Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/323630323a663732653a31303a3a2f34342d3434203d3e203131393637.roa
File:                     323630323a663732653a31303a3a2f34342d3434203d3e203131393637.roa (raw, json)
Hash identifier:          RdZiB4rD4ZfNM7bgU9SPssizcJbmn+dlByCcqg+ogIQ=
Subject key identifier:   DD:5F:42:2C:31:E3:CD:F7:94:BA:A2:38:85:49:C2:9F:34:F1:58:B0
Certificate issuer:       /CN=369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12
Certificate serial:       2A1AA03E0255356D85B3F757AA1E8C45A37EA624
Authority key identifier: EB:4B:C0:6D:40:65:7A:9B:F4:3E:CE:83:09:AD:AD:76:DF:24:A6:3B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d9d1572f-6cbb-4cf7-b599-e9d0e981d9bf/c576633f-343d-4ac3-a936-98958e5630e6/369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/323630323a663732653a31303a3a2f34342d3434203d3e203131393637.roa
Signing time:             Tue 25 Feb 2025 21:56:32 +0000
ROA not before:           Tue 25 Feb 2025 21:51:32 +0000
ROA not after:            Tue 24 Feb 2026 21:56:32 +0000
asID:                     11967
IP address blocks:        2602:f72e:10::/44 maxlen: 44
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:1a:a0:3e:02:55:35:6d:85:b3:f7:57:aa:1e:8c:45:a3:7e:a6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12
        Validity
            Not Before: Feb 25 21:51:32 2025 GMT
            Not After : Feb 24 21:56:32 2026 GMT
        Subject: CN=DD5F422C31E3CDF794BAA2388549C29F34F158B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:19:4f:23:a2:bf:33:3c:5c:50:1f:43:79:1d:
                    83:58:9d:4c:ab:ad:c6:7f:ac:68:a2:48:fd:95:9f:
                    e0:2d:6a:2c:17:3c:69:06:66:59:4a:22:8a:29:37:
                    60:2d:50:e1:16:65:77:7f:bb:ee:9e:95:7b:bb:83:
                    7b:bd:0c:23:64:41:5b:eb:0e:81:ed:ec:66:35:0c:
                    d1:48:47:f6:fb:1e:f9:5e:72:23:6e:56:6f:04:10:
                    39:17:e1:8f:35:53:1d:3f:01:84:02:63:be:3f:4a:
                    d7:ef:b2:84:20:ec:40:7d:c6:a9:ce:44:44:7a:8d:
                    37:9e:5c:47:e4:34:2a:d0:9a:c9:5e:ae:02:7a:65:
                    87:a8:fe:f2:7a:04:67:bb:6f:28:a2:e3:13:79:40:
                    c7:08:54:ef:6b:dc:cb:d0:96:73:bf:33:d8:b7:1d:
                    a7:77:e3:89:a8:b6:5e:5a:f3:f3:27:13:93:c0:d9:
                    14:b4:21:17:a1:9c:70:82:48:ef:ed:25:7b:19:87:
                    8b:d7:c9:21:03:94:af:b4:bd:ef:64:56:a9:fd:7f:
                    83:fb:fe:5c:a7:a3:b8:4a:74:36:27:62:14:8e:1f:
                    95:c2:c8:ad:ef:b6:6a:e4:e1:63:dd:0c:a2:99:67:
                    32:2a:b1:26:90:23:b7:cb:44:e8:f6:7b:ac:42:bc:
                    88:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:5F:42:2C:31:E3:CD:F7:94:BA:A2:38:85:49:C2:9F:34:F1:58:B0
            X509v3 Authority Key Identifier:
                keyid:EB:4B:C0:6D:40:65:7A:9B:F4:3E:CE:83:09:AD:AD:76:DF:24:A6:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/EB4BC06D40657A9BF43ECE8309ADAD76DF24A63B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d9d1572f-6cbb-4cf7-b599-e9d0e981d9bf/c576633f-343d-4ac3-a936-98958e5630e6/369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/323630323a663732653a31303a3a2f34342d3434203d3e203131393637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f72e:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:cf:63:8f:59:3a:99:56:92:b1:75:fa:0c:f6:7d:ed:37:25:
         e0:6d:44:79:78:00:73:88:dd:20:76:93:6a:fd:d1:3f:c5:84:
         e9:75:19:7f:21:c3:b3:4a:87:d6:3f:46:2a:1d:d5:b5:fd:82:
         d6:2b:b0:a3:54:ad:cb:07:08:1d:59:97:d9:94:45:11:69:31:
         94:20:a5:fe:5f:ca:b6:96:b7:09:43:df:88:36:2e:3e:43:40:
         1d:e5:9f:1a:b8:bc:c3:85:5f:b9:20:55:76:00:62:d0:ea:80:
         f9:30:54:3f:0e:69:aa:9d:04:ba:ec:f6:58:62:55:9e:c7:e3:
         cd:00:79:84:0b:fa:19:5b:21:b8:c2:42:a5:b5:46:d8:a7:8c:
         29:65:3e:6a:53:e3:58:04:2b:c5:13:ce:75:48:66:03:63:a0:
         2d:02:0e:5c:57:85:63:3c:1a:20:55:79:95:bf:63:b0:8c:b8:
         97:a2:5e:8a:99:37:27:ed:1d:ad:87:58:1f:d5:6f:12:12:06:
         f7:23:56:d8:ea:dc:28:bb:08:21:47:6c:9c:66:90:49:f3:87:
         5c:78:d6:f9:2e:ab:50:3f:f3:de:7f:82:9b:9f:0e:b5:08:7e:
         81:cf:5c:2d:51:b6:67:b7:dd:17:f1:77:00:d0:ea:cb:fe:cf:
         85:39:42:da
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgIUKhqgPgJVNW2Fs/dXqh6MRaN+piQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMzY5ZGJjMmVjMTM2ZWNhNjRmZDJhNDk2OWYxNWM5OTMw
NmMyZDExZTM2OGY1ZTFjMTIwHhcNMjUwMjI1MjE1MTMyWhcNMjYwMjI0MjE1NjMy
WjAzMTEwLwYDVQQDEyhERDVGNDIyQzMxRTNDREY3OTRCQUEyMzg4NTQ5QzI5RjM0
RjE1OEIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hlPI6K/Mzxc
UB9DeR2DWJ1Mq63Gf6xookj9lZ/gLWosFzxpBmZZSiKKKTdgLVDhFmV3f7vunpV7
u4N7vQwjZEFb6w6B7exmNQzRSEf2+x75XnIjblZvBBA5F+GPNVMdPwGEAmO+P0rX
77KEIOxAfcapzkREeo03nlxH5DQq0JrJXq4CemWHqP7yegRnu28oouMTeUDHCFTv
a9zL0JZzvzPYtx2nd+OJqLZeWvPzJxOTwNkUtCEXoZxwgkjv7SV7GYeL18khA5Sv
tL3vZFap/X+D+/5cp6O4SnQ2J2IUjh+Vwsit77Zq5OFj3QyimWcyKrEmkCO3y0To
9nusQryIgQIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFN1fQiwx4833lLqiOIVJwp80
8ViwMB8GA1UdIwQYMBaAFOtLwG1AZXqb9D7OgwmtrXbfJKY7MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2U5MmViYzgzLWQ3NmMtNGFlMi04NGVi
LWU2YmZmM2QzNDJiMS8xL0VCNEJDMDZENDA2NTdBOUJGNDNFQ0U4MzA5QURBRDc2
REYyNEE2M0IuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Q5ZDE1NzJmLTZjYmIt
NGNmNy1iNTk5LWU5ZDBlOTgxZDliZi9jNTc2NjMzZi0zNDNkLTRhYzMtYTkzNi05
ODk1OGU1NjMwZTYvMzY5ZGJjMmVjMTM2ZWNhNjRmZDJhNDk2OWYxNWM5OTMwNmMy
ZDExZTM2OGY1ZTFjMTIuY2VyMIGxBggrBgEFBQcBCwSBpDCBoTCBngYIKwYBBQUH
MAuGgZFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2U5MmViYzgzLWQ3NmMtNGFlMi04NGViLWU2YmZmM2QzNDJiMS8xLzMyMzYzMDMy
M2E2NjM3MzI2NTNhMzEzMDNhM2EyZjM0MzQyZDM0MzQyMDNkM2UyMDMxMzEzOTM2
Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwQmAvcuABAwDQYJKoZIhvcNAQELBQADggEBAELPY49ZOplW
krF1+gz2fe03JeBtRHl4AHOI3SB2k2r90T/FhOl1GX8hw7NKh9Y/Riod1bX9gtYr
sKNUrcsHCB1Zl9mURRFpMZQgpf5fyraWtwlD34g2Lj5DQB3lnxq4vMOFX7kgVXYA
YtDqgPkwVD8OaaqdBLrs9lhiVZ7H480AeYQL+hlbIbjCQqW1RtinjCllPmpT41gE
K8UTznVIZgNjoC0CDlxXhWM8GiBVeZW/Y7CMuJeiXoqZNyftHa2HWB/VbxISBvcj
Vtjq3Ci7CCFHbJxmkEnzh1x41vkuq1A/895/gpufDrUIfoHPXC1Rtme33RfxdwDQ
6sv+z4U5Qto=
-----END CERTIFICATE-----