Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/920c2679-a607-4621-8630-24d2e4985cab.roa
File:                     920c2679-a607-4621-8630-24d2e4985cab.roa (raw, json)
Hash identifier:          Ib1mhI/Eps2PaMP4XpxxBfMZ77r6CPBFau9jjDbWSJQ=
Subject key identifier:   00:3C:82:22:28:17:FB:AC:0C:39:E2:F8:06:71:9F:3F:1C:9A:00:AD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       111920BCFC15BFD19A454B224672248E211ECEFA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/920c2679-a607-4621-8630-24d2e4985cab.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.248.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:19:20:bc:fc:15:bf:d1:9a:45:4b:22:46:72:24:8e:21:1e:ce:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=bcb430d160e74d14475de221bc31bc701d76877aaaa111bb9f9218762f6dc216, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:30:89:92:e9:bb:ef:8c:ba:9d:b0:04:10:21:
                    2d:39:34:1f:31:7d:d5:db:e7:85:69:ad:da:0a:69:
                    e7:02:7f:34:2f:da:4e:9a:6c:5c:dd:6a:17:19:d1:
                    00:22:e7:0d:30:dd:c1:fd:88:d1:47:10:03:c0:4b:
                    b9:cc:31:6a:89:bb:46:61:03:10:f0:9a:00:98:43:
                    d8:7e:27:e4:be:c4:bc:24:b7:c0:23:07:45:1e:d2:
                    76:3a:6f:6c:8a:e5:2d:42:cc:6f:3a:a2:99:0f:92:
                    32:77:f9:ca:41:3d:27:55:b1:a8:8b:46:b0:ee:f1:
                    ad:d4:e0:08:09:14:f4:8a:52:52:db:84:e6:b3:02:
                    64:a8:10:e6:b5:3c:94:b5:68:33:bd:07:cd:0f:b2:
                    32:81:f9:1f:32:5b:6e:81:9e:92:09:02:ba:50:da:
                    27:ee:87:56:ec:ec:26:75:75:c4:a6:a8:4b:ed:65:
                    4d:05:d7:61:2e:55:ed:e4:af:f0:38:03:39:f2:17:
                    74:2f:fc:cf:ee:fa:e4:35:dd:d0:74:ad:03:80:47:
                    b9:46:a6:0b:f7:3b:15:26:1f:6f:b2:d1:02:e7:22:
                    ec:60:48:e9:db:65:c0:2a:07:6e:64:8b:d5:23:3d:
                    52:84:1f:77:96:25:ce:61:e8:4e:78:ea:0b:64:6d:
                    1f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3C:82:22:28:17:FB:AC:0C:39:E2:F8:06:71:9F:3F:1C:9A:00:AD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/920c2679-a607-4621-8630-24d2e4985cab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:f0:ec:e2:4c:7c:12:38:53:12:56:66:d7:5e:86:d4:62:51:
         00:87:d8:b0:72:85:5d:52:03:d2:04:8e:4e:4a:1e:62:0f:ab:
         09:0c:dc:49:ea:43:90:fa:67:5f:5f:56:56:cb:32:ce:2b:01:
         5d:8b:f9:f7:96:fe:fe:de:42:79:04:00:8d:51:42:2a:ea:7e:
         56:1a:68:ee:f4:b3:09:d9:4e:3d:e8:52:c0:2b:ca:be:a1:2d:
         96:bb:d2:e8:23:88:1f:90:18:91:59:38:46:46:57:18:50:74:
         7e:c4:13:45:a2:f0:02:a1:1f:c8:05:e2:aa:dc:41:cd:57:74:
         ee:c0:30:ec:b4:78:0b:35:30:02:ae:7f:90:95:f7:be:83:44:
         6a:87:c2:4a:71:c1:7c:73:47:bf:e2:84:b9:f3:93:43:44:e1:
         33:d2:81:9e:17:42:64:84:0b:fa:b6:6d:6d:96:96:7a:d7:82:
         b7:d1:e2:25:bf:87:5f:7a:bb:55:91:59:33:10:cd:6d:fe:d1:
         a5:fc:a0:b4:28:c5:14:27:b4:47:7b:59:4c:72:a1:ae:7d:85:
         39:fb:fb:c6:10:43:e3:66:9f:8d:3d:ba:86:37:39:51:15:46:
         7d:70:cd:66:f4:2d:45:e0:b6:6e:23:47:c8:2e:24:38:45:db:
         73:4d:9e:53
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUERkgvPwVv9GaRUsiRnIkjiEezvowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2I0MzBkMTYwZTc0ZDE0NDc1ZGUyMjFiYzMxYmM3MDFk
NzY4NzdhYWFhMTExYmI5ZjkyMTg3NjJmNmRjMjE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClMImS6bvvjLqdsAQQIS05NB8xfdXb54VprdoKaecCfzQv
2k6abFzdahcZ0QAi5w0w3cH9iNFHEAPAS7nMMWqJu0ZhAxDwmgCYQ9h+J+S+xLwk
t8AjB0Ue0nY6b2yK5S1CzG86opkPkjJ3+cpBPSdVsaiLRrDu8a3U4AgJFPSKUlLb
hOazAmSoEOa1PJS1aDO9B80PsjKB+R8yW26BnpIJArpQ2ifuh1bs7CZ1dcSmqEvt
ZU0F12EuVe3kr/A4AznyF3Qv/M/u+uQ13dB0rQOAR7lGpgv3OxUmH2+y0QLnIuxg
SOnbZcAqB25ki9UjPVKEH3eWJc5h6E546gtkbR/1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUADyCIigX+6wMOeL4BnGfPxyaAK0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkyMGMyNjc5LWE2MDctNDYyMS04NjMwLTI0ZDJlNDk4NWNhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP+DANBgkqhkiG9w0BAQsFAAOCAQEAiPDs4kx8EjhTElZm116G1GJRAIfY
sHKFXVID0gSOTkoeYg+rCQzcSepDkPpnX19WVssyzisBXYv595b+/t5CeQQAjVFC
Kup+Vhpo7vSzCdlOPehSwCvKvqEtlrvS6COIH5AYkVk4RkZXGFB0fsQTRaLwAqEf
yAXiqtxBzVd07sAw7LR4CzUwAq5/kJX3voNEaofCSnHBfHNHv+KEufOTQ0ThM9KB
nhdCZIQL+rZtbZaWeteCt9HiJb+HX3q7VZFZMxDNbf7RpfygtCjFFCe0R3tZTHKh
rn2FOfv7xhBD42afjT26hjc5URVGfXDNZvQtReC2biNHyC4kOEXbc02eUw==
-----END CERTIFICATE-----