Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e96bbb8e-db86-4398-a60a-ddece0b4a061.roa
File:                     e96bbb8e-db86-4398-a60a-ddece0b4a061.roa (raw, json)
Hash identifier:          QJjOtRez8IJO/vZKt0wU5fWa0kEcmQomChLV2l+/B4U=
Subject key identifier:   4D:07:7E:6C:51:DA:BE:46:8B:9D:59:07:CD:76:B2:FC:F1:43:74:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5084BD343FD3DCBAB265B5F04FBF8DB8103DCAE6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e96bbb8e-db86-4398-a60a-ddece0b4a061.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.22.73.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:84:bd:34:3f:d3:dc:ba:b2:65:b5:f0:4f:bf:8d:b8:10:3d:ca:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=f5b3d43d5c2412f23169abdd5f02a67a62c3787d4e6d9ba218865994ee1e0719, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b5:40:df:32:32:12:5e:6f:70:98:13:f6:a9:
                    76:19:ac:dc:31:47:47:0d:84:d7:85:11:bf:52:b3:
                    86:4c:f7:1b:3a:c2:43:29:47:10:77:f6:8a:43:04:
                    a4:12:20:71:99:e2:de:49:ff:7e:c9:c0:c0:f6:40:
                    85:17:a9:a0:9b:45:1e:fb:60:72:28:83:f2:25:79:
                    39:a0:ad:a2:f7:3b:59:b2:89:ff:09:04:26:a8:05:
                    af:bd:ba:36:c2:74:b7:84:ab:26:27:81:81:f9:f5:
                    a9:dc:14:f6:f6:8d:64:ee:8e:8c:e9:38:66:fc:5e:
                    2d:e1:4d:63:fc:22:be:09:9e:77:36:d8:95:8a:f8:
                    31:76:f2:1d:db:8b:2c:5b:a7:97:7f:25:9a:3a:d7:
                    e3:19:22:c9:9d:07:8c:74:e9:3b:df:6d:ec:ed:53:
                    5e:4b:fb:d1:74:fd:e9:48:a6:6d:04:ff:27:92:a1:
                    27:95:c1:ce:83:d5:43:22:de:e0:38:fd:fe:1c:7d:
                    48:9a:e5:5e:2c:2a:c8:5f:95:11:06:d5:fc:b7:61:
                    58:36:28:78:bc:25:6c:c0:69:5f:33:89:c9:07:25:
                    96:01:c2:b2:86:f4:f7:68:b8:db:00:93:25:1b:c8:
                    14:8c:b5:49:9f:6b:a4:27:2d:f7:93:d3:cc:1e:00:
                    7c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:07:7E:6C:51:DA:BE:46:8B:9D:59:07:CD:76:B2:FC:F1:43:74:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e96bbb8e-db86-4398-a60a-ddece0b4a061.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:42:56:d7:a2:7d:5e:55:d0:c3:7e:fd:48:04:e8:20:e6:84:
         fc:3c:c9:db:33:f4:61:26:e8:d0:27:f8:85:cc:e7:c7:6c:24:
         a3:5b:be:09:9c:3b:d0:17:a9:c3:02:04:9e:9a:c3:a2:94:f5:
         36:37:fa:93:f1:eb:76:26:c8:11:20:47:c8:c6:8d:69:e0:d4:
         ca:0b:bd:36:c4:ed:27:94:45:d4:f9:6d:47:7e:e3:3c:0c:3d:
         02:86:4d:da:2c:75:da:75:af:7c:0c:b5:67:01:d4:25:bc:1f:
         ba:dc:44:33:bd:fd:e6:cd:42:f4:2c:1d:be:bd:f0:5e:fe:95:
         d2:6e:93:84:97:37:69:27:4d:67:7b:38:69:a4:84:30:25:33:
         8e:b4:f1:a9:d8:2c:c6:c8:c9:5d:bd:90:99:c2:1b:38:18:64:
         ea:24:ee:b4:9c:44:28:a4:ce:0f:c6:da:00:0a:6f:b1:e2:9a:
         3b:e7:c7:40:27:5e:4e:ff:18:50:b5:71:d5:b7:f1:45:ad:2b:
         68:bf:ee:73:60:2c:1b:11:49:fc:85:75:5f:07:53:9b:45:00:
         4c:ed:1d:92:ff:05:3a:24:c8:ab:36:31:79:f4:f5:ee:e5:dd:
         6c:71:50:d7:d5:37:38:aa:7c:60:1e:21:f0:3a:76:a1:d5:15:
         4c:4f:c9:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUIS9ND/T3LqyZbXwT7+NuBA9yuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNWIzZDQzZDVjMjQxMmYyMzE2OWFiZGQ1ZjAyYTY3YTYy
YzM3ODdkNGU2ZDliYTIxODg2NTk5NGVlMWUwNzE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRtUDfMjISXm9wmBP2qXYZrNwxR0cNhNeFEb9Ss4ZM9xs6
wkMpRxB39opDBKQSIHGZ4t5J/37JwMD2QIUXqaCbRR77YHIog/IleTmgraL3O1my
if8JBCaoBa+9ujbCdLeEqyYngYH59ancFPb2jWTujozpOGb8Xi3hTWP8Ir4Jnnc2
2JWK+DF28h3biyxbp5d/JZo61+MZIsmdB4x06TvfbeztU15L+9F0/elIpm0E/yeS
oSeVwc6D1UMi3uA4/f4cfUia5V4sKshflREG1fy3YVg2KHi8JWzAaV8zickHJZYB
wrKG9PdouNsAkyUbyBSMtUmfa6QnLfeT08weAHwRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTQd+bFHavkaLnVkHzXay/PFDdH0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U5NmJiYjhlLWRiODYtNDM5OC1hNjBhLWRkZWNlMGI0YTA2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXFkkwDQYJKoZIhvcNAQELBQADggEBAE9CVteifV5V0MN+/UgE6CDmhPw8
ydsz9GEm6NAn+IXM58dsJKNbvgmcO9AXqcMCBJ6aw6KU9TY3+pPx63YmyBEgR8jG
jWng1MoLvTbE7SeURdT5bUd+4zwMPQKGTdosddp1r3wMtWcB1CW8H7rcRDO9/ebN
QvQsHb698F7+ldJuk4SXN2knTWd7OGmkhDAlM4608anYLMbIyV29kJnCGzgYZOok
7rScRCikzg/G2gAKb7Himjvnx0AnXk7/GFC1cdW38UWtK2i/7nNgLBsRSfyFdV8H
U5tFAEztHZL/BTokyKs2MXn09e7l3WxxUNfVNziqfGAeIfA6dqHVFUxPyXs=
-----END CERTIFICATE-----