Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/eca36373-2c2b-4810-b0c5-c530f9afed33.roa
File:                     eca36373-2c2b-4810-b0c5-c530f9afed33.roa (raw, json)
Hash identifier:          BbYkRKxmZshaDipdpmLcJ1CN5DwDL41tUuUmG8AfaFI=
Subject key identifier:   00:E0:8C:36:32:15:13:85:18:D4:6F:A3:2B:CD:7E:C3:E4:D1:1F:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0E1DA13367D7C160BE9D3E9605EE4206F1DE6740
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/eca36373-2c2b-4810-b0c5-c530f9afed33.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.177.88.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:1d:a1:33:67:d7:c1:60:be:9d:3e:96:05:ee:42:06:f1:de:67:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=dc93c5d40529de160b7081189849d8d6f7ed6f8859b2623e257a69ef932af780, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e8:2c:d8:66:9b:16:2d:59:48:d6:38:34:57:
                    a0:ff:73:9a:aa:c2:52:2c:2e:28:f9:1b:dc:7e:dc:
                    7f:f8:8c:46:ff:0e:a6:2e:67:1a:d8:6b:f0:e9:41:
                    f4:67:86:63:ba:07:ff:84:96:5c:92:23:c4:b7:35:
                    75:71:22:f6:2a:3b:d4:85:5a:63:c8:a2:06:02:82:
                    73:f6:2b:b6:13:97:85:06:bf:cf:90:38:65:e3:89:
                    72:12:69:c5:67:dc:e6:8e:bc:8a:96:1a:53:11:ed:
                    a6:13:08:7f:05:15:4a:45:9e:e0:f1:8c:db:1c:ff:
                    64:1c:f8:a0:55:68:10:20:a2:85:1e:76:33:7e:ed:
                    f5:18:74:8f:bb:47:d4:53:fb:45:5e:15:69:1e:e2:
                    87:00:01:1b:d4:11:10:15:6f:cc:e6:26:56:34:bc:
                    43:13:25:c7:6a:5f:73:c9:30:38:cc:ce:d0:71:29:
                    15:81:5a:74:ff:98:43:e6:c4:f5:a5:67:b0:bd:81:
                    bb:c9:7a:60:ea:a8:2b:c4:8b:8b:c4:89:ad:ea:f8:
                    5a:34:6c:b7:34:32:8b:54:51:37:ee:4c:95:a3:3f:
                    0e:c5:58:d9:78:dc:c2:4c:3f:84:9b:a1:91:8a:2c:
                    4d:f4:2c:e5:90:a7:64:90:f2:2b:f0:67:14:e6:ab:
                    ac:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E0:8C:36:32:15:13:85:18:D4:6F:A3:2B:CD:7E:C3:E4:D1:1F:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/eca36373-2c2b-4810-b0c5-c530f9afed33.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:4e:90:ff:7f:46:84:17:bb:20:ce:72:a9:94:4b:8c:d0:51:
         d3:49:0f:9f:b0:3a:3c:69:d6:fc:21:d9:d9:5a:b7:b4:06:29:
         5c:2a:a2:a1:94:ab:2b:9a:17:f3:a5:38:78:51:b0:3b:4d:d9:
         56:ec:86:7a:81:91:90:38:ec:52:af:9e:ee:46:3e:ca:df:0d:
         e2:98:2c:9d:8a:a9:2c:df:1c:0c:2f:32:10:0e:e2:ae:c1:be:
         bd:95:c8:d3:05:5c:8f:93:ee:9a:de:d6:a3:0a:2e:1b:75:a3:
         34:09:ed:ac:b9:cd:e3:e2:d1:ba:fe:ac:50:01:7a:81:81:fc:
         ff:cc:e1:f9:67:fb:df:cf:df:ff:f1:63:3c:a6:44:fc:3e:d4:
         06:9e:fc:ad:46:8e:aa:75:34:a4:70:62:b9:c5:b0:74:db:28:
         fc:18:d8:f3:52:30:45:9f:26:27:a7:2d:c9:5c:de:65:ae:07:
         70:ab:2c:17:c2:d6:a2:66:a6:e9:73:bf:7e:98:be:ff:1e:c7:
         68:ff:35:75:2c:45:f7:ab:c5:38:a9:0a:fe:24:6e:96:76:68:
         13:16:00:83:1b:09:52:4d:f1:7a:e5:5b:89:f7:20:2d:ef:2e:
         70:74:8d:eb:0d:4c:c6:ba:80:c5:fd:5f:4c:da:bf:6e:a0:ef:
         ce:54:d4:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDh2hM2fXwWC+nT6WBe5CBvHeZ0AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzkzYzVkNDA1MjlkZTE2MGI3MDgxMTg5ODQ5ZDhkNmY3
ZWQ2Zjg4NTliMjYyM2UyNTdhNjllZjkzMmFmNzgwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDr6CzYZpsWLVlI1jg0V6D/c5qqwlIsLij5G9x+3H/4jEb/
DqYuZxrYa/DpQfRnhmO6B/+EllySI8S3NXVxIvYqO9SFWmPIogYCgnP2K7YTl4UG
v8+QOGXjiXISacVn3OaOvIqWGlMR7aYTCH8FFUpFnuDxjNsc/2Qc+KBVaBAgooUe
djN+7fUYdI+7R9RT+0VeFWke4ocAARvUERAVb8zmJlY0vEMTJcdqX3PJMDjMztBx
KRWBWnT/mEPmxPWlZ7C9gbvJemDqqCvEi4vEia3q+Fo0bLc0MotUUTfuTJWjPw7F
WNl43MJMP4SboZGKLE30LOWQp2SQ8ivwZxTmq6zjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAOCMNjIVE4UY1G+jK81+w+TRH4IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VjYTM2MzczLTJjMmItNDgxMC1iMGM1LWM1MzBmOWFmZWQzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPsVgwDQYJKoZIhvcNAQELBQADggEBABlOkP9/RoQXuyDOcqmUS4zQUdNJ
D5+wOjxp1vwh2dlat7QGKVwqoqGUqyuaF/OlOHhRsDtN2VbshnqBkZA47FKvnu5G
PsrfDeKYLJ2KqSzfHAwvMhAO4q7Bvr2VyNMFXI+T7pre1qMKLht1ozQJ7ay5zePi
0br+rFABeoGB/P/M4fln+9/P3//xYzymRPw+1Aae/K1Gjqp1NKRwYrnFsHTbKPwY
2PNSMEWfJienLclc3mWuB3CrLBfC1qJmpulzv36Yvv8ex2j/NXUsRferxTipCv4k
bpZ2aBMWAIMbCVJN8XrlW4n3IC3vLnB0jesNTMa6gMX9X0zav26g785U1H8=
-----END CERTIFICATE-----