Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/3139322e3133382e3231302e302f32332d3234203d3e203631313338.roa
File:                     3139322e3133382e3231302e302f32332d3234203d3e203631313338.roa (raw, json)
Hash identifier:          HLDZGjOz804rj6BNcl9vsqsGS91AMgSNlK2sCTHM5ps=
Subject key identifier:   41:1F:04:D4:A6:6E:06:DF:91:D7:26:E6:38:21:02:96:E3:0E:C6:09
Certificate issuer:       /CN=eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46
Certificate serial:       2DEB720DA7EF87930AF1F624E116C28779D9F684
Authority key identifier: 1A:05:03:43:0B:A9:93:F7:0F:89:AB:E8:42:1B:F7:46:3F:E5:CA:BF
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a01e997c-b89e-47c2-8d79-d31e58bc3ca4/eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/3139322e3133382e3231302e302f32332d3234203d3e203631313338.roa
Signing time:             Sun 01 Jan 2023 23:59:27 +0000
ROA not before:           Sun 01 Jan 2023 23:54:27 +0000
ROA not after:            Sun 31 Dec 2023 23:59:27 +0000
asID:                     61138
IP address blocks:        192.138.210.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:eb:72:0d:a7:ef:87:93:0a:f1:f6:24:e1:16:c2:87:79:d9:f6:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46
        Validity
            Not Before: Jan  1 23:54:27 2023 GMT
            Not After : Dec 31 23:59:27 2023 GMT
        Subject: CN=411F04D4A66E06DF91D726E638210296E30EC609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0d:93:69:4d:94:6a:30:3e:3b:d9:ce:ee:cd:
                    06:df:58:84:57:07:93:f6:98:c1:b3:83:b1:a8:48:
                    64:b4:97:3b:eb:dc:da:be:eb:40:6d:72:b0:47:4f:
                    20:7c:b4:05:c5:71:ef:53:75:99:07:21:fe:a7:f1:
                    88:0e:35:8b:d4:a6:7d:69:ff:f2:90:78:77:74:16:
                    c9:4b:c0:65:20:45:a6:f3:51:0d:88:f3:70:0d:07:
                    76:2e:e9:59:08:4e:2b:5b:9c:8f:41:6e:bb:18:21:
                    ee:7e:82:9a:97:b0:0b:19:c3:a9:97:da:76:21:ec:
                    7e:fd:93:8f:ca:67:68:77:57:6b:fa:b4:aa:2b:9d:
                    6c:e1:41:50:fb:3f:4e:74:39:2f:9a:ea:7a:dc:d4:
                    af:c6:01:44:15:b0:db:36:03:90:61:9e:40:63:e2:
                    18:da:24:b4:a4:14:c2:9b:5a:b8:76:5c:aa:c9:6e:
                    6d:87:14:51:48:9e:1e:ca:7c:5f:aa:99:9a:86:e6:
                    7e:a6:d0:42:f4:13:99:64:30:bc:9c:ea:00:2e:57:
                    d7:75:be:e4:c5:99:ef:d6:1a:37:31:15:be:81:ea:
                    22:41:fc:a7:8e:20:4c:74:d2:8f:d6:c1:57:95:59:
                    12:91:ab:53:dd:ab:a5:a5:13:4c:20:23:57:d6:02:
                    45:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1F:04:D4:A6:6E:06:DF:91:D7:26:E6:38:21:02:96:E3:0E:C6:09
            X509v3 Authority Key Identifier:
                keyid:1A:05:03:43:0B:A9:93:F7:0F:89:AB:E8:42:1B:F7:46:3F:E5:CA:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/1A0503430BA993F70F89ABE8421BF7463FE5CABF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a01e997c-b89e-47c2-8d79-d31e58bc3ca4/eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/3139322e3133382e3231302e302f32332d3234203d3e203631313338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.138.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:34:90:eb:e5:de:e1:18:73:59:2b:41:4f:bb:99:b5:6a:89:
         77:a4:a5:d4:68:b4:f1:34:84:ef:8b:76:29:8c:cd:4e:a2:82:
         f7:ef:8f:65:e2:f9:e9:56:16:1d:a8:59:a3:06:96:0e:a9:01:
         c4:a2:f7:d7:d6:25:a4:f7:80:77:3f:d4:0d:59:be:13:db:4d:
         a0:dc:0f:42:85:c1:54:00:b9:95:e4:e7:2d:2c:29:3b:dc:86:
         8f:66:d0:d6:9c:55:03:f1:ff:12:1b:a0:0a:89:37:5c:77:fe:
         b6:2b:24:2e:65:94:fb:66:74:ce:01:60:92:73:e2:48:23:38:
         6a:8f:88:60:bd:4d:82:c2:49:82:c1:a3:94:4a:7f:a4:b2:47:
         ed:82:98:95:b4:18:e1:ae:a3:d3:05:b7:db:b8:7b:ae:fe:d6:
         4f:26:dd:c8:63:09:e1:b3:49:c7:13:82:7d:04:c5:92:cd:97:
         a2:99:25:1d:cc:cf:82:de:e2:95:fa:60:e8:36:b3:a7:cd:f0:
         ba:fe:07:04:10:2b:48:9b:28:83:22:21:93:dd:be:e8:24:a3:
         fa:be:13:76:b8:83:e4:c7:c0:c8:59:f1:68:0f:73:14:42:d4:
         c0:aa:6e:71:a5:e8:e4:b9:cb:e9:d3:88:e7:04:ee:4e:63:84:
         92:82:eb:68
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIULetyDafvh5MK8fYk4RbCh3nZ9oQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZWVjZjg0N2Q3YTMyMDQ2ODgxYmJmYWJhMDU5OWJkZDZk
YWIzYTgxYTg4ZDhhNDhhNDYwHhcNMjMwMTAxMjM1NDI3WhcNMjMxMjMxMjM1OTI3
WjAzMTEwLwYDVQQDEyg0MTFGMDRENEE2NkUwNkRGOTFENzI2RTYzODIxMDI5NkUz
MEVDNjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4w2TaU2UajA+
O9nO7s0G31iEVweT9pjBs4OxqEhktJc769zavutAbXKwR08gfLQFxXHvU3WZByH+
p/GIDjWL1KZ9af/ykHh3dBbJS8BlIEWm81ENiPNwDQd2LulZCE4rW5yPQW67GCHu
foKal7ALGcOpl9p2Iex+/ZOPymdod1dr+rSqK51s4UFQ+z9OdDkvmup63NSvxgFE
FbDbNgOQYZ5AY+IY2iS0pBTCm1q4dlyqyW5thxRRSJ4eynxfqpmahuZ+ptBC9BOZ
ZDC8nOoALlfXdb7kxZnv1ho3MRW+geoiQfynjiBMdNKP1sFXlVkSkatT3aulpRNM
ICNX1gJF1wIDAQABo4ICzzCCAsswHQYDVR0OBBYEFEEfBNSmbgbfkdcm5jghApbj
DsYJMB8GA1UdIwQYMBaAFBoFA0MLqZP3D4mr6EIb90Y/5cq/MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y4ZTdkODY3LWMzNWUtNGU2OS1hODE1
LWJhMWU5YjMzNmQ2Mi8xLzFBMDUwMzQzMEJBOTkzRjcwRjg5QUJFODQyMUJGNzQ2
M0ZFNUNBQkYuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2Mt
NDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9hMDFlOTk3Yy1iODllLTQ3YzItOGQ3OS1k
MzFlNThiYzNjYTQvZWVjZjg0N2Q3YTMyMDQ2ODgxYmJmYWJhMDU5OWJkZDZkYWIz
YTgxYTg4ZDhhNDhhNDYuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUH
MAuGgY9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2Y4ZTdkODY3LWMzNWUtNGU2OS1hODE1LWJhMWU5YjMzNmQ2Mi8xLzMxMzkzMjJl
MzEzMzM4MmUzMjMxMzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzNjMxMzEzMzM4
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQBwIrSMA0GCSqGSIb3DQEBCwUAA4IBAQCDNJDr5d7hGHNZK0FP
u5m1aol3pKXUaLTxNITvi3YpjM1OooL3749l4vnpVhYdqFmjBpYOqQHEovfX1iWk
94B3P9QNWb4T202g3A9ChcFUALmV5OctLCk73IaPZtDWnFUD8f8SG6AKiTdcd/62
KyQuZZT7ZnTOAWCSc+JIIzhqj4hgvU2CwkmCwaOUSn+kskftgpiVtBjhrqPTBbfb
uHuu/tZPJt3IYwnhs0nHE4J9BMWSzZeimSUdzM+C3uKV+mDoNrOnzfC6/gcEECtI
myiDIiGT3b7oJKP6vhN2uIPkx8DIWfFoD3MUQtTAqm5xpejkucvp04jnBO5OY4SS
guto
-----END CERTIFICATE-----