Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7004d015-2c17-4923-a823-e12cd7f4aa5a.roa
File:                     7004d015-2c17-4923-a823-e12cd7f4aa5a.roa (raw, json)
Hash identifier:          AJmK21HL2P8874Y5YWZfxQzcvsujrcnvReG3nbNG6Kc=
Subject key identifier:   4D:22:78:B1:A6:BC:39:FC:FD:1E:B4:B4:D8:44:DA:A5:CB:D3:2E:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       579988E7241C77CB51318BE9821A1D04F1C09B80
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7004d015-2c17-4923-a823-e12cd7f4aa5a.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.102.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:99:88:e7:24:1c:77:cb:51:31:8b:e9:82:1a:1d:04:f1:c0:9b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=f144225ffa02b556ba56bfe6e5dbbcb2c724387f20e5242a7eb1c11bbfcea1e1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:57:9f:95:9e:f8:9e:3d:94:e5:10:c9:85:bb:
                    05:b1:3a:29:21:b5:0e:ae:82:2c:30:a0:21:ee:8f:
                    b8:fc:32:c9:76:47:8c:8b:68:a9:80:09:12:c0:39:
                    e4:ac:d6:58:43:3f:22:2c:9a:6c:70:e1:b2:cc:52:
                    a0:44:48:b8:f0:f7:df:b2:8a:94:7c:28:39:ca:66:
                    be:b6:69:c8:31:3e:2a:ea:b6:7d:1c:1e:cd:3a:da:
                    db:a2:6b:28:df:5d:10:4c:97:8c:5e:9f:f1:a4:26:
                    98:aa:36:80:58:1b:06:31:27:16:7b:09:f8:b2:7e:
                    b3:43:b4:b9:9b:54:d4:6b:75:16:eb:26:f9:35:1c:
                    40:19:b1:d1:a6:24:76:8e:9a:df:4a:bc:a7:83:40:
                    4a:2a:2c:76:00:a9:73:c2:52:7a:e9:59:57:e2:0f:
                    cd:e3:4b:68:b6:fb:44:d3:41:4d:93:38:14:0c:3f:
                    97:da:b6:36:81:2c:bb:3a:16:94:d7:cd:a6:b8:23:
                    9c:82:03:69:da:99:91:b2:5f:6e:44:0d:5e:40:cd:
                    c0:b3:ed:cf:98:a5:41:ff:2c:57:f0:bf:02:1a:13:
                    9f:01:5e:93:c1:75:02:10:73:fd:3d:66:e6:1e:08:
                    db:1d:41:ad:cb:ef:1f:2c:2f:5f:b1:9b:fc:6f:67:
                    88:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:22:78:B1:A6:BC:39:FC:FD:1E:B4:B4:D8:44:DA:A5:CB:D3:2E:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7004d015-2c17-4923-a823-e12cd7f4aa5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.102.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         67:2b:a6:46:18:cf:9e:c5:04:d0:8c:78:54:40:1b:dc:7a:3b:
         b4:77:d8:da:93:27:11:9c:ba:03:0d:7b:e2:14:b5:c5:56:c0:
         d5:5d:57:f1:ad:ec:a7:f9:49:b5:2d:54:db:31:2d:1b:59:df:
         5d:6f:52:ca:2c:7d:a4:39:b7:8b:0a:20:59:8d:89:20:05:60:
         9a:e7:34:c8:52:06:76:ed:60:98:92:2d:f8:92:0a:ab:f5:06:
         5d:bb:44:d0:d0:b8:68:d0:2e:74:b3:76:4e:ea:3f:22:e3:20:
         7c:fe:41:cb:5e:f6:98:db:01:71:39:de:e9:73:01:f2:1e:56:
         d9:17:fa:d5:da:d9:29:f6:ee:d6:34:ee:7a:58:ca:87:ef:5a:
         32:bd:e2:b6:8f:78:78:a8:1c:02:96:46:0f:43:d3:44:c8:79:
         58:c8:54:9e:da:36:8d:0b:80:5f:78:ad:20:f1:c4:43:80:a6:
         a8:a2:51:0f:a3:ed:08:71:90:6e:be:df:91:98:6a:de:1e:6f:
         40:f6:b7:95:c7:37:37:90:f9:fc:b4:18:22:a3:57:75:d1:3f:
         30:f2:a7:66:4b:ec:c5:a8:a2:30:f7:81:e4:14:e0:e2:e0:34:
         8b:eb:c2:87:06:db:13:a1:b4:4f:43:c1:c2:63:f6:e1:da:fa:
         0a:5d:1b:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV5mI5yQcd8tRMYvpghodBPHAm4AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTQ0MjI1ZmZhMDJiNTU2YmE1NmJmZTZlNWRiYmNiMmM3
MjQzODdmMjBlNTI0MmE3ZWIxYzExYmJmY2VhMWUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFV5+VnviePZTlEMmFuwWxOikhtQ6ugiwwoCHuj7j8Msl2
R4yLaKmACRLAOeSs1lhDPyIsmmxw4bLMUqBESLjw99+yipR8KDnKZr62acgxPirq
tn0cHs062tuiayjfXRBMl4xen/GkJpiqNoBYGwYxJxZ7CfiyfrNDtLmbVNRrdRbr
Jvk1HEAZsdGmJHaOmt9KvKeDQEoqLHYAqXPCUnrpWVfiD83jS2i2+0TTQU2TOBQM
P5fatjaBLLs6FpTXzaa4I5yCA2namZGyX25EDV5AzcCz7c+YpUH/LFfwvwIaE58B
XpPBdQIQc/09ZuYeCNsdQa3L7x8sL1+xm/xvZ4gDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTSJ4saa8Ofz9HrS02ETapcvTLgAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwMDRkMDE1LTJjMTctNDkyMy1hODIzLWUxMmNkN2Y0YWE1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWoZqAwDQYJKoZIhvcNAQELBQADggEBAGcrpkYYz57FBNCMeFRAG9x6O7R3
2NqTJxGcugMNe+IUtcVWwNVdV/Gt7Kf5SbUtVNsxLRtZ311vUsosfaQ5t4sKIFmN
iSAFYJrnNMhSBnbtYJiSLfiSCqv1Bl27RNDQuGjQLnSzdk7qPyLjIHz+Qcte9pjb
AXE53ulzAfIeVtkX+tXa2Sn27tY07npYyofvWjK94raPeHioHAKWRg9D00TIeVjI
VJ7aNo0LgF94rSDxxEOApqiiUQ+j7QhxkG6+35GYat4eb0D2t5XHNzeQ+fy0GCKj
V3XRPzDyp2ZL7MWoojD3geQU4OLgNIvrwocG2xOhtE9DwcJj9uHa+gpdG2o=
-----END CERTIFICATE-----