Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/323630323a663732653a3a2f34352d3438203d3e203131393637.roa
File:                     323630323a663732653a3a2f34352d3438203d3e203131393637.roa (raw, json)
Hash identifier:          3vIbHn8ERcSIn3uGm0a/lKln1Bn34ESfFcMGg8T0Dys=
Subject key identifier:   38:B0:0D:20:96:D3:3E:39:B3:FB:57:1B:EA:4B:84:B9:35:1C:60:86
Certificate issuer:       /CN=369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12
Certificate serial:       231F84A6BAE157B7C22F1A21399EA6AE6ECDB370
Authority key identifier: EB:4B:C0:6D:40:65:7A:9B:F4:3E:CE:83:09:AD:AD:76:DF:24:A6:3B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d9d1572f-6cbb-4cf7-b599-e9d0e981d9bf/c576633f-343d-4ac3-a936-98958e5630e6/369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/323630323a663732653a3a2f34352d3438203d3e203131393637.roa
Signing time:             Tue 25 Feb 2025 21:48:40 +0000
ROA not before:           Tue 25 Feb 2025 21:43:40 +0000
ROA not after:            Tue 24 Feb 2026 21:48:40 +0000
asID:                     11967
IP address blocks:        2602:f72e::/45 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:1f:84:a6:ba:e1:57:b7:c2:2f:1a:21:39:9e:a6:ae:6e:cd:b3:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12
        Validity
            Not Before: Feb 25 21:43:40 2025 GMT
            Not After : Feb 24 21:48:40 2026 GMT
        Subject: CN=38B00D2096D33E39B3FB571BEA4B84B9351C6086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6d:55:45:d4:8e:0f:9f:94:e9:c7:ed:7b:76:
                    c1:a6:cc:68:57:b4:9f:b1:19:d4:50:44:fc:ae:3a:
                    0f:3a:ac:0b:43:b0:1f:d1:9f:c1:b5:37:a9:ce:3d:
                    a7:65:d1:b5:24:47:90:33:3a:38:56:03:51:be:f4:
                    6e:ef:1e:7a:1f:0c:66:65:9f:ed:99:c6:bd:ff:d5:
                    b6:49:a8:15:43:ac:51:eb:b7:13:27:f1:f2:42:59:
                    80:51:03:0a:21:cd:f8:79:4b:de:60:3e:c1:bc:f9:
                    1b:dd:ad:7c:98:5a:21:9c:41:37:a4:3b:6c:e2:30:
                    5d:8f:5a:93:0c:c9:81:26:18:d4:08:7f:37:ca:b3:
                    b3:75:78:3a:3b:74:0e:77:0a:a5:8b:85:7e:3b:3b:
                    09:69:ea:f4:cd:9d:9a:21:7e:d8:6d:b8:aa:fa:5f:
                    7e:7d:c0:4e:2d:59:9c:6d:4f:ae:5c:a5:3f:4b:fb:
                    2f:75:1b:68:49:62:96:90:54:13:4a:99:fd:27:2d:
                    fd:e1:8a:ad:80:0c:25:2e:6b:21:9c:72:6b:f2:3b:
                    a1:6b:b8:b2:78:39:7b:46:eb:ed:dd:9c:c5:f2:f5:
                    38:be:09:76:46:b6:f1:04:41:bd:4e:c5:3f:75:73:
                    2e:d5:0e:10:51:f6:4a:a1:a1:79:61:a7:97:b7:f5:
                    c5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B0:0D:20:96:D3:3E:39:B3:FB:57:1B:EA:4B:84:B9:35:1C:60:86
            X509v3 Authority Key Identifier:
                keyid:EB:4B:C0:6D:40:65:7A:9B:F4:3E:CE:83:09:AD:AD:76:DF:24:A6:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/EB4BC06D40657A9BF43ECE8309ADAD76DF24A63B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d9d1572f-6cbb-4cf7-b599-e9d0e981d9bf/c576633f-343d-4ac3-a936-98958e5630e6/369dbc2ec136eca64fd2a4969f15c99306c2d11e368f5e1c12.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e92ebc83-d76c-4ae2-84eb-e6bff3d342b1/1/323630323a663732653a3a2f34352d3438203d3e203131393637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f72e::/45

    Signature Algorithm: sha256WithRSAEncryption
         74:8c:76:9e:ba:d2:48:29:63:97:3b:db:cf:89:c1:c1:cc:0b:
         d6:9f:bb:b8:c9:06:56:35:8b:e3:1e:b8:1e:0f:3b:c5:08:0d:
         8b:6c:2c:0f:ea:a9:3a:d2:75:26:e1:b9:0f:7a:0c:86:2f:d8:
         e8:07:fc:5f:15:ae:e1:d4:44:4e:fe:e9:7d:cd:13:16:ce:8f:
         48:06:f4:c5:9e:1b:a8:6f:6f:fc:3c:f5:73:f2:c1:c0:f5:97:
         78:a0:5e:73:dd:36:3f:01:f7:47:13:92:1c:ca:25:90:f9:ad:
         11:dd:68:79:11:88:24:74:d6:41:57:0a:28:9b:ec:c1:02:59:
         4d:c8:6f:cf:ae:2d:6d:3d:bb:6c:5a:11:c9:f4:b2:3b:58:1b:
         48:ae:ec:b4:65:d8:39:f5:70:7d:55:cc:bc:ca:9e:d6:8f:fc:
         3b:d9:d8:e1:c4:c9:b6:d3:4b:4c:91:c5:b6:8f:f3:cf:5c:b3:
         34:b9:1b:bc:7e:41:02:5b:5a:87:7b:ec:57:e3:82:58:80:5f:
         9d:b7:93:8e:ef:02:da:b5:04:5e:fb:c3:ef:75:53:b4:60:8d:
         76:de:15:1c:3a:ba:3f:51:c6:e5:7d:39:72:1b:1f:84:42:b5:
         d9:c7:fa:0b:47:b0:7c:56:b1:9b:a5:4b:ed:ee:2c:ff:80:72:
         1e:24:ca:d9
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgIUIx+EprrhV7fCLxohOZ6mrm7Ns3AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMzY5ZGJjMmVjMTM2ZWNhNjRmZDJhNDk2OWYxNWM5OTMw
NmMyZDExZTM2OGY1ZTFjMTIwHhcNMjUwMjI1MjE0MzQwWhcNMjYwMjI0MjE0ODQw
WjAzMTEwLwYDVQQDEygzOEIwMEQyMDk2RDMzRTM5QjNGQjU3MUJFQTRCODRCOTM1
MUM2MDg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0m1VRdSOD5+U
6cfte3bBpsxoV7SfsRnUUET8rjoPOqwLQ7Af0Z/BtTepzj2nZdG1JEeQMzo4VgNR
vvRu7x56HwxmZZ/tmca9/9W2SagVQ6xR67cTJ/HyQlmAUQMKIc34eUveYD7BvPkb
3a18mFohnEE3pDts4jBdj1qTDMmBJhjUCH83yrOzdXg6O3QOdwqli4V+OzsJaer0
zZ2aIX7Ybbiq+l9+fcBOLVmcbU+uXKU/S/svdRtoSWKWkFQTSpn9Jy394YqtgAwl
LmshnHJr8juha7iyeDl7Ruvt3ZzF8vU4vgl2RrbxBEG9TsU/dXMu1Q4QUfZKoaF5
YaeXt/XF5wIDAQABo4ICzjCCAsowHQYDVR0OBBYEFDiwDSCW0z45s/tXG+pLhLk1
HGCGMB8GA1UdIwQYMBaAFOtLwG1AZXqb9D7OgwmtrXbfJKY7MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2U5MmViYzgzLWQ3NmMtNGFlMi04NGVi
LWU2YmZmM2QzNDJiMS8xL0VCNEJDMDZENDA2NTdBOUJGNDNFQ0U4MzA5QURBRDc2
REYyNEE2M0IuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Q5ZDE1NzJmLTZjYmIt
NGNmNy1iNTk5LWU5ZDBlOTgxZDliZi9jNTc2NjMzZi0zNDNkLTRhYzMtYTkzNi05
ODk1OGU1NjMwZTYvMzY5ZGJjMmVjMTM2ZWNhNjRmZDJhNDk2OWYxNWM5OTMwNmMy
ZDExZTM2OGY1ZTFjMTIuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2U5MmViYzgzLWQ3NmMtNGFlMi04NGViLWU2YmZmM2QzNDJiMS8xLzMyMzYzMDMy
M2E2NjM3MzI2NTNhM2EyZjM0MzUyZDM0MzgyMDNkM2UyMDMxMzEzOTM2Mzcucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwMmAvcuAAAwDQYJKoZIhvcNAQELBQADggEBAHSMdp660kgpY5c728+J
wcHMC9afu7jJBlY1i+MeuB4PO8UIDYtsLA/qqTrSdSbhuQ96DIYv2OgH/F8VruHU
RE7+6X3NExbOj0gG9MWeG6hvb/w89XPywcD1l3igXnPdNj8B90cTkhzKJZD5rRHd
aHkRiCR01kFXCiib7MECWU3Ib8+uLW09u2xaEcn0sjtYG0iu7LRl2Dn1cH1VzLzK
ntaP/DvZ2OHEybbTS0yRxbaP889cszS5G7x+QQJbWod77FfjgliAX523k47vAtq1
BF77w+91U7RgjXbeFRw6uj9RxuV9OXIbH4RCtdnH+gtHsHxWsZulS+3uLP+Ach4k
ytk=
-----END CERTIFICATE-----