Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/32332e3137382e37322e302f32342d3332203d3e203437323732.roa
File:                     32332e3137382e37322e302f32342d3332203d3e203437323732.roa (raw, json)
Hash identifier:          /oLZNNLY8HETWCKcLu57GGam7qooB1Li5d7hSe25K/E=
Subject key identifier:   F7:40:F5:56:27:1B:A3:41:ED:4A:6C:57:F3:E8:88:CF:21:57:AD:00
Certificate issuer:       /CN=f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7
Certificate serial:       74F9866D95D9199312E2DF09010B493EDE77220E
Authority key identifier: 24:F5:DA:48:C3:AF:BC:A0:FF:D9:21:54:7E:F0:9F:77:6A:F8:A2:EA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/32332e3137382e37322e302f32342d3332203d3e203437323732.roa
Signing time:             Fri 07 Feb 2025 11:41:10 +0000
ROA not before:           Fri 07 Feb 2025 11:36:10 +0000
ROA not after:            Fri 06 Feb 2026 11:41:10 +0000
asID:                     47272
IP address blocks:        23.178.72.0/24 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:f9:86:6d:95:d9:19:93:12:e2:df:09:01:0b:49:3e:de:77:22:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7
        Validity
            Not Before: Feb  7 11:36:10 2025 GMT
            Not After : Feb  6 11:41:10 2026 GMT
        Subject: CN=F740F556271BA341ED4A6C57F3E888CF2157AD00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:32:50:8e:0c:e8:a4:09:5d:6d:fd:f4:2d:50:
                    40:af:51:a4:e5:b7:fe:3f:41:d6:9f:c8:dd:9a:62:
                    ef:1c:09:1f:d0:d1:d0:2e:f1:f1:e3:9b:f1:25:e1:
                    60:8e:3c:79:e7:92:de:14:6b:7a:2f:96:04:95:56:
                    68:ac:eb:23:40:f2:b8:49:14:10:68:a2:97:ef:17:
                    eb:aa:f6:d7:17:11:30:7b:1a:8b:23:36:ac:3d:5b:
                    62:ff:f1:61:cf:fe:3f:e1:39:1f:f4:38:2e:8d:a7:
                    a7:5f:e7:f2:1d:f7:d4:bf:48:c4:c2:77:92:4f:aa:
                    b5:f9:9e:db:d0:f3:00:bc:f3:ce:d8:d7:b3:ba:af:
                    80:de:0b:18:dc:18:7e:bb:c8:b3:02:96:ec:13:4e:
                    cb:91:fd:c5:c7:26:a5:83:0d:c6:7e:e3:e0:9c:fc:
                    de:e7:4e:88:d9:9c:c5:25:cb:9b:63:d9:87:64:3e:
                    37:37:ba:e8:d3:b3:58:a5:8b:c7:e1:ce:74:1d:c2:
                    58:a6:a6:de:a6:49:cf:3d:a9:4f:c7:1b:40:87:6a:
                    7d:19:bd:3c:4b:81:ee:a1:b0:50:51:be:c9:9d:60:
                    b7:cd:a4:8a:ef:5a:2f:c3:4a:4c:31:e9:fe:f5:73:
                    16:c2:97:08:6c:57:52:28:4e:89:27:8f:76:64:80:
                    d1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:40:F5:56:27:1B:A3:41:ED:4A:6C:57:F3:E8:88:CF:21:57:AD:00
            X509v3 Authority Key Identifier:
                keyid:24:F5:DA:48:C3:AF:BC:A0:FF:D9:21:54:7E:F0:9F:77:6A:F8:A2:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/24F5DA48C3AFBCA0FFD921547EF09F776AF8A2EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/02c7706b-3baf-42cb-bdf7-782b036252b3/f44c82daba9eca746b0d00f5ec1c709454be6125661b92bda7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/1/32332e3137382e37322e302f32342d3332203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.178.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:96:53:90:0d:8e:88:2e:6f:f0:c9:40:35:2c:5d:85:c7:02:
         77:74:bf:a8:45:cf:af:76:b4:2d:d9:69:47:76:8b:d1:01:b6:
         be:78:c5:a6:1c:48:69:ef:fc:85:3d:2f:de:9d:75:82:ce:8a:
         c4:14:68:5e:04:bf:9d:b6:1e:59:19:38:6d:eb:14:40:71:ab:
         66:1a:8f:a0:65:f9:29:52:04:c4:13:ec:f9:2e:cc:cc:68:68:
         96:f7:71:22:3b:ff:eb:a7:0d:ac:bd:4e:d0:81:7a:a7:9f:58:
         76:e9:8a:59:15:a2:d5:f9:e6:c7:24:e0:d5:00:32:48:d9:e1:
         9a:ec:6c:5b:3c:c7:f3:6b:9a:d4:dc:90:28:c0:2b:90:df:c4:
         43:79:9d:49:0b:d7:dd:dc:43:89:54:2c:71:c1:6b:45:f1:e0:
         65:be:ee:88:72:63:af:d3:93:30:d5:25:72:aa:7b:03:bc:a4:
         9c:15:81:02:a5:96:87:27:f9:a9:b4:60:d5:de:fe:45:db:73:
         73:0f:3e:4b:e4:22:b2:6e:e4:75:5c:a0:b0:46:56:da:24:34:
         92:09:44:76:0b:b0:fa:f2:f2:be:a4:83:a8:b9:3c:12:53:a9:
         2c:c0:ac:86:18:5c:35:b7:b2:e0:34:ef:60:5d:4f:20:6b:ba:
         50:e5:5f:be
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUdPmGbZXZGZMS4t8JAQtJPt53Ig4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZjQ0YzgyZGFiYTllY2E3NDZiMGQwMGY1ZWMxYzcwOTQ1
NGJlNjEyNTY2MWI5MmJkYTcwHhcNMjUwMjA3MTEzNjEwWhcNMjYwMjA2MTE0MTEw
WjAzMTEwLwYDVQQDEyhGNzQwRjU1NjI3MUJBMzQxRUQ0QTZDNTdGM0U4ODhDRjIx
NTdBRDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzJQjgzopAld
bf30LVBAr1Gk5bf+P0HWn8jdmmLvHAkf0NHQLvHx45vxJeFgjjx555LeFGt6L5YE
lVZorOsjQPK4SRQQaKKX7xfrqvbXFxEwexqLIzasPVti//Fhz/4/4Tkf9Dgujaen
X+fyHffUv0jEwneST6q1+Z7b0PMAvPPO2Nezuq+A3gsY3Bh+u8izApbsE07Lkf3F
xyalgw3GfuPgnPze506I2ZzFJcubY9mHZD43N7ro07NYpYvH4c50HcJYpqbepknP
PalPxxtAh2p9Gb08S4HuobBQUb7JnWC3zaSK71ovw0pMMen+9XMWwpcIbFdSKE6J
J492ZIDRqQIDAQABo4ICyzCCAscwHQYDVR0OBBYEFPdA9VYnG6NB7UpsV/PoiM8h
V60AMB8GA1UdIwQYMBaAFCT12kjDr7yg/9khVH7wn3dq+KLqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y3OTQ4NzM4LTMyNTUtNDlmOS05YjZj
LTljOWYzODk4OTk1ZC8xLzI0RjVEQTQ4QzNBRkJDQTBGRkQ5MjE1NDdFRjA5Rjc3
NkFGOEEyRUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC8wMmM3NzA2Yi0zYmFmLTQyY2ItYmRmNy03
ODJiMDM2MjUyYjMvZjQ0YzgyZGFiYTllY2E3NDZiMGQwMGY1ZWMxYzcwOTQ1NGJl
NjEyNTY2MWI5MmJkYTcuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2Y3OTQ4NzM4LTMyNTUtNDlmOS05YjZjLTljOWYzODk4OTk1ZC8xLzMyMzMyZTMx
MzczODJlMzczMjJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM0MzczMjM3MzIucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAAXskgwDQYJKoZIhvcNAQELBQADggEBAJWWU5ANjogub/DJQDUsXYXH
And0v6hFz692tC3ZaUd2i9EBtr54xaYcSGnv/IU9L96ddYLOisQUaF4Ev522HlkZ
OG3rFEBxq2Yaj6Bl+SlSBMQT7PkuzMxoaJb3cSI7/+unDay9TtCBeqefWHbpilkV
otX55sck4NUAMkjZ4ZrsbFs8x/NrmtTckCjAK5DfxEN5nUkL193cQ4lULHHBa0Xx
4GW+7ohyY6/TkzDVJXKqewO8pJwVgQKllocn+am0YNXe/kXbc3MPPkvkIrJu5HVc
oLBGVtokNJIJRHYLsPry8r6kg6i5PBJTqSzArIYYXDW3suA072BdTyBrulDlX74=
-----END CERTIFICATE-----