Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/3231362e37332e3135382e302f32342d3234203d3e203233343730.roa
File:                     3231362e37332e3135382e302f32342d3234203d3e203233343730.roa (raw, json)
Hash identifier:          D7uFhgcq31Cum3diRZFBHKP9GFrjJ0BIumBJ8LO7+74=
Subject key identifier:   B9:3C:80:62:82:8B:63:05:1F:46:84:00:BB:56:59:30:91:B3:D2:ED
Certificate issuer:       /CN=eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46
Certificate serial:       03983D5183FC4391F9C9FE4D880EB2728B5FCCEE
Authority key identifier: 1A:05:03:43:0B:A9:93:F7:0F:89:AB:E8:42:1B:F7:46:3F:E5:CA:BF
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a01e997c-b89e-47c2-8d79-d31e58bc3ca4/eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/3231362e37332e3135382e302f32342d3234203d3e203233343730.roa
Signing time:             Sun 01 Jan 2023 23:59:26 +0000
ROA not before:           Sun 01 Jan 2023 23:54:26 +0000
ROA not after:            Sun 31 Dec 2023 23:59:26 +0000
asID:                     23470
IP address blocks:        216.73.158.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:98:3d:51:83:fc:43:91:f9:c9:fe:4d:88:0e:b2:72:8b:5f:cc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46
        Validity
            Not Before: Jan  1 23:54:26 2023 GMT
            Not After : Dec 31 23:59:26 2023 GMT
        Subject: CN=B93C8062828B63051F468400BB56593091B3D2ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ac:9e:9c:b6:f2:0b:32:a6:7e:75:74:3a:00:
                    8e:9e:a7:b3:c4:52:7d:1a:3f:3c:0b:b0:0a:89:70:
                    3b:47:ae:53:36:1d:3a:cb:a0:42:0c:c1:5f:99:cc:
                    54:cc:3f:c4:37:7f:ee:57:78:d4:4e:d3:44:b5:77:
                    c5:e4:5f:f6:6e:01:38:75:6e:a1:f0:9d:01:eb:ef:
                    73:fb:66:c5:31:ef:0f:65:35:f6:41:e5:28:2d:7c:
                    8d:2f:0d:41:9a:68:aa:88:16:d3:54:3b:21:af:ed:
                    a2:87:87:c5:06:c8:a6:59:21:47:8f:b6:f0:88:65:
                    72:c5:11:78:d2:18:94:01:a6:81:77:f6:71:0b:c6:
                    b3:05:61:f9:41:cb:82:9d:21:0a:b8:40:7f:69:57:
                    f5:13:f1:bd:fa:7d:18:06:b5:d5:ae:d0:e4:53:67:
                    cd:5c:2c:6e:62:dd:5e:19:e3:b4:0e:18:11:0c:a0:
                    f9:df:1b:9d:c2:50:d1:12:14:20:20:04:53:0e:1a:
                    29:28:f6:bd:75:7c:c9:d8:6e:8c:31:1d:25:3d:08:
                    2a:f3:d2:3a:ee:fa:35:23:93:3b:21:47:d8:5f:ae:
                    cc:5c:8a:2e:c5:f0:db:53:05:b1:d3:f4:f8:fa:3e:
                    57:36:62:e9:f7:d3:08:2e:ac:94:4c:8b:f0:a0:3f:
                    51:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:3C:80:62:82:8B:63:05:1F:46:84:00:BB:56:59:30:91:B3:D2:ED
            X509v3 Authority Key Identifier:
                keyid:1A:05:03:43:0B:A9:93:F7:0F:89:AB:E8:42:1B:F7:46:3F:E5:CA:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/1A0503430BA993F70F89ABE8421BF7463FE5CABF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a01e997c-b89e-47c2-8d79-d31e58bc3ca4/eecf847d7a32046881bbfaba0599bdd6dab3a81a88d8a48a46.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f8e7d867-c35e-4e69-a815-ba1e9b336d62/1/3231362e37332e3135382e302f32342d3234203d3e203233343730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.73.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:a5:aa:c4:db:c3:2b:5c:85:1a:3a:3e:e7:e5:c8:4f:f5:31:
         4c:3c:c9:d1:a9:9b:c6:a4:ca:c6:ec:52:69:d6:16:74:57:18:
         ea:19:04:70:e1:25:25:38:dc:3f:c0:8d:73:4e:d6:46:fb:2e:
         d5:31:8c:a8:d5:72:2b:9b:0a:f7:51:e6:f1:b2:cc:91:6f:68:
         43:83:10:be:75:67:a2:f7:4c:68:f8:08:0f:0c:de:c9:bd:86:
         bd:9c:b3:f1:e3:43:4a:60:66:78:06:ad:66:8a:4b:77:48:e7:
         ef:91:e1:7b:b7:56:bf:33:de:66:f6:73:6d:10:33:7f:08:9d:
         95:b2:65:f5:70:95:61:41:a6:54:c7:4e:fc:ac:d8:19:0f:16:
         f4:15:fa:c1:bb:99:a0:cf:8f:b4:4d:c1:74:ad:86:3d:51:15:
         e9:59:bb:c2:15:05:d6:53:10:ff:47:eb:6e:a8:54:83:10:04:
         4b:12:ec:76:cc:71:34:35:e5:ee:da:19:1e:7a:64:c9:69:ef:
         82:88:e3:22:46:f5:99:64:3b:48:04:e8:15:15:3e:ad:fd:62:
         b4:f1:b3:69:a3:6c:37:35:da:de:b0:6c:65:79:7d:13:12:ef:
         1f:cc:7f:e2:44:16:48:da:10:ed:45:e7:d5:9e:0d:55:95:4d:
         8e:9b:d5:4c
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUA5g9UYP8Q5H5yf5NiA6ycotfzO4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZWVjZjg0N2Q3YTMyMDQ2ODgxYmJmYWJhMDU5OWJkZDZk
YWIzYTgxYTg4ZDhhNDhhNDYwHhcNMjMwMTAxMjM1NDI2WhcNMjMxMjMxMjM1OTI2
WjAzMTEwLwYDVQQDEyhCOTNDODA2MjgyOEI2MzA1MUY0Njg0MDBCQjU2NTkzMDkx
QjNEMkVEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KyenLbyCzKm
fnV0OgCOnqezxFJ9Gj88C7AKiXA7R65TNh06y6BCDMFfmcxUzD/EN3/uV3jUTtNE
tXfF5F/2bgE4dW6h8J0B6+9z+2bFMe8PZTX2QeUoLXyNLw1BmmiqiBbTVDshr+2i
h4fFBsimWSFHj7bwiGVyxRF40hiUAaaBd/ZxC8azBWH5QcuCnSEKuEB/aVf1E/G9
+n0YBrXVrtDkU2fNXCxuYt1eGeO0DhgRDKD53xudwlDREhQgIARTDhopKPa9dXzJ
2G6MMR0lPQgq89I67vo1I5M7IUfYX67MXIouxfDbUwWx0/T4+j5XNmLp99MILqyU
TIvwoD9RLwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFLk8gGKCi2MFH0aEALtWWTCR
s9LtMB8GA1UdIwQYMBaAFBoFA0MLqZP3D4mr6EIb90Y/5cq/MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y4ZTdkODY3LWMzNWUtNGU2OS1hODE1
LWJhMWU5YjMzNmQ2Mi8xLzFBMDUwMzQzMEJBOTkzRjcwRjg5QUJFODQyMUJGNzQ2
M0ZFNUNBQkYuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2Mt
NDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9hMDFlOTk3Yy1iODllLTQ3YzItOGQ3OS1k
MzFlNThiYzNjYTQvZWVjZjg0N2Q3YTMyMDQ2ODgxYmJmYWJhMDU5OWJkZDZkYWIz
YTgxYTg4ZDhhNDhhNDYuY2VyMIGtBggrBgEFBQcBCwSBoDCBnTCBmgYIKwYBBQUH
MAuGgY1yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2Y4ZTdkODY3LWMzNWUtNGU2OS1hODE1LWJhMWU5YjMzNmQ2Mi8xLzMyMzEzNjJl
MzczMzJlMzEzNTM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMzM0MzczMC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEANhJnjANBgkqhkiG9w0BAQsFAAOCAQEACaWqxNvDK1yFGjo+5+XI
T/UxTDzJ0ambxqTKxuxSadYWdFcY6hkEcOElJTjcP8CNc07WRvsu1TGMqNVyK5sK
91Hm8bLMkW9oQ4MQvnVnovdMaPgIDwzeyb2GvZyz8eNDSmBmeAatZopLd0jn75Hh
e7dWvzPeZvZzbRAzfwidlbJl9XCVYUGmVMdO/KzYGQ8W9BX6wbuZoM+PtE3BdK2G
PVEV6Vm7whUF1lMQ/0frbqhUgxAESxLsdsxxNDXl7toZHnpkyWnvgojjIkb1mWQ7
SAToFRU+rf1itPGzaaNsNzXa3rBsZXl9ExLvH8x/4kQWSNoQ7UXn1Z4NVZVNjpvV
TA==
-----END CERTIFICATE-----