Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eaca10ed-f765-4a76-9ea5-32f39b19c36b.roa
File:                     eaca10ed-f765-4a76-9ea5-32f39b19c36b.roa (raw, json)
Hash identifier:          o3V33kuvrGhj713h9aElL0JM4+TAL3TjZn0j92/sH2k=
Subject key identifier:   EC:58:B7:FC:F4:E5:AA:16:6F:24:7B:CD:51:19:3D:D0:33:01:4B:1B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       760BACC8CF5EE030023AB72E9BC2FE60BF5206
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eaca10ed-f765-4a76-9ea5-32f39b19c36b.roa
Signing time:             Fri 21 Mar 2025 00:22:02 +0000
ROA not before:           Fri 21 Mar 2025 00:22:02 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.16.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:0b:ac:c8:cf:5e:e0:30:02:3a:b7:2e:9b:c2:fe:60:bf:52:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:22:02 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:38:80:55:84:50:81:9a:d5:b4:fa:f2:98:1b:
                    38:8d:8a:37:c6:32:2a:37:22:b5:f4:60:a1:80:40:
                    66:93:26:41:85:74:78:45:9e:ec:c7:02:70:72:d8:
                    20:11:bd:ba:67:ed:ef:c7:0b:7b:81:3b:1d:d7:27:
                    fa:12:b8:46:43:a4:74:eb:f0:e0:4d:d0:9c:52:26:
                    15:ac:73:2c:d1:e4:98:c5:9a:35:64:ae:c7:b0:8b:
                    df:5a:52:10:8c:e0:dd:b8:51:f9:a9:ae:e4:99:9d:
                    35:84:6a:b5:4a:2c:66:06:d6:d7:86:e8:33:3e:2a:
                    03:54:79:0e:b1:a7:9b:d1:9b:91:e5:6b:6a:fd:01:
                    3d:e0:08:a6:68:f0:3d:1d:2c:83:34:43:a2:2b:e9:
                    c8:51:55:04:e0:60:c2:16:81:23:e0:99:a5:77:79:
                    66:f6:12:f9:c3:cd:a2:f1:02:5b:8d:b7:33:77:b6:
                    5a:be:37:ba:76:ad:0e:5b:02:7b:23:1d:a7:50:e7:
                    c9:84:65:6f:e8:81:20:4f:b9:d7:9e:11:20:eb:f9:
                    5e:75:04:66:69:c5:74:fb:69:6d:8b:90:18:13:fb:
                    57:2a:20:92:9c:33:9c:f7:4e:73:e8:5b:42:d3:e0:
                    9b:5d:13:74:d8:e0:61:31:4c:ae:c5:b7:5b:b7:03:
                    2e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:58:B7:FC:F4:E5:AA:16:6F:24:7B:CD:51:19:3D:D0:33:01:4B:1B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eaca10ed-f765-4a76-9ea5-32f39b19c36b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         13:91:0e:18:5a:d5:82:33:2e:7a:5e:b9:fa:64:2c:bc:40:58:
         92:71:0f:60:a1:19:d0:c5:40:07:fa:3f:19:bc:b7:a3:e9:e0:
         52:19:57:2e:62:95:9c:1c:4c:bf:e9:3f:53:81:c6:f6:ae:93:
         cb:2e:e7:92:d6:5b:2b:06:00:ce:65:c6:d7:ef:5d:6b:13:29:
         72:64:f3:94:52:e3:27:73:67:c8:a9:a5:67:d5:42:67:b0:cb:
         42:4c:d7:02:4d:94:08:1d:3a:46:46:10:58:58:52:82:fd:d0:
         0e:cb:29:f4:4f:85:8d:2b:f0:2f:bd:c4:b7:4c:b6:71:0e:2b:
         0a:51:45:74:44:6e:32:7a:b5:81:98:3c:39:80:2c:ea:18:6c:
         ef:cd:fe:ac:23:22:36:59:fb:e9:0a:93:f1:39:21:c2:0d:2f:
         1a:8a:0e:7a:f2:b3:58:18:83:87:f4:d7:ce:f1:6d:8a:17:81:
         7c:63:4f:e7:e0:f1:c4:33:5d:c7:6a:6a:2f:c2:84:9f:75:8f:
         cf:93:45:6a:fd:56:67:d2:23:f0:62:6b:2b:01:5b:54:a8:0a:
         8d:c7:5f:f2:e7:1b:e9:03:b1:7b:3a:13:69:02:14:fe:d5:40:
         c6:02:dc:a1:70:8c:c8:c2:60:d1:1f:93:4c:af:06:10:7d:59:
         a3:c3:ba:7a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITdgusyM9e4DACOrcum8L+YL9SBjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTAzMjEwMDIyMDJaFw0yNTA0MjUyMzU5NTla
MHoxSTBHBgNVBAUTQGVkNGNlMjYzOTgwNTBjNGMyMThjNzdhZWQ5YWI3ZDJlOGFm
Yjk1ZWZjZDBhODM4MTI2NWE0YjU3ZDAyZDBjOWMxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALA4gFWEUIGa1bT68pgbOI2KN8YyKjcitfRgoYBAZpMmQYV0
eEWe7McCcHLYIBG9umft78cLe4E7Hdcn+hK4RkOkdOvw4E3QnFImFaxzLNHkmMWa
NWSux7CL31pSEIzg3bhR+amu5JmdNYRqtUosZgbW14boMz4qA1R5DrGnm9GbkeVr
av0BPeAIpmjwPR0sgzRDoivpyFFVBOBgwhaBI+CZpXd5ZvYS+cPNovECW423M3e2
Wr43unatDlsCeyMdp1DnyYRlb+iBIE+5154RIOv5XnUEZmnFdPtpbYuQGBP7Vyog
kpwznPdOc+hbQtPgm10TdNjgYTFMrsW3W7cDLk8CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTsWLf89OWqFm8ke81RGT3QMwFLGzAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvZWFjYTEwZWQtZjc2NS00YTc2LTllYTUtMzJmMzliMTljMzZiLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEA2OWEDANBgkqhkiG9w0BAQsFAAOCAQEAE5EOGFrVgjMuel65+mQsvEBYknEP
YKEZ0MVAB/o/Gby3o+ngUhlXLmKVnBxMv+k/U4HG9q6Tyy7nktZbKwYAzmXG1+9d
axMpcmTzlFLjJ3NnyKmlZ9VCZ7DLQkzXAk2UCB06RkYQWFhSgv3QDssp9E+FjSvw
L73Et0y2cQ4rClFFdERuMnq1gZg8OYAs6hhs783+rCMiNln76QqT8Tkhwg0vGooO
evKzWBiDh/TXzvFtiheBfGNP5+DxxDNdx2pqL8KEn3WPz5NFav1WZ9Ij8GJrKwFb
VKgKjcdf8ucb6QOxezoTaQIU/tVAxgLcoXCMyMJg0R+TTK8GEH1Zo8O6eg==
-----END CERTIFICATE-----