Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/892ae50d-c045-4187-ab27-2692064604e7.roa
File:                     892ae50d-c045-4187-ab27-2692064604e7.roa (raw, json)
Hash identifier:          fHyCG6n6ociOdL4BqoeYUUKCr5rr0Bfp7CXv1iUEGaE=
Subject key identifier:   5C:F7:BE:E1:63:20:03:CC:FF:08:25:B4:29:05:A5:1E:D2:CC:92:47
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0CD74158DBE759B4E9FDBF38190F3D5CE4DC6099
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/892ae50d-c045-4187-ab27-2692064604e7.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.177.0.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d7:41:58:db:e7:59:b4:e9:fd:bf:38:19:0f:3d:5c:e4:dc:60:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=fbedcbb99d3d0e82482a6a28d625030f67d17f51d8fe8d5b4192a29abc65a9dc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8e:3a:86:e2:39:eb:66:1e:54:dc:82:f3:d4:
                    df:89:53:1c:6e:ac:35:76:94:68:28:9b:cd:3b:df:
                    cc:12:46:bb:52:6e:f4:5d:4e:20:f4:bb:44:cb:f5:
                    e8:ce:e5:72:2c:41:dd:84:05:37:f3:ea:79:19:11:
                    0f:eb:d6:85:26:fe:2a:c0:36:f5:f6:58:af:7a:f1:
                    25:44:93:09:bb:c5:77:7d:31:10:60:96:d2:9f:fc:
                    39:84:c1:bc:33:4d:58:1c:53:84:02:75:6f:4d:8e:
                    00:c9:d9:6e:c1:eb:29:7e:6a:8a:6d:df:ff:51:05:
                    d3:7d:0c:5c:b9:9b:22:d2:f7:5d:92:ce:84:22:e3:
                    71:d1:dd:1f:9b:68:12:ea:05:b7:fc:f6:ec:9a:c3:
                    7b:f0:96:c4:a6:14:bc:2b:61:c4:39:2a:40:79:70:
                    43:13:24:34:d5:92:f7:5a:5a:10:40:e5:ed:22:ea:
                    17:bd:da:96:11:d9:2f:4e:f8:22:bd:cf:10:6d:82:
                    5d:7a:a3:e5:2b:5c:54:54:a2:cb:26:15:7a:d8:76:
                    4a:d4:fd:3a:36:ca:d6:ff:52:e3:53:cf:4d:ce:21:
                    7c:00:55:b7:fa:46:54:54:0f:29:4e:1d:b6:73:cf:
                    fc:75:4c:ea:14:d9:dd:f2:e6:45:2d:1d:6a:04:a4:
                    66:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F7:BE:E1:63:20:03:CC:FF:08:25:B4:29:05:A5:1E:D2:CC:92:47
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/892ae50d-c045-4187-ab27-2692064604e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:b8:fb:97:1e:8b:03:2a:13:5b:7a:51:9b:eb:f7:e6:71:f6:
         87:cf:7a:5b:cf:50:c1:de:c2:4e:4b:6b:07:5d:db:41:bc:be:
         ea:8a:01:58:55:d0:c9:69:ff:95:4f:4b:b7:df:30:80:28:1d:
         35:97:62:0e:0e:1b:eb:f9:de:9d:ec:11:75:29:84:60:e9:2c:
         ef:c3:65:51:b1:22:b9:7d:d5:66:3f:b9:8b:5d:27:81:a3:50:
         ec:31:29:a8:52:56:f7:d9:86:81:ed:53:15:98:81:2d:c1:c2:
         31:c4:ea:d5:6b:f3:63:28:3e:cf:e2:17:f1:5f:05:c4:87:41:
         6a:08:04:07:fa:bb:cc:8f:ff:a7:54:f8:ec:1d:bd:1e:00:b7:
         59:8f:2f:8a:fb:2e:ad:08:15:e2:b6:10:4d:ce:18:31:9b:35:
         73:07:c9:d6:2a:69:52:de:4c:e2:c7:0e:fd:1e:92:a6:52:ef:
         fc:1c:8f:d8:3b:76:d8:dc:84:2f:cb:97:3c:e2:2b:3c:36:56:
         33:cb:ab:af:d0:fa:5a:74:83:c8:55:df:78:90:df:4f:80:c1:
         a3:51:15:77:26:a0:62:19:c4:26:9d:b6:c3:df:e2:d2:8e:a0:
         43:fc:07:92:36:49:ce:32:1e:82:42:80:26:18:2b:5a:bb:b4:
         ba:cd:28:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDNdBWNvnWbTp/b84GQ89XOTcYJkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmVkY2JiOTlkM2QwZTgyNDgyYTZhMjhkNjI1MDMwZjY3
ZDE3ZjUxZDhmZThkNWI0MTkyYTI5YWJjNjVhOWRjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3jjqG4jnrZh5U3ILz1N+JUxxurDV2lGgom80738wSRrtS
bvRdTiD0u0TL9ejO5XIsQd2EBTfz6nkZEQ/r1oUm/irANvX2WK968SVEkwm7xXd9
MRBgltKf/DmEwbwzTVgcU4QCdW9NjgDJ2W7B6yl+aopt3/9RBdN9DFy5myLS912S
zoQi43HR3R+baBLqBbf89uyaw3vwlsSmFLwrYcQ5KkB5cEMTJDTVkvdaWhBA5e0i
6he92pYR2S9O+CK9zxBtgl16o+UrXFRUossmFXrYdkrU/To2ytb/UuNTz03OIXwA
Vbf6RlRUDylOHbZzz/x1TOoU2d3y5kUtHWoEpGb7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXPe+4WMgA8z/CCW0KQWlHtLMkkcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg5MmFlNTBkLWMwNDUtNDE4Ny1hYjI3LTI2OTIwNjQ2MDRlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMPsQAwDQYJKoZIhvcNAQELBQADggEBACq4+5ceiwMqE1t6UZvr9+Zx9ofP
elvPUMHewk5Lawdd20G8vuqKAVhV0Mlp/5VPS7ffMIAoHTWXYg4OG+v53p3sEXUp
hGDpLO/DZVGxIrl91WY/uYtdJ4GjUOwxKahSVvfZhoHtUxWYgS3BwjHE6tVr82Mo
Ps/iF/FfBcSHQWoIBAf6u8yP/6dU+OwdvR4At1mPL4r7Lq0IFeK2EE3OGDGbNXMH
ydYqaVLeTOLHDv0ekqZS7/wcj9g7dtjchC/LlzziKzw2VjPLq6/Q+lp0g8hV33iQ
30+AwaNRFXcmoGIZxCadtsPf4tKOoEP8B5I2Sc4yHoJCgCYYK1q7tLrNKJQ=
-----END CERTIFICATE-----