Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d46d09f-7329-4d64-85b2-cda5bb3b5a17.roa
File:                     8d46d09f-7329-4d64-85b2-cda5bb3b5a17.roa (raw, json)
Hash identifier:          sUTsGA2AWhDIjWWHfKhNZRBPxhtmAYkZuQ0w5fIQoS0=
Subject key identifier:   CE:D3:29:19:4F:78:16:C7:8C:5B:9C:33:E9:00:B0:5B:23:BE:F7:F4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       50569AB3596B58CC38F1135DC7C7BB6B617491D2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d46d09f-7329-4d64-85b2-cda5bb3b5a17.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.152.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:56:9a:b3:59:6b:58:cc:38:f1:13:5d:c7:c7:bb:6b:61:74:91:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=6c08fb13c8b396667e8a30a62866d609d800395f038ff35b51c29f330e7ef1c3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ff:35:8b:0e:42:a7:2f:fd:81:1b:fd:2a:23:
                    36:6a:be:d3:49:b8:aa:0d:c9:2f:17:2c:25:6a:06:
                    0b:a2:71:62:91:a7:d0:c6:75:62:28:0e:82:77:09:
                    55:2a:c9:a1:38:29:f7:96:2e:6b:77:5b:40:ef:06:
                    05:f7:36:3f:19:ee:1a:a3:60:c3:fe:91:88:00:a0:
                    bf:57:fe:16:67:02:45:f4:2f:2a:21:9d:c3:55:64:
                    94:cc:6a:b7:0b:e8:9a:1c:13:fc:53:a1:a8:a1:42:
                    0d:cf:ed:55:ef:a4:f9:6b:0b:7a:c7:40:e0:b2:1e:
                    5b:f4:73:28:70:3c:a3:fc:e2:68:13:42:c5:47:ae:
                    a2:21:42:bb:ce:b9:8f:84:78:b7:29:24:a0:7a:ef:
                    5b:98:c8:80:26:29:21:d1:97:4b:e5:3f:f0:4b:eb:
                    e6:96:86:39:e4:23:b3:67:30:a4:6f:34:d7:f3:77:
                    e6:97:60:4f:63:c0:c7:67:f5:2d:6e:73:c3:16:39:
                    74:6d:f3:86:5e:5d:0b:48:7f:7c:24:1b:4e:02:f5:
                    e0:21:f7:20:88:4d:20:e2:af:ed:72:ea:0d:c2:b4:
                    29:04:fb:e5:01:2d:2d:0d:6c:a9:76:bb:0c:65:19:
                    2d:48:a2:87:68:ed:33:c1:a9:14:dd:f0:f7:11:41:
                    f1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D3:29:19:4F:78:16:C7:8C:5B:9C:33:E9:00:B0:5B:23:BE:F7:F4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d46d09f-7329-4d64-85b2-cda5bb3b5a17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.152.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:17:98:c6:d6:ae:2e:52:bd:b4:b4:39:15:25:0e:85:e9:55:
         c6:a5:a0:73:aa:0e:53:b2:73:63:00:06:2c:d5:d8:e9:74:53:
         59:50:00:ce:f0:63:8c:ed:1d:67:b1:ce:ce:a3:04:23:30:61:
         f7:97:cd:2e:e4:bd:0c:12:4b:f6:22:6c:8f:9a:b4:23:e2:b5:
         66:68:a0:6b:6b:30:cd:13:cd:0e:99:6f:73:96:11:99:ff:92:
         2f:b6:51:a2:12:6c:7f:22:19:05:cb:b7:28:b6:44:27:fb:ef:
         5a:1f:91:f9:29:dc:e7:ab:a2:d4:ac:c5:0d:a0:86:42:78:19:
         af:ee:a5:06:73:7a:70:74:30:a6:81:0a:7e:41:3b:03:8c:ec:
         8a:df:df:b9:d5:08:97:fb:9e:06:fb:b6:63:4f:1d:bb:fb:65:
         79:c2:36:33:27:a7:8e:ff:7c:fb:f9:29:75:60:ce:45:83:1f:
         5e:48:5b:1d:c1:c1:27:04:65:6a:b1:72:b1:fe:b1:b7:b5:3b:
         2d:a5:94:c1:2d:db:2b:7c:cd:40:79:18:cd:24:9c:a0:80:4c:
         42:00:e9:dc:66:4e:02:65:e6:7b:86:df:32:98:96:fc:cd:8d:
         79:4b:da:b9:c9:49:2d:ac:7b:9f:95:8a:c2:ac:b7:47:6a:fd:
         e2:74:02:43
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUFaas1lrWMw48RNdx8e7a2F0kdIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzA4ZmIxM2M4YjM5NjY2N2U4YTMwYTYyODY2ZDYwOWQ4
MDAzOTVmMDM4ZmYzNWI1MWMyOWYzMzBlN2VmMWMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCW/zWLDkKnL/2BG/0qIzZqvtNJuKoNyS8XLCVqBguicWKR
p9DGdWIoDoJ3CVUqyaE4KfeWLmt3W0DvBgX3Nj8Z7hqjYMP+kYgAoL9X/hZnAkX0
LyohncNVZJTMarcL6JocE/xToaihQg3P7VXvpPlrC3rHQOCyHlv0cyhwPKP84mgT
QsVHrqIhQrvOuY+EeLcpJKB671uYyIAmKSHRl0vlP/BL6+aWhjnkI7NnMKRvNNfz
d+aXYE9jwMdn9S1uc8MWOXRt84ZeXQtIf3wkG04C9eAh9yCITSDir+1y6g3CtCkE
++UBLS0NbKl2uwxlGS1Ioodo7TPBqRTd8PcRQfE1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUztMpGU94FseMW5wz6QCwWyO+9/QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkNDZkMDlmLTczMjktNGQ2NC04NWIyLWNkYTViYjNiNWExNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASmDANBgkqhkiG9w0BAQsFAAOCAQEAiBeYxtauLlK9tLQ5FSUOhelVxqWg
c6oOU7JzYwAGLNXY6XRTWVAAzvBjjO0dZ7HOzqMEIzBh95fNLuS9DBJL9iJsj5q0
I+K1Zmiga2swzRPNDplvc5YRmf+SL7ZRohJsfyIZBcu3KLZEJ/vvWh+R+Snc56ui
1KzFDaCGQngZr+6lBnN6cHQwpoEKfkE7A4zsit/fudUIl/ueBvu2Y08du/tlecI2
Myenjv98+/kpdWDORYMfXkhbHcHBJwRlarFysf6xt7U7LaWUwS3bK3zNQHkYzSSc
oIBMQgDp3GZOAmXme4bfMpiW/M2NeUvauclJLax7n5WKwqy3R2r94nQCQw==
-----END CERTIFICATE-----