Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/bfa510ed-d40b-4552-a4d8-5bb4c30e482a.roa
File:                     bfa510ed-d40b-4552-a4d8-5bb4c30e482a.roa (raw, json)
Hash identifier:          zJhyhtH2BPsG6OGrNh4Bi0AeRtbniQkBpkkRlTgETfA=
Subject key identifier:   45:B8:B8:F2:40:4E:48:E4:D3:A5:24:9C:67:8E:29:3E:55:C2:9D:26
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       3FA92D12DD6FCFF79D0DE6FDFDE7DC8E9CAC9F64
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/bfa510ed-d40b-4552-a4d8-5bb4c30e482a.roa
Signing time:             Mon 17 Mar 2025 15:00:13 +0000
ROA not before:           Mon 17 Mar 2025 15:00:13 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        23.249.213.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:a9:2d:12:dd:6f:cf:f7:9d:0d:e6:fd:fd:e7:dc:8e:9c:ac:9f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 17 15:00:13 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b0:ff:73:78:06:0e:5b:7c:ae:30:63:2e:ec:
                    e2:d5:4b:2a:2d:ec:f6:c1:09:20:79:1a:36:22:86:
                    d6:80:fd:24:76:1b:a7:25:d3:eb:1e:3d:89:8a:da:
                    d8:e8:4a:8e:8a:a5:d8:8c:cc:4d:72:6c:ca:c5:aa:
                    4f:a9:c5:e4:9d:a5:dc:23:52:23:34:40:3d:49:66:
                    62:01:00:ac:0d:1d:52:c1:a4:99:b5:5d:3f:c4:aa:
                    02:0e:ce:8c:68:53:37:63:43:9d:a3:23:a4:68:22:
                    38:4a:cd:44:c5:49:e4:07:e5:3a:a4:b9:a8:85:8b:
                    bf:49:16:2e:26:3f:59:d3:74:9c:cc:8d:5d:94:ae:
                    22:74:64:a3:7a:af:2f:35:de:47:72:b4:3a:87:ce:
                    ee:d2:8c:ff:b2:14:a0:eb:95:98:e3:4c:e4:24:5a:
                    07:d1:e6:21:c6:be:14:9a:6e:d0:eb:28:c8:77:36:
                    f1:ba:4d:6f:b9:ca:8a:55:bc:f2:27:a4:59:c6:bf:
                    1f:af:fa:f5:50:79:74:df:d8:95:e6:ef:b9:14:f0:
                    25:3a:1c:9f:a7:94:54:cc:98:42:39:db:5e:e5:4e:
                    0b:53:d0:aa:f9:c6:d3:7e:74:21:05:44:2a:8c:a0:
                    40:69:f2:b8:f9:74:e0:98:01:62:38:7d:35:b2:b7:
                    83:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B8:B8:F2:40:4E:48:E4:D3:A5:24:9C:67:8E:29:3E:55:C2:9D:26
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/bfa510ed-d40b-4552-a4d8-5bb4c30e482a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:f9:b7:03:f1:10:66:d1:79:54:88:cc:6b:3b:2d:c9:9c:3b:
         8a:b6:6c:05:31:6b:92:92:ce:1a:2a:b1:87:0c:63:b6:e5:36:
         4d:5b:ee:21:a0:51:11:4a:29:b0:b6:70:25:67:8f:3c:2a:24:
         33:31:39:5a:92:7f:73:9e:f7:c4:4c:ce:5a:e9:9c:7b:1a:71:
         60:a5:17:0d:d3:5d:4a:cb:73:9a:29:53:84:87:b5:aa:05:5c:
         67:5a:90:0b:7f:24:6f:10:5e:1c:f0:0d:98:e5:d6:91:91:c9:
         61:78:a9:c6:19:37:b2:52:b0:9c:a2:58:7f:6b:d6:ae:42:38:
         8a:88:7a:34:a4:3f:fd:33:19:55:f9:77:f7:af:4a:99:9a:4b:
         d2:b3:85:10:bd:f7:de:fe:37:86:d1:87:f6:62:28:c0:c7:3f:
         5d:85:f2:49:3a:fc:20:a0:44:4a:26:6c:d4:94:cc:b1:33:29:
         7f:a8:74:fe:1f:38:88:a8:17:bd:c9:83:c1:98:6d:df:d8:b6:
         e2:81:4c:83:2b:2a:e9:d2:44:f3:b8:6d:8f:4e:5c:76:48:47:
         6f:57:45:b7:01:f3:3e:b3:56:1c:ec:7d:a6:2c:1e:e5:fa:c6:
         f3:24:9b:bb:f2:12:d6:64:f0:c5:42:64:51:5e:22:32:a8:b2:
         ea:46:fb:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP6ktEt1vz/edDeb9/efcjpysn2QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzE3MTUwMDEzWhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZWQ5OWQ4ZjFjODNkYmM4MWY2YjUxYWE1OTIwZjczMzYy
MjA4OTMzNzQwNDUyYTU2MzI1MWQyYjQzNjQwZDk5MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRsP9zeAYOW3yuMGMu7OLVSyot7PbBCSB5GjYihtaA/SR2
G6cl0+sePYmK2tjoSo6KpdiMzE1ybMrFqk+pxeSdpdwjUiM0QD1JZmIBAKwNHVLB
pJm1XT/EqgIOzoxoUzdjQ52jI6RoIjhKzUTFSeQH5TqkuaiFi79JFi4mP1nTdJzM
jV2UriJ0ZKN6ry813kdytDqHzu7SjP+yFKDrlZjjTOQkWgfR5iHGvhSabtDrKMh3
NvG6TW+5yopVvPInpFnGvx+v+vVQeXTf2JXm77kU8CU6HJ+nlFTMmEI5217lTgtT
0Kr5xtN+dCEFRCqMoEBp8rj5dOCYAWI4fTWyt4PFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURbi48kBOSOTTpSScZ44pPlXCnSYwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2JmYTUxMGVkLWQ0MGItNDU1Mi1hNGQ4LTViYjRjMzBlNDgyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+dUwDQYJKoZIhvcNAQELBQADggEBAD75twPxEGbReVSIzGs7LcmcO4q2
bAUxa5KSzhoqsYcMY7blNk1b7iGgURFKKbC2cCVnjzwqJDMxOVqSf3Oe98RMzlrp
nHsacWClFw3TXUrLc5opU4SHtaoFXGdakAt/JG8QXhzwDZjl1pGRyWF4qcYZN7JS
sJyiWH9r1q5COIqIejSkP/0zGVX5d/evSpmaS9KzhRC9997+N4bRh/ZiKMDHP12F
8kk6/CCgREombNSUzLEzKX+odP4fOIioF73Jg8GYbd/YtuKBTIMrKunSRPO4bY9O
XHZIR29XRbcB8z6zVhzsfaYsHuX6xvMkm7vyEtZk8MVCZFFeIjKosupG+/M=
-----END CERTIFICATE-----