Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/1/32332e3136342e35362e302f32342d3234203d3e203330343333.roa
File:                     32332e3136342e35362e302f32342d3234203d3e203330343333.roa (raw, json)
Hash identifier:          L58Wafw/lGTABHlpvoz5KS7OGbLtf2fRlWjq3UKZVP8=
Subject key identifier:   F5:95:8C:AA:94:1E:BD:3E:45:C3:4F:F6:2C:70:4C:BA:06:B3:C1:7C
Certificate issuer:       /CN=f782b0e5b2fc29a5293aa948991206481ae7dd58b362d603ad
Certificate serial:       6B498919BF1434A56349750B17F7D294913FB2BB
Authority key identifier: 27:09:69:B7:54:06:76:11:09:4A:17:D0:DF:D8:20:D0:5A:68:B2:ED
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/edf42a6e-e52a-44bd-a87a-08ce0c569e85/f782b0e5b2fc29a5293aa948991206481ae7dd58b362d603ad.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/1/32332e3136342e35362e302f32342d3234203d3e203330343333.roa
Signing time:             Sun 13 Oct 2024 01:47:43 +0000
ROA not before:           Sun 13 Oct 2024 01:42:43 +0000
ROA not after:            Sun 12 Oct 2025 01:47:43 +0000
asID:                     30433
IP address blocks:        23.164.56.0/24 maxlen: 24

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:49:89:19:bf:14:34:a5:63:49:75:0b:17:f7:d2:94:91:3f:b2:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f782b0e5b2fc29a5293aa948991206481ae7dd58b362d603ad
        Validity
            Not Before: Oct 13 01:42:43 2024 GMT
            Not After : Oct 12 01:47:43 2025 GMT
        Subject: CN=F5958CAA941EBD3E45C34FF62C704CBA06B3C17C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9e:4c:b4:b7:10:80:61:8c:cd:70:dc:c7:76:
                    54:a1:9f:7d:b6:da:0f:4e:4c:70:8a:7d:d6:c7:52:
                    1d:45:7d:68:05:4a:e4:ac:49:53:32:ee:1b:46:06:
                    c0:79:82:55:0c:f4:27:63:84:c9:cb:d5:e1:a4:6b:
                    29:aa:55:5e:98:a3:70:16:da:0a:e9:ad:ab:0b:85:
                    50:8c:5b:1e:32:14:5d:97:a0:a0:4e:af:db:e2:fa:
                    98:cc:04:a8:53:a6:d6:4b:20:e9:31:f5:48:d0:e1:
                    a4:58:34:2b:c0:57:a3:ee:eb:0d:b6:cc:27:a9:6d:
                    e9:44:80:3c:08:db:61:0b:b4:0d:80:03:4e:94:d0:
                    7f:fe:93:e6:97:2c:1a:33:49:3d:11:ce:ee:ec:10:
                    3c:01:03:0f:4d:9f:34:6c:86:d0:8e:8b:3f:58:60:
                    90:85:60:c3:f8:5c:c6:b6:0b:27:6a:44:b8:03:62:
                    70:65:c3:f3:39:07:41:ec:ba:85:e5:d2:e3:f0:05:
                    4f:c6:b2:c7:2c:d7:32:19:ed:28:95:23:26:fd:72:
                    27:f0:4c:73:e0:38:b2:e1:c2:ac:b4:8d:72:da:ba:
                    af:8c:0c:21:0b:07:fe:da:71:ec:79:b9:70:f3:11:
                    07:5e:93:87:41:5d:a9:48:d7:d7:a9:b1:d2:aa:40:
                    5b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:95:8C:AA:94:1E:BD:3E:45:C3:4F:F6:2C:70:4C:BA:06:B3:C1:7C
            X509v3 Authority Key Identifier:
                keyid:27:09:69:B7:54:06:76:11:09:4A:17:D0:DF:D8:20:D0:5A:68:B2:ED

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/1/270969B754067611094A17D0DFD820D05A68B2ED.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/edf42a6e-e52a-44bd-a87a-08ce0c569e85/f782b0e5b2fc29a5293aa948991206481ae7dd58b362d603ad.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd3/1/32332e3136342e35362e302f32342d3234203d3e203330343333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.164.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:78:4a:a6:5d:f6:34:a7:c8:06:74:9f:2f:79:cb:29:6f:ec:
         45:f5:a5:2a:85:a8:8a:67:0b:84:c7:0b:9b:73:54:76:4d:c2:
         38:c3:b3:c3:b9:16:dd:d1:b5:cf:28:c4:0a:89:ec:c0:61:a5:
         e0:e5:b2:17:d3:d3:8f:0c:1c:b5:dc:14:67:63:e1:95:0a:09:
         c9:21:d1:e3:e0:56:50:8c:bb:cb:17:b0:dc:f5:51:e6:ff:19:
         a6:cd:91:3b:b1:56:1e:d1:29:eb:23:db:fe:80:9f:95:c4:42:
         01:53:3a:33:ca:6c:14:e3:6e:8f:00:c3:fc:fc:39:6e:1c:ae:
         3f:e8:c3:c0:fb:58:ab:b4:d7:a4:de:8d:63:88:86:76:be:72:
         4d:f3:cb:df:9d:d2:05:b4:05:55:a5:8c:47:5c:94:da:20:21:
         40:0b:8b:aa:19:86:8c:83:40:9d:f8:62:e9:f2:d5:bc:a3:57:
         11:d8:03:45:97:d9:d7:39:e1:f2:36:70:2d:58:f2:ab:1c:e7:
         28:81:01:e1:ac:0d:2b:bc:0c:09:88:c0:e5:e5:d3:ac:57:11:
         bf:93:f2:81:2b:54:ec:b6:b3:79:5c:43:b4:08:70:3b:5c:05:
         f8:0e:64:72:04:1c:11:20:ef:26:2f:2a:a8:2d:eb:77:b2:3c:
         19:0f:e2:8b
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUa0mJGb8UNKVjSXULF/fSlJE/srswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZjc4MmIwZTViMmZjMjlhNTI5M2FhOTQ4OTkxMjA2NDgx
YWU3ZGQ1OGIzNjJkNjAzYWQwHhcNMjQxMDEzMDE0MjQzWhcNMjUxMDEyMDE0NzQz
WjAzMTEwLwYDVQQDEyhGNTk1OENBQTk0MUVCRDNFNDVDMzRGRjYyQzcwNENCQTA2
QjNDMTdDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZ5MtLcQgGGM
zXDcx3ZUoZ99ttoPTkxwin3Wx1IdRX1oBUrkrElTMu4bRgbAeYJVDPQnY4TJy9Xh
pGspqlVemKNwFtoK6a2rC4VQjFseMhRdl6CgTq/b4vqYzASoU6bWSyDpMfVI0OGk
WDQrwFej7usNtswnqW3pRIA8CNthC7QNgANOlNB//pPmlywaM0k9Ec7u7BA8AQMP
TZ80bIbQjos/WGCQhWDD+FzGtgsnakS4A2JwZcPzOQdB7LqF5dLj8AVPxrLHLNcy
Ge0olSMm/XIn8Exz4Diy4cKstI1y2rqvjAwhCwf+2nHseblw8xEHXpOHQV2pSNfX
qbHSqkBbsQIDAQABo4ICyzCCAscwHQYDVR0OBBYEFPWVjKqUHr0+RcNP9ixwTLoG
s8F8MB8GA1UdIwQYMBaAFCcJabdUBnYRCUoX0N/YINBaaLLtMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y1MzZhMWU0LTNiZjAtNDM1Mi05MDYx
LTY2Njk0ZDJiY2JkMy8xLzI3MDk2OUI3NTQwNjc2MTEwOTRBMTdEMERGRDgyMEQw
NUE2OEIyRUQuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC9lZGY0MmE2ZS1lNTJhLTQ0YmQtYTg3YS0w
OGNlMGM1NjllODUvZjc4MmIwZTViMmZjMjlhNTI5M2FhOTQ4OTkxMjA2NDgxYWU3
ZGQ1OGIzNjJkNjAzYWQuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2Y1MzZhMWU0LTNiZjAtNDM1Mi05MDYxLTY2Njk0ZDJiY2JkMy8xLzMyMzMyZTMx
MzYzNDJlMzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzAzNDMzMzMucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAAXpDgwDQYJKoZIhvcNAQELBQADggEBAHh4SqZd9jSnyAZ0ny95yylv
7EX1pSqFqIpnC4THC5tzVHZNwjjDs8O5Ft3Rtc8oxAqJ7MBhpeDlshfT048MHLXc
FGdj4ZUKCckh0ePgVlCMu8sXsNz1Ueb/GabNkTuxVh7RKesj2/6An5XEQgFTOjPK
bBTjbo8Aw/z8OW4crj/ow8D7WKu016TejWOIhna+ck3zy9+d0gW0BVWljEdclNog
IUALi6oZhoyDQJ34Yuny1byjVxHYA0WX2dc54fI2cC1Y8qsc5yiBAeGsDSu8DAmI
wOXl06xXEb+T8oErVOy2s3lcQ7QIcDtcBfgOZHIEHBEg7yYvKqgt63eyPBkP4os=
-----END CERTIFICATE-----