Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68a01fd8-0772-45ba-b286-2938920c2e44.roa
File:                     68a01fd8-0772-45ba-b286-2938920c2e44.roa (raw, json)
Hash identifier:          tDyDR4e542FC+rPDFqlHnhOKZv/TOzc9m4cgkfApCBw=
Subject key identifier:   1A:11:2E:F1:8F:64:BC:99:8B:C1:A0:A1:B5:F1:83:0A:6B:17:22:8B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       519B07D13076551C6122FC537733AA2F3F2C858D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68a01fd8-0772-45ba-b286-2938920c2e44.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.241.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:9b:07:d1:30:76:55:1c:61:22:fc:53:77:33:aa:2f:3f:2c:85:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=f645ad1d30b3e7a5d7057eece3610d6842569cb4afa225e1e240afdd26f58ace, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1b:be:80:20:3b:2a:c7:44:22:07:58:07:2a:
                    2b:83:07:92:f8:ac:6c:07:54:45:e4:16:2a:bd:97:
                    b0:fb:5e:ba:6d:5f:c7:b8:20:9e:c7:a0:32:09:86:
                    3a:f1:7c:ba:c6:fb:68:56:30:cb:4a:ff:ee:b4:2c:
                    d7:49:a6:92:f4:2f:96:aa:a6:cb:a6:72:d2:dc:db:
                    fa:31:04:f9:4b:77:28:6a:ca:4a:14:fe:e1:f9:50:
                    22:38:77:db:73:e2:fb:21:81:4c:ab:6c:61:86:81:
                    eb:c7:6f:af:40:28:b4:d5:29:34:4d:1e:a3:56:d6:
                    46:b3:0a:5a:8d:db:38:d3:70:a7:e0:33:8a:70:1b:
                    cd:9e:ae:4f:32:5c:d5:f9:de:03:07:f0:f1:c5:82:
                    ef:ae:39:49:f9:ee:52:47:7b:d2:11:f6:1b:a9:ae:
                    12:5a:f2:c3:e7:95:46:a8:08:09:19:d0:bd:d1:90:
                    18:85:4b:75:ad:24:b7:06:20:fc:a9:d3:d2:a5:27:
                    26:a4:d8:10:e6:45:12:d7:d6:cc:2c:4f:65:17:ef:
                    85:bf:33:f2:6e:a2:ae:1f:94:83:b3:6d:cb:ae:46:
                    ae:e9:68:bb:f6:2f:b1:ac:db:31:d3:f4:90:49:b5:
                    25:1e:ea:01:88:39:59:aa:dc:dd:9b:57:49:c4:7c:
                    bf:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:11:2E:F1:8F:64:BC:99:8B:C1:A0:A1:B5:F1:83:0A:6B:17:22:8B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68a01fd8-0772-45ba-b286-2938920c2e44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:a4:68:25:72:1a:2a:c3:79:31:b5:bf:9b:d7:fc:bf:69:a3:
         9e:06:e0:8a:9f:1e:af:c7:c9:75:c9:2e:a0:78:d9:db:02:60:
         ec:df:a2:d2:0a:80:1b:22:1f:1f:52:3a:ea:51:d7:a2:6f:1f:
         e0:31:32:8c:d1:e4:6f:b1:6a:ef:26:b6:1f:94:b4:ea:5d:ff:
         68:a5:26:72:86:da:30:cd:88:8e:2a:7e:07:75:94:de:a1:eb:
         fb:4d:78:da:f9:71:60:48:80:e2:d9:3f:5d:6e:64:ec:b3:a8:
         15:9c:6c:1e:0b:8b:27:9e:97:19:a0:9f:e6:0a:2c:51:34:10:
         ab:f4:45:8f:3a:00:99:7e:d4:b1:b0:3a:2b:83:03:24:7b:ac:
         06:f8:f6:70:fb:8e:83:ea:14:d4:6a:dc:5b:93:db:e9:f5:c9:
         1b:f7:a1:88:29:11:5e:a1:1a:c9:73:95:f1:cf:92:5e:47:2a:
         61:a8:15:c1:10:1c:23:f2:da:71:4c:70:01:9f:52:5d:fe:52:
         d7:a6:8f:5e:4b:63:8a:d9:8c:3c:9b:02:7c:53:51:08:d8:10:
         4d:8d:00:a0:e4:ca:7e:e8:25:2f:a8:e9:f1:fd:ff:59:80:fc:
         3e:72:cf:dc:aa:10:3c:a4:67:ff:7b:96:ce:55:f1:61:b5:59:
         6a:47:d3:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUZsH0TB2VRxhIvxTdzOqLz8shY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNjQ1YWQxZDMwYjNlN2E1ZDcwNTdlZWNlMzYxMGQ2ODQy
NTY5Y2I0YWZhMjI1ZTFlMjQwYWZkZDI2ZjU4YWNlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMG76AIDsqx0QiB1gHKiuDB5L4rGwHVEXkFiq9l7D7Xrpt
X8e4IJ7HoDIJhjrxfLrG+2hWMMtK/+60LNdJppL0L5aqpsumctLc2/oxBPlLdyhq
ykoU/uH5UCI4d9tz4vshgUyrbGGGgevHb69AKLTVKTRNHqNW1kazClqN2zjTcKfg
M4pwG82erk8yXNX53gMH8PHFgu+uOUn57lJHe9IR9huprhJa8sPnlUaoCAkZ0L3R
kBiFS3WtJLcGIPyp09KlJyak2BDmRRLX1swsT2UX74W/M/Juoq4flIOzbcuuRq7p
aLv2L7Gs2zHT9JBJtSUe6gGIOVmq3N2bV0nEfL+zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGhEu8Y9kvJmLwaChtfGDCmsXIoswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4YTAxZmQ4LTA3NzItNDViYS1iMjg2LTI5Mzg5MjBjMmU0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X/EwDQYJKoZIhvcNAQELBQADggEBADqkaCVyGirDeTG1v5vX/L9po54G
4IqfHq/HyXXJLqB42dsCYOzfotIKgBsiHx9SOupR16JvH+AxMozR5G+xau8mth+U
tOpd/2ilJnKG2jDNiI4qfgd1lN6h6/tNeNr5cWBIgOLZP11uZOyzqBWcbB4Liyee
lxmgn+YKLFE0EKv0RY86AJl+1LGwOiuDAyR7rAb49nD7joPqFNRq3FuT2+n1yRv3
oYgpEV6hGslzlfHPkl5HKmGoFcEQHCPy2nFMcAGfUl3+Utemj15LY4rZjDybAnxT
UQjYEE2NAKDkyn7oJS+o6fH9/1mA/D5yz9yqEDykZ/97ls5V8WG1WWpH08I=
-----END CERTIFICATE-----