Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/326131343a373538313a643130303a3a2f34302d3430203d3e203533363637.roa
File:                     326131343a373538313a643130303a3a2f34302d3430203d3e203533363637.roa (raw, json)
Hash identifier:          KADA3zDKXvL/4R+46HmNoDL3xG2RVXCQ+Fx+Q057jPA=
Subject key identifier:   57:CB:23:04:7F:04:45:35:47:E1:F5:DB:F8:A6:AF:3A:BE:44:E8:42
Certificate issuer:       /CN=1F4C828276A9966865AB2B59533D1CB1BEC890BB
Certificate serial:       0E153502E9581A560A84A9A19389256C7633E571
Authority key identifier: 1F:4C:82:82:76:A9:96:68:65:AB:2B:59:53:3D:1C:B1:BE:C8:90:BB
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/1F4C828276A9966865AB2B59533D1CB1BEC890BB.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/326131343a373538313a643130303a3a2f34302d3430203d3e203533363637.roa
Signing time:             Tue 25 Jun 2024 14:23:10 +0000
ROA not before:           Tue 25 Jun 2024 14:18:10 +0000
ROA not after:            Tue 24 Jun 2025 14:23:10 +0000
asID:                     53667
IP address blocks:        2a14:7581:d100::/40 maxlen: 40

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:15:35:02:e9:58:1a:56:0a:84:a9:a1:93:89:25:6c:76:33:e5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1F4C828276A9966865AB2B59533D1CB1BEC890BB
        Validity
            Not Before: Jun 25 14:18:10 2024 GMT
            Not After : Jun 24 14:23:10 2025 GMT
        Subject: CN=57CB23047F04453547E1F5DBF8A6AF3ABE44E842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f8:a3:80:9e:f1:64:b8:54:ac:8e:3b:13:17:
                    13:4c:74:c2:79:2d:ee:8c:28:6e:a1:47:f3:98:e5:
                    e7:51:33:d0:2b:d8:50:c0:6c:43:60:e7:bd:68:33:
                    c3:54:d7:75:bd:14:3b:01:04:7c:b2:fc:d2:e1:05:
                    ac:d4:83:05:da:18:c3:c9:1f:df:e8:7c:4a:86:bf:
                    08:a8:d1:1f:45:ef:aa:a8:e6:5e:c1:20:cf:cd:0d:
                    95:53:22:c9:48:1b:51:c1:09:5d:b0:46:0b:47:bd:
                    6d:cc:fb:17:3d:43:ba:53:82:b3:5e:ce:ff:55:ce:
                    72:71:73:b1:97:45:1d:8d:72:96:af:cb:c4:7e:df:
                    5a:a6:7b:38:34:64:e4:bb:ba:5d:5a:06:14:2d:ea:
                    f3:eb:f1:c7:af:ff:ea:28:83:62:99:18:21:a7:01:
                    a2:30:6c:2d:4b:a0:c1:2b:1b:b1:47:bb:7d:2d:82:
                    69:91:81:0e:e4:00:24:51:29:3d:55:f1:bd:84:3f:
                    fe:11:27:cf:37:e6:43:50:ec:02:80:c8:0d:cd:97:
                    26:a7:c7:bd:bb:8a:5e:11:8a:86:d9:c0:57:24:72:
                    3c:87:68:8c:74:4e:2a:e9:17:99:e3:36:dd:90:d4:
                    07:0b:0e:00:e1:e9:ec:d1:1d:15:7e:b6:28:86:37:
                    a0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:CB:23:04:7F:04:45:35:47:E1:F5:DB:F8:A6:AF:3A:BE:44:E8:42
            X509v3 Authority Key Identifier:
                keyid:1F:4C:82:82:76:A9:96:68:65:AB:2B:59:53:3D:1C:B1:BE:C8:90:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/1F4C828276A9966865AB2B59533D1CB1BEC890BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/1F4C828276A9966865AB2B59533D1CB1BEC890BB.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/326131343a373538313a643130303a3a2f34302d3430203d3e203533363637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:d100::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:1f:f2:d5:4e:96:d7:d9:e6:3e:78:a3:bc:9a:50:8c:bc:74:
         b0:e7:19:b2:dd:6c:34:ee:4f:ca:ba:0a:f2:6c:8c:e7:e7:75:
         cc:d1:7b:01:30:2c:b0:7e:f1:76:6c:93:38:3d:4b:2d:cd:38:
         6d:10:04:5b:42:22:9b:b5:72:07:c9:ce:4e:10:02:77:89:00:
         f0:1a:19:7d:50:c2:ff:46:22:10:68:50:b0:4c:b1:44:f6:90:
         3c:31:48:be:ad:06:3c:46:9f:3e:06:c2:55:4f:47:60:3c:b9:
         e2:03:1d:d2:c3:2d:1e:83:c6:d5:c3:cc:08:5f:c0:11:f0:65:
         89:11:b8:f9:d5:4c:a3:d2:da:de:a8:e1:5e:3c:ac:cc:c4:81:
         61:33:5f:cb:9c:3a:42:b7:74:a2:7d:c1:fc:e5:90:84:61:c8:
         98:01:38:b7:eb:e3:11:6a:76:4c:38:f1:33:0b:87:f1:b9:e6:
         e4:df:33:b5:3e:4b:03:a9:72:84:af:a1:1b:f8:ae:19:b2:5a:
         aa:c7:5c:eb:99:d3:bb:ac:79:f6:93:dd:ff:a0:d6:67:27:df:
         f1:47:2d:1e:52:75:2a:8e:2b:7f:1e:4f:5b:4a:73:33:2c:a2:
         91:2e:97:bc:48:9b:12:f7:70:44:2c:33:04:83:3b:69:41:50:
         a6:1f:04:d0
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUDhU1AulYGlYKhKmhk4klbHYz5XEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUY0QzgyODI3NkE5OTY2ODY1QUIyQjU5NTMzRDFDQjFC
RUM4OTBCQjAeFw0yNDA2MjUxNDE4MTBaFw0yNTA2MjQxNDIzMTBaMDMxMTAvBgNV
BAMTKDU3Q0IyMzA0N0YwNDQ1MzU0N0UxRjVEQkY4QTZBRjNBQkU0NEU4NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0+KOAnvFkuFSsjjsTFxNMdMJ5
Le6MKG6hR/OY5edRM9Ar2FDAbENg571oM8NU13W9FDsBBHyy/NLhBazUgwXaGMPJ
H9/ofEqGvwio0R9F76qo5l7BIM/NDZVTIslIG1HBCV2wRgtHvW3M+xc9Q7pTgrNe
zv9VznJxc7GXRR2Ncpavy8R+31qmezg0ZOS7ul1aBhQt6vPr8cev/+oog2KZGCGn
AaIwbC1LoMErG7FHu30tgmmRgQ7kACRRKT1V8b2EP/4RJ8835kNQ7AKAyA3Nlyan
x727il4RiobZwFckcjyHaIx0TirpF5njNt2Q1AcLDgDh6ezRHRV+tiiGN6AfAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUV8sjBH8ERTVH4fXb+KavOr5E6EIwHwYDVR0j
BBgwFoAUH0yCgnaplmhlqytZUz0csb7IkLswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjU5YzEwNmMtNTNiNC00ZTkyLTlmYmEtZDYwODI3YjVi
ZGI4LzAvMUY0QzgyODI3NkE5OTY2ODY1QUIyQjU5NTMzRDFDQjFCRUM4OTBCQi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8xRjRDODI4Mjc2QTk5NjY4NjVBQjJCNTk1
MzNEMUNCMUJFQzg5MEJCLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9iNTljMTA2Yy01M2I0LTRlOTItOWZiYS1kNjA4MjdiNWJkYjgvMC8zMjYxMzEz
NDNhMzczNTM4MzEzYTY0MzEzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzUz
MzM2MzYzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoUdYHRMA0GCSqGSIb3DQEBCwUAA4IBAQB7H/LV
TpbX2eY+eKO8mlCMvHSw5xmy3Ww07k/KugrybIzn53XM0XsBMCywfvF2bJM4PUst
zThtEARbQiKbtXIHyc5OEAJ3iQDwGhl9UML/RiIQaFCwTLFE9pA8MUi+rQY8Rp8+
BsJVT0dgPLniAx3Swy0eg8bVw8wIX8AR8GWJEbj51Uyj0treqOFePKzMxIFhM1/L
nDpCt3SifcH85ZCEYciYATi36+MRanZMOPEzC4fxuebk3zO1PksDqXKEr6Eb+K4Z
slqqx1zrmdO7rHn2k93/oNZnJ9/xRy0eUnUqjit/Hk9bSnMzLKKRLpe8SJsS93BE
LDMEgztpQVCmHwTQ
-----END CERTIFICATE-----