Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa
File:                     b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa (raw, json)
Hash identifier:          6xh0w/GYngL0nuLvjDdwcOd5zyl2HzHwdi+tVXVDaxg=
Subject key identifier:   4E:1D:9B:20:B8:7A:44:A0:20:97:6D:E1:8E:A1:15:F0:03:BF:F5:13
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       5D5CFEDD7A9E14F659DE51D0CED33036732A34B5
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.224.144.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:5c:fe:dd:7a:9e:14:f6:59:de:51:d0:ce:d3:30:36:73:2a:34:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=404eeb8a18c9ab3cfa4dace0fd4bdc8fe53bf02fe6bdac68e3cc8a8dc64e5d6f, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:83:74:63:34:fc:1f:7b:53:32:e8:09:ee:c9:
                    6b:7c:19:ac:13:fd:9e:6a:32:0f:2c:d3:53:63:46:
                    48:55:fc:c9:0a:6a:0b:c0:02:7b:e7:c4:36:ec:e4:
                    f8:ee:00:78:45:b2:2f:96:03:d6:67:96:30:24:94:
                    ea:a3:a9:bb:e7:55:7d:71:1b:9e:40:1d:1b:15:f1:
                    0e:eb:a4:98:4d:09:89:4d:00:ba:b6:3e:31:08:ef:
                    5d:a0:30:90:d5:18:51:38:e4:ba:87:f2:06:09:3c:
                    6f:51:70:1c:20:b2:1f:e5:c1:aa:82:cb:a6:e1:e5:
                    97:12:bc:86:29:23:f7:5e:f3:93:1d:8c:87:3e:99:
                    ce:26:1b:39:dc:aa:d4:68:3c:07:b4:7a:a5:4b:54:
                    69:2f:32:37:0c:ad:c7:42:05:3e:fe:86:33:2c:ea:
                    92:d7:e5:49:0d:43:f8:21:9f:ee:b6:7f:c9:d9:9d:
                    b9:a7:0b:7a:d8:ec:86:c6:d3:e9:35:77:a5:47:4d:
                    90:f4:ea:8e:ac:16:a9:a1:c2:90:18:0c:20:a0:d9:
                    de:f5:54:38:d4:cc:a7:89:e3:df:ba:51:e0:b7:35:
                    c7:a8:25:04:04:ca:84:91:c4:75:d2:a5:12:9f:d2:
                    30:4c:d4:27:40:bb:fe:8b:43:a6:f9:6f:39:af:62:
                    f5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:1D:9B:20:B8:7A:44:A0:20:97:6D:E1:8E:A1:15:F0:03:BF:F5:13
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.224.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:56:92:8d:84:b7:53:ff:3b:d8:22:64:cb:cc:b5:b1:19:9b:
         2c:83:af:ea:75:8f:58:06:1a:46:de:d5:6b:db:35:18:d1:c8:
         d8:f2:0a:9a:71:5a:2a:63:bd:c4:4e:7c:66:1e:bd:dd:95:ef:
         e2:88:cf:41:2c:32:cd:44:96:1c:91:f6:2d:79:2c:12:d1:9b:
         7d:04:d8:97:68:03:a5:c5:d2:89:62:f3:5b:44:c9:59:4f:20:
         c9:33:46:40:6d:c8:85:bc:7c:5a:9b:16:72:5e:89:5b:41:68:
         6a:17:ae:57:30:da:8d:66:c9:5c:b6:37:f3:75:ce:de:d8:51:
         a3:cc:ac:da:5c:b5:20:0a:d6:50:a4:b2:23:a5:69:a3:a4:f0:
         2b:f9:9a:63:46:6f:3c:d7:2e:25:a6:bb:fa:35:45:ef:a7:9e:
         89:9f:32:5a:bd:59:fc:67:ed:6c:08:7a:a0:fc:7d:b3:e0:81:
         ab:ab:7b:0b:38:09:f2:bf:2b:64:f3:2e:eb:51:57:08:44:ce:
         83:57:eb:73:7e:52:99:f0:8a:2f:43:9f:e4:5e:a6:fa:86:52:
         10:52:47:2b:12:eb:71:c4:b7:eb:3c:84:f4:b6:8d:bd:ff:7a:
         9e:d1:a6:80:20:06:25:eb:39:88:d5:48:ed:d2:97:19:ab:9b:
         53:db:10:96
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUXVz+3XqeFPZZ3lHQztMwNnMqNLUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDEyMTAwMDAwMFoX
DTI1MDIyNTIzNTk1OVowejFJMEcGA1UEBRNANDA0ZWViOGExOGM5YWIzY2ZhNGRh
Y2UwZmQ0YmRjOGZlNTNiZjAyZmU2YmRhYzY4ZTNjYzhhOGRjNjRlNWQ2ZjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoN0YzT8H3tTMugJ7slrfBmsE/2e
ajIPLNNTY0ZIVfzJCmoLwAJ758Q27OT47gB4RbIvlgPWZ5YwJJTqo6m751V9cRue
QB0bFfEO66SYTQmJTQC6tj4xCO9doDCQ1RhROOS6h/IGCTxvUXAcILIf5cGqgsum
4eWXEryGKSP3XvOTHYyHPpnOJhs53KrUaDwHtHqlS1RpLzI3DK3HQgU+/oYzLOqS
1+VJDUP4IZ/utn/J2Z25pwt62OyGxtPpNXelR02Q9OqOrBapocKQGAwgoNne9VQ4
1MyniePfulHgtzXHqCUEBMqEkcR10qUSn9IwTNQnQLv+i0Om+W85r2L1fQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFE4dmyC4ekSgIJdt4Y6hFfADv/UTMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2IwYzM4ZjAzLTNjZWQtNDg0ZS1hYTViLTdiMDZmMTI1YWQ3NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK+CQMA0GCSqGSIb3DQEBCwUAA4IBAQCUVpKNhLdT/zvYImTLzLWx
GZssg6/qdY9YBhpG3tVr2zUY0cjY8gqacVoqY73ETnxmHr3dle/iiM9BLDLNRJYc
kfYteSwS0Zt9BNiXaAOlxdKJYvNbRMlZTyDJM0ZAbciFvHxamxZyXolbQWhqF65X
MNqNZslctjfzdc7e2FGjzKzaXLUgCtZQpLIjpWmjpPAr+ZpjRm881y4lprv6NUXv
p56JnzJavVn8Z+1sCHqg/H2z4IGrq3sLOAnyvytk8y7rUVcIRM6DV+tzflKZ8Iov
Q5/kXqb6hlIQUkcrEutxxLfrPIT0to29/3qe0aaAIAYl6zmI1Ujt0pcZq5tT2xCW
-----END CERTIFICATE-----