Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc615ebd-5c28-4334-8d2c-ec3158afdc8c/0/326130613a363034343a613530343a3a2f34362d3438203d3e20323135393536.roa
File:                     326130613a363034343a613530343a3a2f34362d3438203d3e20323135393536.roa (raw, json)
Hash identifier:          dfLgCSPeR7nfOa9hWb3Vtx7TDJdHmIvgqmB4byoQLA4=
Subject key identifier:   7D:C5:1B:E2:D3:71:9C:48:F7:1A:A9:78:A6:A0:CC:4C:44:5F:CF:B8
Certificate issuer:       /CN=D7D838DED871774D2E875C9CB99B810DC1B38301
Certificate serial:       403978636A7EBE5AA98F5C11997ACE00AF6D3EFE
Authority key identifier: D7:D8:38:DE:D8:71:77:4D:2E:87:5C:9C:B9:9B:81:0D:C1:B3:83:01
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/D7D838DED871774D2E875C9CB99B810DC1B38301.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc615ebd-5c28-4334-8d2c-ec3158afdc8c/0/326130613a363034343a613530343a3a2f34362d3438203d3e20323135393536.roa
Signing time:             Sun 28 Apr 2024 23:45:16 +0000
ROA not before:           Sun 28 Apr 2024 23:40:16 +0000
ROA not after:            Sun 27 Apr 2025 23:45:16 +0000
asID:                     215956
IP address blocks:        2a0a:6044:a504::/46 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:39:78:63:6a:7e:be:5a:a9:8f:5c:11:99:7a:ce:00:af:6d:3e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D7D838DED871774D2E875C9CB99B810DC1B38301
        Validity
            Not Before: Apr 28 23:40:16 2024 GMT
            Not After : Apr 27 23:45:16 2025 GMT
        Subject: CN=7DC51BE2D3719C48F71AA978A6A0CC4C445FCFB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9c:11:a1:4d:ad:d9:de:28:c0:d5:76:d4:f9:
                    76:8a:57:48:d7:2d:57:53:93:16:fb:48:fe:03:eb:
                    43:6e:42:81:02:44:30:5c:77:ad:65:e3:09:a4:47:
                    17:be:62:6b:f5:d7:44:ad:32:fa:a8:61:31:90:8f:
                    45:de:a4:59:ee:63:72:e7:b3:5b:e9:85:26:ac:11:
                    1e:ed:d3:97:0f:93:c7:90:e4:c3:63:9b:09:45:ed:
                    59:3d:45:2e:f8:3c:c9:9c:35:87:0b:ab:3d:21:bb:
                    51:0e:69:01:26:38:9b:0c:fd:4f:9e:b1:8a:83:44:
                    bc:33:53:e8:d6:c2:b2:d1:51:09:d4:b7:2d:4f:d5:
                    e0:d5:4f:b8:de:9d:55:e1:af:45:43:7b:c5:fd:68:
                    20:b8:08:73:f9:74:45:fb:93:74:22:c2:8b:d2:6a:
                    72:52:f8:33:35:37:3e:a4:d3:32:5c:1a:8d:54:69:
                    83:0a:4f:f9:b1:81:1c:de:bd:de:42:19:00:bf:3e:
                    36:3c:d2:71:2b:2b:73:6d:c4:66:1f:0e:8a:0a:bb:
                    fb:e0:13:3d:ad:85:01:ba:9b:4a:e9:ab:f3:5e:c2:
                    3e:02:07:9d:8c:81:af:9e:c9:7b:c2:f2:8f:a9:5f:
                    8e:bb:01:b6:d7:31:f9:8c:df:6c:a8:ef:85:cb:3c:
                    6d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C5:1B:E2:D3:71:9C:48:F7:1A:A9:78:A6:A0:CC:4C:44:5F:CF:B8
            X509v3 Authority Key Identifier:
                keyid:D7:D8:38:DE:D8:71:77:4D:2E:87:5C:9C:B9:9B:81:0D:C1:B3:83:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc615ebd-5c28-4334-8d2c-ec3158afdc8c/0/D7D838DED871774D2E875C9CB99B810DC1B38301.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/D7D838DED871774D2E875C9CB99B810DC1B38301.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc615ebd-5c28-4334-8d2c-ec3158afdc8c/0/326130613a363034343a613530343a3a2f34362d3438203d3e20323135393536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:a504::/46

    Signature Algorithm: sha256WithRSAEncryption
         66:3d:d7:cc:d0:c3:04:90:2d:5c:2e:5a:cf:47:dc:ff:1f:6b:
         d2:3a:d8:92:87:cd:cc:25:82:82:43:df:50:c2:43:be:ba:37:
         37:e3:14:4d:44:8a:1d:07:23:59:36:fd:b2:7d:07:6b:29:b3:
         0b:e5:68:07:61:2d:e4:a2:71:81:ae:9f:5c:e4:fb:8c:39:c0:
         0e:01:18:79:af:08:1c:e9:09:65:b4:8c:78:8c:1f:99:dd:e7:
         0d:a8:cc:1f:b8:21:89:1e:87:1d:5b:b5:ca:55:98:80:4f:0d:
         27:64:23:66:9a:42:d1:37:38:12:ca:29:64:ba:a2:79:7f:c0:
         c4:81:91:22:1d:8a:82:9d:51:ff:be:34:d0:4f:7c:8a:48:d9:
         64:27:34:27:09:17:96:61:84:f4:9d:b2:2a:07:bb:c6:a8:0f:
         df:d6:e1:bd:ac:f9:7e:3e:13:8e:bb:93:6f:c2:57:f6:fa:72:
         2f:90:e9:ef:63:80:56:7a:48:b5:40:f6:35:ca:3f:fd:d0:ee:
         36:11:50:bb:fe:8f:a4:2d:93:6e:a2:b0:7b:30:24:a5:cb:bb:
         cb:68:bb:50:75:dd:8b:13:63:7c:03:78:42:7d:b7:2c:ba:a7:
         fc:4a:91:44:53:e5:c3:49:d5:de:7c:ad:5a:7c:e4:a3:5c:37:
         28:d6:5a:80
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUQDl4Y2p+vlqpj1wRmXrOAK9tPv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDdEODM4REVEODcxNzc0RDJFODc1QzlDQjk5QjgxMERD
MUIzODMwMTAeFw0yNDA0MjgyMzQwMTZaFw0yNTA0MjcyMzQ1MTZaMDMxMTAvBgNV
BAMTKDdEQzUxQkUyRDM3MTlDNDhGNzFBQTk3OEE2QTBDQzRDNDQ1RkNGQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTnBGhTa3Z3ijA1XbU+XaKV0jX
LVdTkxb7SP4D60NuQoECRDBcd61l4wmkRxe+Ymv110StMvqoYTGQj0XepFnuY3Ln
s1vphSasER7t05cPk8eQ5MNjmwlF7Vk9RS74PMmcNYcLqz0hu1EOaQEmOJsM/U+e
sYqDRLwzU+jWwrLRUQnUty1P1eDVT7jenVXhr0VDe8X9aCC4CHP5dEX7k3QiwovS
anJS+DM1Nz6k0zJcGo1UaYMKT/mxgRzevd5CGQC/PjY80nErK3NtxGYfDooKu/vg
Ez2thQG6m0rpq/Newj4CB52Mga+eyXvC8o+pX467AbbXMfmM32yo74XLPG03AgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUfcUb4tNxnEj3Gql4pqDMTERfz7gwHwYDVR0j
BBgwFoAU19g43thxd00uh1ycuZuBDcGzgwEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM2MTVlYmQtNWMyOC00MzM0LThkMmMtZWMzMTU4YWZk
YzhjLzAvRDdEODM4REVEODcxNzc0RDJFODc1QzlDQjk5QjgxMERDMUIzODMwMS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zMjUzZDk3My1kNWJmLTQ1
NDEtYmNjMS0yNzY1NDNhMjVjN2QvMC9EN0Q4MzhERUQ4NzE3NzREMkU4NzVDOUNC
OTlCODEwREMxQjM4MzAxLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9mYzYxNWViZC01YzI4LTQzMzQtOGQyYy1lYzMxNThhZmRjOGMvMC8zMjYxMzA2
MTNhMzYzMDM0MzQzYTYxMzUzMDM0M2EzYTJmMzQzNjJkMzQzODIwM2QzZTIwMzIz
MTM1MzkzNTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcCKgpgRKUEMA0GCSqGSIb3DQEBCwUAA4IBAQBm
PdfM0MMEkC1cLlrPR9z/H2vSOtiSh83MJYKCQ99QwkO+ujc34xRNRIodByNZNv2y
fQdrKbML5WgHYS3konGBrp9c5PuMOcAOARh5rwgc6QlltIx4jB+Z3ecNqMwfuCGJ
HocdW7XKVZiATw0nZCNmmkLRNzgSyilkuqJ5f8DEgZEiHYqCnVH/vjTQT3yKSNlk
JzQnCReWYYT0nbIqB7vGqA/f1uG9rPl+PhOOu5Nvwlf2+nIvkOnvY4BWeki1QPY1
yj/90O42EVC7/o+kLZNuorB7MCSly7vLaLtQdd2LE2N8A3hCfbcsuqf8SpFEU+XD
SdXefK1afOSjXDco1lqA
-----END CERTIFICATE-----