5NjcwMDExQjFGRDAz
MjAxODBDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9NR9t1g6UHFy
h8wBj9CoQRXHmZkwEIHmAP7aZumIB39ZqC9Rjmht2wLIYvJTwjAjYcaZuG7OegOM
JZi5nBRTTgAD4wZnL+2yX3fExoOHWVvakkliu5E7ESdQVxZMKwHW8uk0hpIlFT6g
C22lKhd0lQ0IXlIGRfGc763KiEwOUxXmuyxIvyjbyFKFl2Qh/qvjqmsLSVHxH2rn
DDF7VClj3yhQM+Poytg6UBBx6Z5yp68cKIEKqyDK/1UddiMbh2YrEIMYst8HNJu5
tLjE5A9HuikpUTAwZorFxDCrBhQlTv2LuDSbkmPu1sMVEOuznkysZVNB/Kri9I9c
pKQcmEkxPQIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFJtRWjPYYRWcsYPJZwARsf0D
IBgMMB8GA1UdIwQYMBaAFNcKkdieNMeiAAmx4WD7bGJwY2MMMA4GA1UdDwEB/wQE
AwIHgDCBlwYDVR0fBIGPMIGMMIGJoIGGoIGDhoGAcnN5bmM6Ly9yc3luYy5wYWFz
LnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hZTZlZGVlYy0wOGJhLTRjZGUtODk3
OS00ZmFlYTRiMWJjMTIvMjAvRDcwQTkxRDg5RTM0QzdBMjAwMDlCMUUxNjBGQjZD
NjI3MDYzNjMwQy5jcmwwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB
03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81
ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvNmVhZDA3M2MtYjlm
MC00NTIzLWIzOWUtYTNjN2RhYjk3YzI1LzMyNjE5ZmY5LTRhNDYtNGU5My1hOWI1
LWRkYTJhMzNhOWZmZC9iYTU5YzE1Yjk3NzdhNGE1MjcwYzliN2E1ODRlNDY5Nzhl
MDlhN2JkMmQxNTRiZmE5ZC5jZXIwgbAGCCsGAQUFBwELBIGjMIGgMIGdBggrBgEF
BQcwC4aBkHJzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvYWU2ZWRlZWMtMDhiYS00Y2RlLTg5NzktNGZhZWE0YjFiYzEyLzIwLzMyMzMy
ZTMxMzgzMzJlMzEzMzM2MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMDMxMzIz
MTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAF7eIMA0GCSqGSIb3DQEBCwUAA4IBAQBUADw7kB5fTr5X
t0sDr54HkJ8ZlpQVVzTfcnYMxmljiPm8jI5ehQJBXJ/9/oY3lm3o1GYBTdbjh1KU
3ezrP4Pys3ibBjDPd54G93C0qrkSxKDhNhFoUOiRsvkw+IZZ6zTEhOBWMaSnbZLf
BjaylLAZ5qG4EdHTSx4w9BLH0zRTrxt3XCEBcdHNHwPICpBBOx/fmZOlfDsb69eI
EmLSZe7VHeIRNJcK9+mqJxMduMQ69ojLi3BPnMN8BZ65XFLXXYpC1BpzzU/1iiOU
rQrBDGZW04aMfBOnfUZynMnkCYy/Dwa8WY98kyniq4uP7IWxJbPGTg+qtw4LttfG
wnNvMm8c
-----END CERTIFICATE-----