Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48723177-93f8-4058-b652-44945f852ecd.roa
File:                     48723177-93f8-4058-b652-44945f852ecd.roa (raw, json)
Hash identifier:          BIIj2d7G8WfcTiGNMTT2o8ab2ou3zmXaMun7cQelH98=
Subject key identifier:   59:4B:BF:16:87:F9:57:30:9D:84:AB:53:DD:70:F6:6B:F9:4C:6F:C7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4C74678A7C8B8ECA8197730DF5D06FB58AC3D10B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48723177-93f8-4058-b652-44945f852ecd.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.34.232.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:74:67:8a:7c:8b:8e:ca:81:97:73:0d:f5:d0:6f:b5:8a:c3:d1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=b3945d7f308d2a9c4166e022fb6812e50315b1f6ae9ca55875777300eaedf4d8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8c:ca:ed:a0:e7:75:ae:0b:e1:78:3f:bc:e8:
                    6f:93:75:16:b7:53:4d:c4:25:b5:a1:99:35:87:c2:
                    ce:d3:f2:6e:aa:e0:df:e0:d5:2b:33:e7:19:b2:e3:
                    e5:ed:b6:d8:a4:f6:9a:f7:20:c0:3b:88:76:99:4f:
                    0e:37:34:6b:bb:f6:85:3c:54:b4:46:e4:27:68:3a:
                    a7:9b:fc:37:6a:99:99:de:db:cb:2c:a7:41:22:4a:
                    2a:9c:66:20:b2:5f:f0:76:78:18:3d:f0:cd:39:82:
                    a8:4c:d4:d7:ce:b4:07:5b:66:4c:ce:f5:77:ed:49:
                    f5:ce:85:4b:32:0d:3c:77:40:d0:7d:58:c7:b2:8c:
                    b5:28:c4:1a:36:aa:ac:aa:13:e1:15:4f:d6:19:82:
                    2f:17:25:66:f3:af:20:56:b5:8d:44:31:b1:f4:83:
                    ab:de:a7:97:44:b8:6f:83:0f:bc:dc:9c:61:26:dc:
                    b7:02:0b:92:aa:68:41:2d:3a:31:75:ac:a4:26:30:
                    80:db:c9:9a:1e:57:1c:3b:3c:2d:5e:7b:1e:b6:e2:
                    34:44:31:03:5e:ac:c1:3d:68:fd:b8:41:62:45:ca:
                    1f:c6:5d:bc:cc:c9:c3:71:c2:46:bc:40:9b:68:e4:
                    86:48:14:d8:48:c9:6a:2c:ba:b4:23:99:51:46:3b:
                    6d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4B:BF:16:87:F9:57:30:9D:84:AB:53:DD:70:F6:6B:F9:4C:6F:C7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48723177-93f8-4058-b652-44945f852ecd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.34.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6d:e0:f0:db:04:6f:a7:db:ee:f7:ae:61:33:6b:00:10:1e:8d:
         7c:4a:c6:eb:4b:3f:3b:4e:b5:be:88:ec:1d:b0:8d:9c:9c:a5:
         f5:4a:35:2d:cf:6e:11:3a:fd:35:e6:7c:c9:9e:37:5c:8d:c3:
         cc:37:42:76:a7:93:07:12:9d:6e:f8:b0:72:08:0f:47:18:17:
         f5:ea:a1:e8:e5:32:04:22:3f:af:58:a4:cb:04:4e:3c:55:63:
         3b:88:92:2c:22:a1:eb:25:36:4c:20:8a:c2:a6:14:6f:c1:a7:
         5f:f2:8b:03:90:6e:87:22:18:6d:53:77:1f:6d:8b:eb:f9:28:
         3b:3c:75:94:14:2d:bd:46:52:76:86:ff:34:d6:28:09:be:25:
         47:92:1a:3f:0c:11:ec:5a:95:25:9a:c6:66:cd:6d:6b:f3:0c:
         17:00:78:73:f7:e2:a0:c2:1e:1c:c7:3a:1d:c4:3f:e9:d3:74:
         c7:bd:6f:db:3e:71:3e:6d:27:ed:14:54:c3:70:47:62:a5:5d:
         f6:9e:c9:f7:06:80:d5:b4:43:56:9f:95:e8:06:6c:33:d1:82:
         b2:f3:00:ac:98:91:d5:91:75:b8:9f:a5:05:f4:6e:61:6f:61:
         f7:f4:25:19:a0:76:2f:0b:a6:19:b5:e4:85:10:c0:42:f4:d1:
         50:ef:19:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTHRninyLjsqBl3MN9dBvtYrD0QswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzk0NWQ3ZjMwOGQyYTljNDE2NmUwMjJmYjY4MTJlNTAz
MTViMWY2YWU5Y2E1NTg3NTc3NzMwMGVhZWRmNGQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbjMrtoOd1rgvheD+86G+TdRa3U03EJbWhmTWHws7T8m6q
4N/g1Ssz5xmy4+Xtttik9pr3IMA7iHaZTw43NGu79oU8VLRG5CdoOqeb/DdqmZne
28ssp0EiSiqcZiCyX/B2eBg98M05gqhM1NfOtAdbZkzO9XftSfXOhUsyDTx3QNB9
WMeyjLUoxBo2qqyqE+EVT9YZgi8XJWbzryBWtY1EMbH0g6vep5dEuG+DD7zcnGEm
3LcCC5KqaEEtOjF1rKQmMIDbyZoeVxw7PC1eex624jREMQNerME9aP24QWJFyh/G
XbzMycNxwka8QJto5IZIFNhIyWosurQjmVFGO20bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWUu/Fof5VzCdhKtT3XD2a/lMb8cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ4NzIzMTc3LTkzZjgtNDA1OC1iNjUyLTQ0OTQ1Zjg1MmVjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSIugwDQYJKoZIhvcNAQELBQADggEBAG3g8NsEb6fb7veuYTNrABAejXxK
xutLPztOtb6I7B2wjZycpfVKNS3PbhE6/TXmfMmeN1yNw8w3QnankwcSnW74sHII
D0cYF/XqoejlMgQiP69YpMsETjxVYzuIkiwioeslNkwgisKmFG/Bp1/yiwOQboci
GG1Tdx9ti+v5KDs8dZQULb1GUnaG/zTWKAm+JUeSGj8MEexalSWaxmbNbWvzDBcA
eHP34qDCHhzHOh3EP+nTdMe9b9s+cT5tJ+0UVMNwR2KlXfaeyfcGgNW0Q1aflegG
bDPRgrLzAKyYkdWRdbifpQX0bmFvYff0JRmgdi8Lphm15IUQwEL00VDvGWg=
-----END CERTIFICATE-----