Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/27c7a344-4bc7-468b-ad30-3b9c006cd0c8/a0d96eac-8dc3-36e6-b3ee-f8e65dd9db3d.roa
File:                     a0d96eac-8dc3-36e6-b3ee-f8e65dd9db3d.roa (raw, json)
Hash identifier:          RGcZC2oG0KMkh79sEm5NXzUYSYDgFWcHZBJjIL1yFMQ=
Subject key identifier:   53:16:EC:B3:C4:D2:3E:7B:61:22:D8:10:77:37:8C:34:C3:E6:63:24
Certificate issuer:       /CN=27c7a344-4bc7-468b-ad30-3b9c006cd0c8
Certificate serial:       010D0C9F4328584851A56CA6454EB80CF0025F80
Authority key identifier: D9:4A:87:E9:9F:64:F3:92:1C:80:49:03:D0:E0:01:6E:63:18:33:DD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/27c7a344-4bc7-468b-ad30-3b9c006cd0c8.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/27c7a344-4bc7-468b-ad30-3b9c006cd0c8/a0d96eac-8dc3-36e6-b3ee-f8e65dd9db3d.roa
Signing time:             Wed 25 Dec 2024 02:00:38 +0000
ROA not before:           Wed 25 Dec 2024 02:00:38 +0000
ROA not after:            Tue 25 Mar 2025 01:00:38 +0000
asID:                     3257
IP address blocks:        104.171.208.0/24 maxlen: 24
                          104.171.209.0/24 maxlen: 24
                          104.171.210.0/24 maxlen: 24
                          104.171.211.0/24 maxlen: 24
                          104.171.212.0/24 maxlen: 24
                          104.171.213.0/24 maxlen: 24
                          104.171.214.0/24 maxlen: 24
                          104.171.215.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:51:a5:6c:a6:45:4e:b8:0c:f0:02:5f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c7a344-4bc7-468b-ad30-3b9c006cd0c8
        Validity
            Not Before: Dec 25 02:00:38 2024 GMT
            Not After : Mar 25 01:00:38 2025 GMT
        Subject: CN=4c745692-0601-47ec-85ca-c1cd377342c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:31:84:ee:0b:48:fe:96:e9:fa:8c:64:9c:e4:
                    99:e3:3b:13:3d:ed:33:a5:19:f4:46:31:8e:a2:8b:
                    25:60:fb:64:d0:33:ca:9f:52:ef:09:44:ea:96:f7:
                    84:d6:7f:c0:ed:88:86:bb:2b:49:a3:1c:e7:1c:07:
                    bd:7d:dc:7c:c1:71:f3:3e:d4:4a:6f:b6:42:27:a7:
                    28:73:2a:a5:ca:97:77:82:31:05:6e:19:9c:67:0a:
                    c2:32:f0:ba:c3:ab:73:d6:65:68:7f:49:60:f7:d9:
                    7a:eb:5e:f3:af:28:f0:e4:ff:78:c7:35:01:0e:34:
                    22:5f:1d:83:08:ed:1b:5f:28:ce:86:5e:73:78:aa:
                    ba:0d:cf:d9:f9:97:65:9b:c9:9b:8d:1b:ac:df:51:
                    d2:9e:41:37:70:1a:d6:6b:d6:2d:b7:4a:49:57:3e:
                    3d:0d:51:ef:42:da:74:6e:16:22:c5:17:6f:7a:e1:
                    14:a9:a3:71:85:f6:ae:e0:c6:e7:bc:bc:9a:e2:a9:
                    d7:13:f6:55:cf:4b:91:a7:7a:00:83:4d:1d:a9:3d:
                    87:b4:4e:5e:2e:f7:b7:c8:f9:24:dd:b2:17:b8:6d:
                    65:64:df:8f:13:7d:18:fa:67:e0:cd:bd:78:cf:02:
                    2b:1c:45:91:6a:72:6b:af:72:85:76:64:31:91:0c:
                    d1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:16:EC:B3:C4:D2:3E:7B:61:22:D8:10:77:37:8C:34:C3:E6:63:24
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/27c7a344-4bc7-468b-ad30-3b9c006cd0c8/a0d96eac-8dc3-36e6-b3ee-f8e65dd9db3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/27c7a344-4bc7-468b-ad30-3b9c006cd0c8/27c7a344-4bc7-468b-ad30-3b9c006cd0c8.crl

            X509v3 Authority Key Identifier:
                keyid:D9:4A:87:E9:9F:64:F3:92:1C:80:49:03:D0:E0:01:6E:63:18:33:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/27c7a344-4bc7-468b-ad30-3b9c006cd0c8.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.171.208.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         27:6a:03:67:48:af:fd:4d:e1:a0:91:57:89:e0:ed:62:4b:7a:
         b7:8d:3d:3f:03:6f:19:75:d8:df:23:45:6a:35:7e:25:a7:24:
         e9:ef:98:f0:e0:de:a0:05:ac:28:8d:6c:47:69:e5:74:e0:4e:
         8d:ab:cd:29:e3:de:e1:2e:3d:28:42:84:97:14:f4:39:e3:33:
         00:f2:cc:0b:be:78:47:fc:32:2a:2f:05:24:ef:9d:9b:ad:3e:
         86:5a:90:e7:24:c5:61:49:ca:50:47:71:9c:98:f8:17:d9:06:
         b5:a7:d9:13:c8:37:3a:b9:77:7e:08:53:b0:90:46:c8:4a:ff:
         ce:54:27:07:7d:41:95:f3:1d:1e:03:0f:8a:08:8a:d9:d6:ca:
         66:e4:c9:7d:88:4c:8e:1c:f5:2b:5e:dc:67:c7:1e:d0:e9:2a:
         1e:b9:00:60:da:56:41:17:ce:d4:7f:18:cd:1e:19:ed:e3:0f:
         2f:f6:8b:54:85:08:55:8c:6a:8f:36:5e:e0:5f:b1:a0:7e:9a:
         14:5e:0f:76:d5:fe:29:c2:a3:3e:c9:03:59:f3:20:e6:29:6f:
         3a:57:8a:af:e5:3c:8e:25:b8:a2:7e:96:8b:cb:d3:32:77:91:
         c6:a2:88:25:7c:69:a9:f6:b8:83:08:04:1e:1c:a3:1f:17:29:
         bf:5b:15:fe
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEhRpWymRU64DPACX4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMjdjN2EzNDQtNGJjNy00NjhiLWFkMzAtM2I5YzAwNmNk
MGM4MB4XDTI0MTIyNTAyMDAzOFoXDTI1MDMyNTAxMDAzOFowLzEtMCsGA1UEAxMk
NGM3NDU2OTItMDYwMS00N2VjLTg1Y2EtYzFjZDM3NzM0MmM1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jGE7gtI/pbp+oxknOSZ4zsTPe0zpRn0RjGO
ooslYPtk0DPKn1LvCUTqlveE1n/A7YiGuytJoxznHAe9fdx8wXHzPtRKb7ZCJ6co
cyqlypd3gjEFbhmcZwrCMvC6w6tz1mVof0lg99l6617zryjw5P94xzUBDjQiXx2D
CO0bXyjOhl5zeKq6Dc/Z+Zdlm8mbjRus31HSnkE3cBrWa9Ytt0pJVz49DVHvQtp0
bhYixRdveuEUqaNxhfau4MbnvLya4qnXE/ZVz0uRp3oAg00dqT2HtE5eLve3yPkk
3bIXuG1lZN+PE30Y+mfgzb14zwIrHEWRanJrr3KFdmQxkQzRfwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFFMW7LPE0j57YSLYEHc3jDTD5mMkMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8yN2M3
YTM0NC00YmM3LTQ2OGItYWQzMC0zYjljMDA2Y2QwYzgvYTBkOTZlYWMtOGRjMy0z
NmU2LWIzZWUtZjhlNjVkZDlkYjNkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvMjdjN2EzNDQtNGJjNy00NjhiLWFk
MzAtM2I5YzAwNmNkMGM4LzI3YzdhMzQ0LTRiYzctNDY4Yi1hZDMwLTNiOWMwMDZj
ZDBjOC5jcmwwHwYDVR0jBBgwFoAU2UqH6Z9k85IcgEkD0OABbmMYM90wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi8yN2M3YTM0NC00YmM3LTQ2OGItYWQzMC0zYjlj
MDA2Y2QwYzguY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDaKvQMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACdqA2dIr/1N4aCRV4ng7WJLereNPT8Dbxl12N8jRWo1fiWnJOnvmPDg
3qAFrCiNbEdp5XTgTo2rzSnj3uEuPShChJcU9DnjMwDyzAu+eEf8MiovBSTvnZut
PoZakOckxWFJylBHcZyY+BfZBrWn2RPINzq5d34IU7CQRshK/85UJwd9QZXzHR4D
D4oIitnWymbkyX2ITI4c9Ste3GfHHtDpKh65AGDaVkEXztR/GM0eGe3jDy/2i1SF
CFWMao82XuBfsaB+mhReD3bV/inCoz7JA1nzIOYpbzpXiq/lPI4luKJ+lovL0zJ3
kcaiiCV8aan2uIMIBB4cox8XKb9bFf4=
-----END CERTIFICATE-----