Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/326131343a373538313a643230303a3a2f34302d3430203d3e203533363637.roa
File:                     326131343a373538313a643230303a3a2f34302d3430203d3e203533363637.roa (raw, json)
Hash identifier:          UnaMFJ4LqZmUQNqlqG5yZayY3BN6lWYzE1n4NGCmei8=
Subject key identifier:   73:96:6F:CA:47:61:CB:45:8D:6A:41:B5:08:D5:F5:67:A5:75:77:83
Certificate issuer:       /CN=1F4C828276A9966865AB2B59533D1CB1BEC890BB
Certificate serial:       0DEB6C403ECF3033CEB4A5398E116F8253732511
Authority key identifier: 1F:4C:82:82:76:A9:96:68:65:AB:2B:59:53:3D:1C:B1:BE:C8:90:BB
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/1F4C828276A9966865AB2B59533D1CB1BEC890BB.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/326131343a373538313a643230303a3a2f34302d3430203d3e203533363637.roa
Signing time:             Thu 27 Jun 2024 17:23:09 +0000
ROA not before:           Thu 27 Jun 2024 17:18:09 +0000
ROA not after:            Thu 26 Jun 2025 17:23:09 +0000
asID:                     53667
IP address blocks:        2a14:7581:d200::/40 maxlen: 40

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:eb:6c:40:3e:cf:30:33:ce:b4:a5:39:8e:11:6f:82:53:73:25:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1F4C828276A9966865AB2B59533D1CB1BEC890BB
        Validity
            Not Before: Jun 27 17:18:09 2024 GMT
            Not After : Jun 26 17:23:09 2025 GMT
        Subject: CN=73966FCA4761CB458D6A41B508D5F567A5757783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:32:de:98:e8:f8:9e:78:92:6d:d4:1b:91:68:
                    a6:f7:e8:a3:46:60:ba:c2:40:52:a4:3f:26:a8:a2:
                    c2:64:f6:52:e1:f0:fd:63:9d:58:98:4d:61:9e:41:
                    3b:18:71:85:c7:2b:33:54:fc:2c:38:70:0c:41:a2:
                    c9:8d:90:31:9c:90:15:50:cb:f5:b2:d5:2d:49:3e:
                    5f:eb:f0:33:bc:00:a0:d0:12:79:6d:46:06:04:b3:
                    1b:8b:38:e3:0d:49:88:27:0d:57:c4:6e:cf:00:43:
                    c2:0d:4a:ff:f8:bd:9c:73:ec:c6:9e:c8:68:cd:d4:
                    e6:de:04:9c:dc:47:74:96:75:14:a0:f4:19:e3:3f:
                    6e:ea:43:cf:6e:6b:d4:a3:55:a4:10:8d:a1:d2:28:
                    46:d4:1e:40:cc:89:26:51:4a:80:fc:bc:ca:f2:26:
                    cd:64:97:db:d3:f7:11:02:6d:74:ef:8b:90:17:78:
                    41:e2:90:1b:e1:dd:49:94:fe:02:32:22:f9:1b:92:
                    bf:d1:7d:bf:1e:d9:65:09:a5:c4:d0:73:a2:91:c0:
                    c1:76:fc:ca:33:f7:be:9b:5a:50:fc:db:a0:7f:50:
                    78:79:8f:f7:7a:8b:93:14:b8:88:1d:1f:c2:a9:4c:
                    3e:5b:a3:c1:23:fa:68:fc:3c:7f:b3:b9:26:7c:9c:
                    c4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:96:6F:CA:47:61:CB:45:8D:6A:41:B5:08:D5:F5:67:A5:75:77:83
            X509v3 Authority Key Identifier:
                keyid:1F:4C:82:82:76:A9:96:68:65:AB:2B:59:53:3D:1C:B1:BE:C8:90:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/1F4C828276A9966865AB2B59533D1CB1BEC890BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/1F4C828276A9966865AB2B59533D1CB1BEC890BB.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b59c106c-53b4-4e92-9fba-d60827b5bdb8/0/326131343a373538313a643230303a3a2f34302d3430203d3e203533363637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:d200::/40

    Signature Algorithm: sha256WithRSAEncryption
         5b:8b:25:b4:90:a9:c3:5c:a6:ea:4a:dc:8b:c2:a6:aa:1f:67:
         85:45:ce:a2:d2:07:ed:b5:05:ea:e1:72:bd:35:e9:51:b9:f7:
         28:47:04:d0:64:a1:6c:e3:f5:df:54:a6:8d:dc:00:96:52:9d:
         28:79:0b:74:71:f0:24:d8:03:2c:a5:34:4a:0f:18:cb:c6:2b:
         23:07:1d:b8:4c:bf:5e:80:79:48:df:a2:64:82:36:31:72:8c:
         a7:5a:2e:7d:66:b8:64:ed:2c:f5:08:8f:0b:e9:9d:ac:6b:b8:
         68:30:a1:4a:b4:1d:8f:fc:61:54:2e:d7:4f:cc:e8:a4:a7:14:
         13:ad:7e:c3:5f:d0:9e:0f:f7:fc:1f:2f:b8:f7:1a:3f:57:e1:
         8e:28:37:76:0e:29:32:a4:50:00:ab:b5:11:0a:57:13:fa:f1:
         42:9c:74:53:00:83:d7:fd:44:77:ee:bc:53:2c:99:6a:97:83:
         a9:c5:22:bc:21:00:9b:25:af:2f:5e:26:a4:40:6c:09:c3:08:
         de:50:3f:5f:40:f0:80:ca:47:3a:d1:6b:73:30:f8:75:12:59:
         33:85:92:62:d1:0f:11:70:20:30:79:de:df:6d:02:1e:38:ca:
         be:0f:91:95:d7:33:19:15:5b:47:b1:1e:62:89:f7:31:b9:12:
         18:c5:32:63
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUDetsQD7PMDPOtKU5jhFvglNzJREwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUY0QzgyODI3NkE5OTY2ODY1QUIyQjU5NTMzRDFDQjFC
RUM4OTBCQjAeFw0yNDA2MjcxNzE4MDlaFw0yNTA2MjYxNzIzMDlaMDMxMTAvBgNV
BAMTKDczOTY2RkNBNDc2MUNCNDU4RDZBNDFCNTA4RDVGNTY3QTU3NTc3ODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFMt6Y6PieeJJt1BuRaKb36KNG
YLrCQFKkPyaoosJk9lLh8P1jnViYTWGeQTsYcYXHKzNU/Cw4cAxBosmNkDGckBVQ
y/Wy1S1JPl/r8DO8AKDQEnltRgYEsxuLOOMNSYgnDVfEbs8AQ8INSv/4vZxz7Mae
yGjN1ObeBJzcR3SWdRSg9BnjP27qQ89ua9SjVaQQjaHSKEbUHkDMiSZRSoD8vMry
Js1kl9vT9xECbXTvi5AXeEHikBvh3UmU/gIyIvkbkr/Rfb8e2WUJpcTQc6KRwMF2
/Moz976bWlD826B/UHh5j/d6i5MUuIgdH8KpTD5bo8Ej+mj8PH+zuSZ8nMR9AgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUc5Zvykdhy0WNakG1CNX1Z6V1d4MwHwYDVR0j
BBgwFoAUH0yCgnaplmhlqytZUz0csb7IkLswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjU5YzEwNmMtNTNiNC00ZTkyLTlmYmEtZDYwODI3YjVi
ZGI4LzAvMUY0QzgyODI3NkE5OTY2ODY1QUIyQjU5NTMzRDFDQjFCRUM4OTBCQi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8xRjRDODI4Mjc2QTk5NjY4NjVBQjJCNTk1
MzNEMUNCMUJFQzg5MEJCLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9iNTljMTA2Yy01M2I0LTRlOTItOWZiYS1kNjA4MjdiNWJkYjgvMC8zMjYxMzEz
NDNhMzczNTM4MzEzYTY0MzIzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzUz
MzM2MzYzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoUdYHSMA0GCSqGSIb3DQEBCwUAA4IBAQBbiyW0
kKnDXKbqStyLwqaqH2eFRc6i0gfttQXq4XK9NelRufcoRwTQZKFs4/XfVKaN3ACW
Up0oeQt0cfAk2AMspTRKDxjLxisjBx24TL9egHlI36JkgjYxcoynWi59Zrhk7Sz1
CI8L6Z2sa7hoMKFKtB2P/GFULtdPzOikpxQTrX7DX9CeD/f8Hy+49xo/V+GOKDd2
DikypFAAq7URClcT+vFCnHRTAIPX/UR37rxTLJlql4OpxSK8IQCbJa8vXiakQGwJ
wwjeUD9fQPCAykc60WtzMPh1ElkzhZJi0Q8RcCAwed7fbQIeOMq+D5GV1zMZFVtH
sR5iifcxuRIYxTJj
-----END CERTIFICATE-----