Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3849da2-7504-427e-a2e3-bb61456c0b2d/2/32332e3135362e3130342e302f32342d3234203d3e203135333533.roa
File:                     32332e3135362e3130342e302f32342d3234203d3e203135333533.roa (raw, json)
Hash identifier:          h27zLhFxvBfWPQE71JDuwbeePV75jSa/zbc/VYTCKWs=
Subject key identifier:   F9:8E:66:56:97:CD:CD:7F:93:1B:3B:26:24:99:74:12:67:00:43:35
Certificate issuer:       /CN=43729997156bf8ecfda7a21458bab29e918d9cfafa110da6dc
Certificate serial:       40F7E757632B7DB14E2FB7782EF02DFBB5388BA5
Authority key identifier: 2D:0E:7A:F3:D6:DA:0D:72:3A:64:67:5B:48:D6:97:E0:C2:57:19:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997156bf8ecfda7a21458bab29e918d9cfafa110da6dc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3849da2-7504-427e-a2e3-bb61456c0b2d/2/32332e3135362e3130342e302f32342d3234203d3e203135333533.roa
Signing time:             Sun 12 Nov 2023 08:20:36 +0000
ROA not before:           Sun 12 Nov 2023 08:15:36 +0000
ROA not after:            Sun 10 Nov 2024 08:20:36 +0000
asID:                     15353
IP address blocks:        23.156.104.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:f7:e7:57:63:2b:7d:b1:4e:2f:b7:78:2e:f0:2d:fb:b5:38:8b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43729997156bf8ecfda7a21458bab29e918d9cfafa110da6dc
        Validity
            Not Before: Nov 12 08:15:36 2023 GMT
            Not After : Nov 10 08:20:36 2024 GMT
        Subject: CN=F98E665697CDCD7F931B3B262499741267004335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:70:ff:76:e5:0e:ad:2b:e5:d2:a2:b3:77:8e:
                    e4:e3:54:2f:dd:1a:98:8f:72:f5:40:7e:69:48:8b:
                    60:43:b2:52:e9:35:08:57:2b:87:f9:c9:ba:80:10:
                    97:97:7e:60:17:25:70:4f:81:47:b3:d2:fc:2b:36:
                    c1:4b:da:84:44:64:22:ad:e4:f1:90:71:af:a0:d9:
                    c7:a7:e3:45:f6:e7:9c:dd:b1:82:37:cc:8f:fe:2d:
                    63:27:95:98:f9:a5:08:75:d1:42:78:a0:43:39:4f:
                    b7:2a:d5:8e:0c:9b:02:dd:7e:30:e7:ca:4b:e3:b7:
                    6f:55:99:01:e9:d0:75:78:6d:a3:09:0b:97:41:31:
                    07:94:71:a4:14:23:5f:ed:e3:ee:85:35:67:a2:cc:
                    d3:d9:e9:56:ee:ef:b5:a0:8f:63:64:a3:ff:0d:6e:
                    58:53:6a:53:06:31:f9:cd:25:b9:3e:ee:5d:ca:7e:
                    d2:6e:35:82:cf:13:9a:11:64:07:2e:b0:31:6c:4c:
                    b7:30:ca:76:66:72:b9:5c:e3:80:6e:6c:52:6a:8f:
                    78:7c:ed:6d:51:8b:fa:7d:0c:24:f4:10:d1:8b:01:
                    8d:ae:6a:4c:ab:32:94:a7:63:a3:3a:0e:3c:3f:fa:
                    29:7e:5b:65:5c:03:be:85:d8:f4:f9:66:63:ba:5d:
                    a4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8E:66:56:97:CD:CD:7F:93:1B:3B:26:24:99:74:12:67:00:43:35
            X509v3 Authority Key Identifier:
                keyid:2D:0E:7A:F3:D6:DA:0D:72:3A:64:67:5B:48:D6:97:E0:C2:57:19:97

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3849da2-7504-427e-a2e3-bb61456c0b2d/2/2D0E7AF3D6DA0D723A64675B48D697E0C2571997.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997156bf8ecfda7a21458bab29e918d9cfafa110da6dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3849da2-7504-427e-a2e3-bb61456c0b2d/2/32332e3135362e3130342e302f32342d3234203d3e203135333533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.156.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:29:fe:b2:4a:e7:aa:5e:c5:a0:8c:60:a2:a5:88:b7:ee:99:
         7f:93:60:2b:2f:84:97:6c:9c:da:ba:51:65:d7:c7:31:6a:43:
         6a:b6:0a:ac:ab:96:1d:a6:ca:a0:a0:05:3b:56:6b:90:aa:c7:
         3f:91:6d:b5:14:f3:e6:08:35:b0:ff:4a:8b:42:34:99:17:ed:
         19:be:c9:5f:a2:1e:71:e0:9f:ac:40:cd:1e:86:8b:81:44:f0:
         94:d1:bc:55:8e:94:24:cc:83:07:71:2e:f9:66:d2:8f:f5:01:
         1a:57:c7:5c:8a:0b:a0:ba:d5:98:e5:eb:c6:fa:2f:d2:97:c5:
         80:51:6a:d7:12:68:ab:8a:43:7f:ff:54:0c:49:f2:98:de:a4:
         91:73:1b:5c:7c:38:ba:0c:3b:d5:37:5c:7b:7f:c3:7f:6b:2b:
         cf:63:87:64:fd:4d:e3:33:73:ab:49:fd:16:76:37:39:78:30:
         09:4d:26:25:dc:df:f8:0a:88:cd:9d:09:77:6a:77:a2:5f:27:
         cc:1d:11:64:dc:22:7a:c8:bc:94:8f:85:15:e3:04:da:53:01:
         e3:e7:b4:83:46:f2:6a:47:18:2c:c2:07:6b:b9:38:9c:16:09:
         c4:ef:d6:ab:2a:5f:de:a9:67:c9:3d:29:a6:fa:dc:c9:a0:50:
         31:bf:86:27
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUQPfnV2MrfbFOL7d4LvAt+7U4i6UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDM3Mjk5OTcxNTZiZjhlY2ZkYTdhMjE0NThiYWIyOWU5
MThkOWNmYWZhMTEwZGE2ZGMwHhcNMjMxMTEyMDgxNTM2WhcNMjQxMTEwMDgyMDM2
WjAzMTEwLwYDVQQDEyhGOThFNjY1Njk3Q0RDRDdGOTMxQjNCMjYyNDk5NzQxMjY3
MDA0MzM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nD/duUOrSvl
0qKzd47k41Qv3RqYj3L1QH5pSItgQ7JS6TUIVyuH+cm6gBCXl35gFyVwT4FHs9L8
KzbBS9qERGQireTxkHGvoNnHp+NF9uec3bGCN8yP/i1jJ5WY+aUIddFCeKBDOU+3
KtWODJsC3X4w58pL47dvVZkB6dB1eG2jCQuXQTEHlHGkFCNf7ePuhTVnoszT2elW
7u+1oI9jZKP/DW5YU2pTBjH5zSW5Pu5dyn7SbjWCzxOaEWQHLrAxbEy3MMp2ZnK5
XOOAbmxSao94fO1tUYv6fQwk9BDRiwGNrmpMqzKUp2OjOg48P/opfltlXAO+hdj0
+WZjul2kBwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFPmOZlaXzc1/kxs7JiSZdBJn
AEM1MB8GA1UdIwQYMBaAFC0OevPW2g1yOmRnW0jWl+DCVxmXMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2UzODQ5ZGEyLTc1MDQtNDI3ZS1hMmUz
LWJiNjE0NTZjMGIyZC8yLzJEMEU3QUYzRDZEQTBENzIzQTY0Njc1QjQ4RDY5N0Uw
QzI1NzE5OTcuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTIt
NDk5NC04ZjZjLWQ2YzkxYjBiODQxNS84MjlmYjg3Mi0xNWJiLTRhNGUtOWVkOS0y
NTk5NjBiMDQ5YmQvNDM3Mjk5OTcxNTZiZjhlY2ZkYTdhMjE0NThiYWIyOWU5MThk
OWNmYWZhMTEwZGE2ZGMuY2VyMIGtBggrBgEFBQcBCwSBoDCBnTCBmgYIKwYBBQUH
MAuGgY1yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2UzODQ5ZGEyLTc1MDQtNDI3ZS1hMmUzLWJiNjE0NTZjMGIyZC8yLzMyMzMyZTMx
MzUzNjJlMzEzMDM0MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTMzMzUzMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEABecaDANBgkqhkiG9w0BAQsFAAOCAQEAryn+skrnql7FoIxgoqWI
t+6Zf5NgKy+El2yc2rpRZdfHMWpDarYKrKuWHabKoKAFO1ZrkKrHP5FttRTz5gg1
sP9Ki0I0mRftGb7JX6IeceCfrEDNHoaLgUTwlNG8VY6UJMyDB3Eu+WbSj/UBGlfH
XIoLoLrVmOXrxvov0pfFgFFq1xJoq4pDf/9UDEnymN6kkXMbXHw4ugw71Tdce3/D
f2srz2OHZP1N4zNzq0n9FnY3OXgwCU0mJdzf+AqIzZ0Jd2p3ol8nzB0RZNwiesi8
lI+FFeME2lMB4+e0g0byakcYLMIHa7k4nBYJxO/Wqypf3qlnyT0ppvrcyaBQMb+G
Jw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-fra.rpki-client.org