Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/490b7b12-05f8-4df5-8030-0eeb12f02c31.roa
File:                     490b7b12-05f8-4df5-8030-0eeb12f02c31.roa (raw, json)
Hash identifier:          DZEdnF9HO5bYooH3WdwtQataa24qKnKa5aBXk00w5V4=
Subject key identifier:   09:04:59:0A:3F:C1:7D:1B:25:98:4D:64:72:B7:77:AC:65:3F:7B:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2615ACD4A96A8B285E4FBCA13E76ACD0CD19FF83
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/490b7b12-05f8-4df5-8030-0eeb12f02c31.roa
Signing time:             Fri 21 Mar 2025 00:30:21 +0000
ROA not before:           Fri 21 Mar 2025 00:30:21 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.8.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:15:ac:d4:a9:6a:8b:28:5e:4f:bc:a1:3e:76:ac:d0:cd:19:ff:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:30:21 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3f:a3:ee:0f:52:e9:6e:5c:fb:bc:9d:d7:ed:
                    e4:41:66:cf:bc:3f:99:8b:9f:63:02:89:7a:a5:6b:
                    2a:e7:a9:96:50:79:69:36:a5:ef:ba:f9:6b:04:90:
                    c5:26:42:14:44:69:22:22:88:00:d9:dd:af:34:1a:
                    30:c5:63:58:e9:81:a1:38:ee:e6:1e:29:4d:0b:84:
                    56:2f:73:8a:64:3b:e6:90:e4:78:80:69:9b:d8:16:
                    e0:ee:f7:1d:e3:a4:68:09:a6:bf:6c:34:e7:8a:79:
                    43:53:bc:8d:8d:7e:36:2a:20:10:ae:c5:d3:2c:4b:
                    5d:39:72:1a:9e:e5:a7:6f:43:1a:e3:c7:98:8f:e0:
                    8d:eb:ac:81:e4:bf:48:cc:94:51:59:df:76:27:f2:
                    34:ed:a4:98:6a:38:e2:32:54:38:a9:b2:26:5b:da:
                    16:22:f4:85:16:b9:18:e8:c0:2f:53:9d:14:f8:8d:
                    f7:3c:90:08:c3:8d:d2:7c:1b:3c:bd:b1:be:c1:d1:
                    a0:7b:60:57:36:e4:2b:14:0c:65:be:b1:53:25:09:
                    de:c6:dc:7c:eb:87:11:f5:60:15:96:f5:86:01:b8:
                    f2:4e:40:e4:bb:27:89:cd:36:ab:b3:a9:23:f9:f8:
                    ed:24:db:40:50:ae:41:c7:73:81:b2:85:b0:bd:53:
                    5c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:04:59:0A:3F:C1:7D:1B:25:98:4D:64:72:B7:77:AC:65:3F:7B:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/490b7b12-05f8-4df5-8030-0eeb12f02c31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:2f:a7:8f:8a:00:9e:a7:91:46:11:c2:7f:09:ac:55:92:3c:
         53:a6:6d:ac:1c:de:dc:74:42:08:87:45:66:9e:af:fd:93:79:
         00:1e:01:37:7b:09:aa:47:7e:a1:22:e6:10:f2:19:31:a3:c8:
         e8:3b:96:3e:dc:0a:e2:59:51:53:09:0e:d4:14:d5:64:41:b6:
         0f:4f:a1:7e:21:6d:b5:bc:0f:81:b4:eb:91:16:7e:64:e7:8c:
         36:fa:bb:89:b8:a2:a3:7f:d9:68:70:35:76:1e:e4:93:d4:c6:
         af:fc:2f:02:66:f4:b4:ed:23:46:eb:32:58:5e:d5:51:8b:4c:
         e3:35:c2:d8:48:d7:b5:ab:73:c4:70:66:d8:61:84:11:88:af:
         c7:ea:58:da:53:56:ee:88:5c:87:92:e5:b5:02:51:e2:ff:61:
         52:3a:24:71:91:b3:5f:16:6a:59:9e:2e:d5:70:93:79:b8:af:
         19:dc:f2:a4:d3:42:ca:25:7e:50:f8:d8:a3:9f:cb:a3:99:65:
         59:4f:42:f7:a4:ef:6e:4e:06:ff:81:68:8c:33:5e:5e:d4:f4:
         f3:42:20:38:f8:66:18:d4:fa:d4:16:5f:92:e3:83:18:45:40:
         35:49:fb:b8:a1:8e:f3:17:3c:9f:09:44:7b:96:da:7e:50:8e:
         a4:f7:a8:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJhWs1KlqiyheT7yhPnas0M0Z/4MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAzMDIxWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzViZjk5ZTMyYTcxNTAxMWUwM2I2NDI3MDg4ZjgzNTg2
YTFlNTk5YjNkMTA4NGFlOWEwMjI4ZTJlZDczNzNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBP6PuD1Lpblz7vJ3X7eRBZs+8P5mLn2MCiXqlayrnqZZQ
eWk2pe+6+WsEkMUmQhREaSIiiADZ3a80GjDFY1jpgaE47uYeKU0LhFYvc4pkO+aQ
5HiAaZvYFuDu9x3jpGgJpr9sNOeKeUNTvI2NfjYqIBCuxdMsS105chqe5advQxrj
x5iP4I3rrIHkv0jMlFFZ33Yn8jTtpJhqOOIyVDipsiZb2hYi9IUWuRjowC9TnRT4
jfc8kAjDjdJ8Gzy9sb7B0aB7YFc25CsUDGW+sVMlCd7G3HzrhxH1YBWW9YYBuPJO
QOS7J4nNNquzqSP5+O0k20BQrkHHc4GyhbC9U1zhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCQRZCj/BfRslmE1kcrd3rGU/e68wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5MGI3YjEyLTA1ZjgtNGRmNS04MDMwLTBlZWIxMmYwMmMzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlggwDQYJKoZIhvcNAQELBQADggEBAFIvp4+KAJ6nkUYRwn8JrFWSPFOm
bawc3tx0QgiHRWaer/2TeQAeATd7CapHfqEi5hDyGTGjyOg7lj7cCuJZUVMJDtQU
1WRBtg9PoX4hbbW8D4G065EWfmTnjDb6u4m4oqN/2WhwNXYe5JPUxq/8LwJm9LTt
I0brMlhe1VGLTOM1wthI17Wrc8RwZthhhBGIr8fqWNpTVu6IXIeS5bUCUeL/YVI6
JHGRs18WalmeLtVwk3m4rxnc8qTTQsolflD42KOfy6OZZVlPQvek725OBv+BaIwz
Xl7U9PNCIDj4ZhjU+tQWX5LjgxhFQDVJ+7ihjvMXPJ8JRHuW2n5QjqT3qOI=
-----END CERTIFICATE-----