Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b498707-3ebd-45a5-b072-5696977433b4.roa
File:                     8b498707-3ebd-45a5-b072-5696977433b4.roa (raw, json)
Hash identifier:          eZZeSX/oIluq4sVyVvOQccKwcTCVM8dqyXYMAgHA2yQ=
Subject key identifier:   BF:84:B1:85:D2:85:F6:B8:3D:44:8A:29:E9:EB:48:DF:A4:57:F2:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1345B1E592D1D3609B184E62E37CAA68241FED92
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b498707-3ebd-45a5-b072-5696977433b4.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        157.243.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:45:b1:e5:92:d1:d3:60:9b:18:4e:62:e3:7c:aa:68:24:1f:ed:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=31d0d22d35e4dc224b3f8012fd497226687b4f7b5e328d3277762fd050a0d382, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:53:e9:a9:dd:6a:5e:4b:d3:db:dc:ac:49:5b:
                    f0:95:13:8e:a5:7e:c4:8b:67:53:8b:9c:9f:d7:d7:
                    e8:f4:9e:dd:3c:b7:4c:7e:ee:01:2e:58:bd:8f:81:
                    84:26:31:ef:79:d6:a7:42:c9:bf:7a:be:42:55:02:
                    3f:5a:a7:cf:7a:b6:2e:ed:57:cd:36:d4:70:c4:5d:
                    9a:c7:9f:83:da:0d:e8:bd:bf:7c:41:7a:cd:4c:0f:
                    ea:1c:b3:2a:c7:4c:6f:89:e0:49:36:5d:c7:d2:eb:
                    86:e6:4d:96:71:5a:c6:bb:6a:a5:52:a5:a7:67:7f:
                    93:b6:c4:93:86:c1:1b:e7:ed:58:6c:87:e1:fe:3d:
                    23:15:a5:ca:ae:3c:ec:5e:82:bb:5d:e6:83:db:18:
                    49:ff:43:eb:56:85:33:7c:21:5a:84:40:9e:f6:a1:
                    0a:32:83:93:57:81:dd:10:eb:5c:87:42:af:26:50:
                    44:87:40:2d:05:34:f9:e9:ec:fe:a6:0e:35:41:a0:
                    28:b5:bf:75:99:34:f7:db:26:83:bf:41:f5:75:8b:
                    ea:34:73:86:e1:ee:76:2f:4b:a8:01:0c:45:41:3b:
                    77:b3:65:8a:fc:c0:82:87:bb:61:97:53:56:03:dd:
                    3a:09:f8:27:ab:61:d8:bd:83:16:10:cb:11:75:ed:
                    20:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:84:B1:85:D2:85:F6:B8:3D:44:8A:29:E9:EB:48:DF:A4:57:F2:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b498707-3ebd-45a5-b072-5696977433b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.243.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         21:e1:79:05:1f:4b:5e:78:96:86:8a:f7:fe:b7:1c:c8:72:a2:
         ed:b5:a1:db:e0:59:c6:6c:48:e8:68:46:a1:07:3b:dd:aa:a2:
         0c:ce:60:11:ad:d5:cf:25:27:3d:a5:71:46:0a:75:04:46:18:
         60:9a:9d:ea:37:46:71:c0:52:83:d8:e1:26:c4:8a:a3:4a:78:
         2c:78:96:f1:30:25:1e:29:f7:db:7e:79:86:73:be:2a:01:65:
         fb:67:e6:9a:80:cf:35:ea:ea:17:aa:a2:e1:03:1d:bd:f9:aa:
         5b:f3:d9:01:85:5d:96:00:1d:10:dd:56:20:6a:8a:d6:f4:87:
         f2:04:01:6c:00:db:18:02:bc:7f:18:86:bf:cd:75:48:a2:ad:
         07:19:16:f2:cf:cd:fe:76:60:74:0c:10:ca:91:46:fe:32:82:
         17:a1:24:ba:bd:59:2e:39:93:a7:fc:c4:81:7c:c7:50:63:cf:
         de:8e:c0:ce:c3:83:2f:15:03:bd:8b:e4:5e:70:77:85:f7:ed:
         cc:6b:64:ee:9d:e1:c1:ce:04:2a:0e:ac:68:30:1b:79:e8:a7:
         5f:b0:cb:64:e3:b3:de:b3:97:84:4b:91:55:0f:2f:bd:bf:ff:
         82:a1:75:1b:af:f9:f1:06:ce:d2:39:37:30:b7:f7:b2:af:7d:
         d6:31:7b:ec
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE0Wx5ZLR02CbGE5i43yqaCQf7ZIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMWQwZDIyZDM1ZTRkYzIyNGIzZjgwMTJmZDQ5NzIyNjY4
N2I0ZjdiNWUzMjhkMzI3Nzc2MmZkMDUwYTBkMzgyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2U+mp3WpeS9Pb3KxJW/CVE46lfsSLZ1OLnJ/X1+j0nt08
t0x+7gEuWL2PgYQmMe951qdCyb96vkJVAj9ap896ti7tV8021HDEXZrHn4PaDei9
v3xBes1MD+ocsyrHTG+J4Ek2XcfS64bmTZZxWsa7aqVSpadnf5O2xJOGwRvn7Vhs
h+H+PSMVpcquPOxegrtd5oPbGEn/Q+tWhTN8IVqEQJ72oQoyg5NXgd0Q61yHQq8m
UESHQC0FNPnp7P6mDjVBoCi1v3WZNPfbJoO/QfV1i+o0c4bh7nYvS6gBDEVBO3ez
ZYr8wIKHu2GXU1YD3ToJ+CerYdi9gxYQyxF17SC7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUv4SxhdKF9rg9RIop6etI36RX8uUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiNDk4NzA3LTNlYmQtNDVhNS1iMDcyLTU2OTY5Nzc0MzNiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCd8zANBgkqhkiG9w0BAQsFAAOCAQEAIeF5BR9LXniWhor3/rccyHKi7bWh
2+BZxmxI6GhGoQc73aqiDM5gEa3VzyUnPaVxRgp1BEYYYJqd6jdGccBSg9jhJsSK
o0p4LHiW8TAlHin32355hnO+KgFl+2fmmoDPNerqF6qi4QMdvfmqW/PZAYVdlgAd
EN1WIGqK1vSH8gQBbADbGAK8fxiGv811SKKtBxkW8s/N/nZgdAwQypFG/jKCF6Ek
ur1ZLjmTp/zEgXzHUGPP3o7AzsODLxUDvYvkXnB3hfftzGtk7p3hwc4EKg6saDAb
eeinX7DLZOOz3rOXhEuRVQ8vvb//gqF1G6/58QbO0jk3MLf3sq991jF77A==
-----END CERTIFICATE-----