Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0988921d-8e8c-4a3b-9478-bec13d39db10.roa
File:                     0988921d-8e8c-4a3b-9478-bec13d39db10.roa (raw, json)
Hash identifier:          Zh6Lh+LvAvoC1VORTmyfj6V2AISYh4Z2R0ITuGsH80w=
Subject key identifier:   BA:72:5B:61:36:E9:42:0B:20:C2:4B:75:1A:8F:C5:3D:E7:55:14:B0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       115DCFBCAEAB8CFB4FE101DC3E399DD2E98A0E39
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0988921d-8e8c-4a3b-9478-bec13d39db10.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.56.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:5d:cf:bc:ae:ab:8c:fb:4f:e1:01:dc:3e:39:9d:d2:e9:8a:0e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=ba30d736264a2cb8cc7bf4ff06b40b156ab45a38bda6b15605e14ee0250eda75, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dd:69:3e:7e:f8:93:c9:dd:db:d5:4d:05:65:
                    e5:58:86:a4:5c:46:55:ab:bb:31:0b:76:2c:3f:10:
                    2d:35:e2:91:41:79:98:a7:1d:b5:af:8b:3a:7d:5d:
                    71:70:6a:d9:df:49:b9:15:33:47:ab:55:4c:cc:62:
                    e3:c6:2b:a7:f8:0b:83:55:d8:5c:c1:1a:10:40:97:
                    6c:f4:e4:0f:32:de:dd:ac:4c:df:5a:e4:6b:21:2c:
                    c9:be:a0:b5:94:bf:a1:d8:df:3d:0f:ae:78:e4:92:
                    3a:fa:69:c2:84:07:43:0c:23:e8:8a:4a:06:d0:76:
                    9a:61:9c:7c:f3:d0:11:9e:32:97:49:4e:b8:5f:ce:
                    5d:1a:b3:cc:80:aa:20:63:4f:e3:c3:6d:3e:a4:f6:
                    8e:59:23:ef:7e:41:a7:f8:ef:b0:bb:f1:5d:4d:fa:
                    86:18:b8:bb:cc:be:96:0d:ff:dd:a6:36:51:8b:03:
                    af:60:b1:8a:6b:09:ca:64:ee:9e:c6:99:9f:42:2e:
                    9c:9c:f3:50:ef:76:e0:22:be:7c:cd:1a:90:bd:81:
                    f0:af:3a:4e:a7:8b:9e:40:e2:75:93:1b:14:17:5c:
                    fa:63:5c:80:d5:73:ea:73:3d:fc:90:13:1b:13:69:
                    6a:a8:3c:2f:62:b6:bc:a3:75:7a:7f:e6:ed:20:0f:
                    57:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:72:5B:61:36:E9:42:0B:20:C2:4B:75:1A:8F:C5:3D:E7:55:14:B0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0988921d-8e8c-4a3b-9478-bec13d39db10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.56.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ab:c1:40:bf:8c:2c:07:de:88:d9:f2:04:86:f6:cb:bf:d3:92:
         5a:09:d0:6f:95:11:10:17:36:02:60:ab:3b:25:66:1b:a2:25:
         51:49:ca:06:16:22:a4:c8:a9:33:05:3f:24:cc:7b:6f:33:a4:
         d4:88:42:c0:41:79:c1:6b:3c:93:7a:7c:f3:b8:17:dd:a7:ba:
         4c:f7:a1:70:23:32:bb:db:af:8d:1a:c6:2c:45:bb:a9:b0:6a:
         71:a7:b9:ad:2b:f4:73:2e:b8:90:7d:b5:4e:da:b0:fe:ca:06:
         1b:e0:66:00:f1:89:56:83:88:38:b8:3b:28:c5:e6:ee:69:5e:
         33:87:14:a2:28:c8:b6:f1:ac:67:57:25:a3:81:2a:3c:fa:0b:
         54:d8:a9:2c:21:5b:f5:cc:79:a4:96:38:b5:ec:4d:ce:57:92:
         e8:ef:25:f4:11:06:28:3c:d1:c5:87:73:b6:7d:1c:38:d1:48:
         d7:25:34:75:34:e6:c5:50:18:29:60:81:8d:18:b2:4c:c7:2b:
         d7:e6:b8:3a:24:85:c0:80:81:21:b6:76:72:9f:fa:1b:fb:af:
         a4:f9:71:f7:cd:5b:a6:1c:e9:36:ce:77:54:b1:f0:c2:79:2c:
         25:94:cb:1c:33:12:a6:37:65:5b:fd:f1:f2:bd:99:4c:87:74:
         f6:29:54:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEV3PvK6rjPtP4QHcPjmd0umKDjkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYTMwZDczNjI2NGEyY2I4Y2M3YmY0ZmYwNmI0MGIxNTZh
YjQ1YTM4YmRhNmIxNTYwNWUxNGVlMDI1MGVkYTc1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC73Wk+fviTyd3b1U0FZeVYhqRcRlWruzELdiw/EC014pFB
eZinHbWvizp9XXFwatnfSbkVM0erVUzMYuPGK6f4C4NV2FzBGhBAl2z05A8y3t2s
TN9a5GshLMm+oLWUv6HY3z0Prnjkkjr6acKEB0MMI+iKSgbQdpphnHzz0BGeMpdJ
Trhfzl0as8yAqiBjT+PDbT6k9o5ZI+9+Qaf477C78V1N+oYYuLvMvpYN/92mNlGL
A69gsYprCcpk7p7GmZ9CLpyc81DvduAivnzNGpC9gfCvOk6ni55A4nWTGxQXXPpj
XIDVc+pzPfyQExsTaWqoPC9itryjdXp/5u0gD1fxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUunJbYTbpQgsgwkt1Go/FPedVFLAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5ODg5MjFkLThlOGMtNGEzYi05NDc4LWJlYzEzZDM5ZGIxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY0OEAwDQYJKoZIhvcNAQELBQADggEBAKvBQL+MLAfeiNnyBIb2y7/TkloJ
0G+VERAXNgJgqzslZhuiJVFJygYWIqTIqTMFPyTMe28zpNSIQsBBecFrPJN6fPO4
F92nukz3oXAjMrvbr40axixFu6mwanGnua0r9HMuuJB9tU7asP7KBhvgZgDxiVaD
iDi4OyjF5u5pXjOHFKIoyLbxrGdXJaOBKjz6C1TYqSwhW/XMeaSWOLXsTc5Xkujv
JfQRBig80cWHc7Z9HDjRSNclNHU05sVQGClggY0YskzHK9fmuDokhcCAgSG2dnKf
+hv7r6T5cffNW6Yc6TbOd1Sx8MJ5LCWUyxwzEqY3ZVv98fK9mUyHdPYpVKg=
-----END CERTIFICATE-----