Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b48ef918-19ab-4cd1-9fbc-53cd849775c3.roa
File:                     b48ef918-19ab-4cd1-9fbc-53cd849775c3.roa (raw, json)
Hash identifier:          wfLz0k6K3pkYj+ZanGhg0EhbSn8fLFDDj6iXOJFmLAI=
Subject key identifier:   F6:D9:D7:ED:BB:9D:81:C2:51:66:68:CD:66:B2:F4:17:40:8D:21:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63B0A43F36E5D4D7CF564D774A15A24A8AE27C1D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b48ef918-19ab-4cd1-9fbc-53cd849775c3.roa
Signing time:             Fri 21 Mar 2025 00:31:49 +0000
ROA not before:           Fri 21 Mar 2025 00:31:49 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.48.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:b0:a4:3f:36:e5:d4:d7:cf:56:4d:77:4a:15:a2:4a:8a:e2:7c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:31:49 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:70:35:51:fe:74:36:4a:89:f8:a5:da:78:30:
                    59:4d:df:32:4f:41:71:94:e6:d3:76:15:5d:11:95:
                    1d:39:36:65:12:b7:4e:70:d8:2f:78:4d:7e:1e:ec:
                    b8:49:74:24:1a:c9:ff:c9:ba:4d:d7:29:10:d6:0b:
                    04:1a:d1:24:87:08:42:e5:f9:97:a8:c3:85:4d:3c:
                    ab:6a:32:36:12:53:07:ab:30:ed:2b:f2:56:2e:e4:
                    5a:0b:03:18:6e:a9:2b:9c:dd:f1:70:50:e4:01:0b:
                    12:3c:08:e5:7e:09:6c:69:33:85:05:4c:e7:35:f1:
                    26:36:e4:01:9b:9c:6e:e6:e2:ce:8b:08:85:e7:f9:
                    5c:64:46:b8:42:89:8b:02:b7:99:23:5c:2c:35:1e:
                    e3:65:82:fa:fb:ca:7a:16:1e:2b:3a:2d:f3:00:6f:
                    32:3e:ad:8d:71:87:de:63:3c:5a:a5:7b:99:5c:d4:
                    79:05:d9:06:5f:f7:f3:65:9a:51:7c:f1:0e:4c:42:
                    d1:8a:ba:66:a6:55:f4:96:01:1d:1f:a9:64:c0:42:
                    e1:f1:0f:80:e4:1a:20:1b:87:81:37:78:ce:bd:18:
                    26:8b:f2:6e:48:ac:0c:be:c4:e3:15:62:2d:fd:bb:
                    77:b7:51:97:83:2f:93:60:b4:a2:8a:e3:66:ea:b9:
                    10:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D9:D7:ED:BB:9D:81:C2:51:66:68:CD:66:B2:F4:17:40:8D:21:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b48ef918-19ab-4cd1-9fbc-53cd849775c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         44:71:3b:67:bf:6e:e6:c8:ba:78:44:c5:d3:bb:65:9a:7b:d5:
         cf:f3:65:9c:a2:b1:d0:6a:11:95:d9:8c:dc:d6:e4:70:9b:56:
         b6:a0:1e:df:86:f8:39:c4:19:17:3a:cc:e4:19:ca:dc:71:6f:
         69:26:08:a6:39:35:33:80:e5:7f:a1:ec:53:c6:9f:8f:6f:1f:
         eb:13:7f:fd:ac:3f:57:a2:62:c7:34:68:16:66:4a:39:c5:9e:
         ed:4c:c8:9c:79:73:50:f9:09:47:80:3a:21:ab:c9:5d:21:da:
         3a:60:75:36:5b:fc:89:42:08:2d:13:94:81:03:72:03:0e:99:
         7e:e9:f9:b1:0a:88:eb:cc:e8:83:6b:8e:c9:b8:de:1f:0a:57:
         23:4a:0e:5e:43:d7:af:9f:60:00:5c:b4:c1:a3:49:06:b8:44:
         1f:c5:b1:a2:5e:43:0e:c3:e4:01:b3:d0:b7:dc:4b:78:2b:29:
         cb:8c:ab:4f:12:e8:d5:d1:fc:ef:a9:30:11:80:9e:c4:c2:28:
         80:05:83:54:f5:f5:88:d9:2e:3e:9a:41:bc:ba:ea:4b:02:d5:
         89:8a:e9:c0:eb:a4:d1:31:82:dd:d5:43:50:dc:0f:1b:b2:7f:
         84:51:86:49:e1:41:1a:30:ae:09:73:21:70:8d:62:33:8d:6f:
         c5:e1:90:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY7CkPzbl1NfPVk13ShWiSorifB0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAzMTQ5WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MzJjNGVkMDZhNzY3MWI2ZDA4ZGNhYzM2NTVjZDA4YTY1
Nzc3NTEyYTllOGQzMzcyZDE3ZmZhMjM5NzM2ODNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDacDVR/nQ2Son4pdp4MFlN3zJPQXGU5tN2FV0RlR05NmUS
t05w2C94TX4e7LhJdCQayf/Juk3XKRDWCwQa0SSHCELl+Zeow4VNPKtqMjYSUwer
MO0r8lYu5FoLAxhuqSuc3fFwUOQBCxI8COV+CWxpM4UFTOc18SY25AGbnG7m4s6L
CIXn+VxkRrhCiYsCt5kjXCw1HuNlgvr7ynoWHis6LfMAbzI+rY1xh95jPFqle5lc
1HkF2QZf9/NlmlF88Q5MQtGKumamVfSWAR0fqWTAQuHxD4DkGiAbh4E3eM69GCaL
8m5IrAy+xOMVYi39u3e3UZeDL5NgtKKK42bquRDZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9tnX7budgcJRZmjNZrL0F0CNISMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I0OGVmOTE4LTE5YWItNGNkMS05ZmJjLTUzY2Q4NDk3NzVjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjljAwDQYJKoZIhvcNAQELBQADggEBAERxO2e/bubIunhExdO7ZZp71c/z
ZZyisdBqEZXZjNzW5HCbVragHt+G+DnEGRc6zOQZytxxb2kmCKY5NTOA5X+h7FPG
n49vH+sTf/2sP1eiYsc0aBZmSjnFnu1MyJx5c1D5CUeAOiGryV0h2jpgdTZb/IlC
CC0TlIEDcgMOmX7p+bEKiOvM6INrjsm43h8KVyNKDl5D16+fYABctMGjSQa4RB/F
saJeQw7D5AGz0LfcS3grKcuMq08S6NXR/O+pMBGAnsTCKIAFg1T19YjZLj6aQby6
6ksC1YmK6cDrpNExgt3VQ1DcDxuyf4RRhknhQRowrglzIXCNYjONb8XhkJg=
-----END CERTIFICATE-----