Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/de5759b0-8ae0-4c75-8bc6-1760901356b2.roa
File:                     de5759b0-8ae0-4c75-8bc6-1760901356b2.roa (raw, json)
Hash identifier:          q6c8T8Y3ZNfaXF9+GxQeJmEHMirAyBdEH5Jmrx1nHno=
Subject key identifier:   B3:89:85:DD:04:BE:4B:87:B0:06:7D:27:51:F1:4B:CD:CD:B5:64:7C
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       9497B9BCDC72EFCA4118850348DE86880969BC
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/de5759b0-8ae0-4c75-8bc6-1760901356b2.roa
Signing time:             Fri 21 Mar 2025 00:40:16 +0000
ROA not before:           Fri 21 Mar 2025 00:40:16 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.251.244.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            94:97:b9:bc:dc:72:ef:ca:41:18:85:03:48:de:86:88:09:69:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Mar 21 00:40:16 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:35:e9:4e:bc:2a:a1:cf:8d:58:38:fd:55:d5:
                    b6:20:ff:dc:1c:88:88:44:84:3a:1e:93:f6:12:8d:
                    a7:c9:4c:6c:eb:2f:f6:4f:26:fc:8e:30:8f:6c:8d:
                    53:ec:32:f2:26:06:07:58:10:ae:84:de:f9:6e:eb:
                    4e:0d:d5:4c:0d:70:81:0a:df:c9:9f:8c:23:69:64:
                    c1:47:e7:98:5a:02:1f:63:1c:ee:d1:f7:d0:7a:1b:
                    c2:12:b7:5a:be:2f:cf:f3:c2:30:3e:a4:c9:5e:9b:
                    a9:96:38:5f:29:49:3e:0f:5a:77:ea:10:54:12:75:
                    dc:21:fa:0a:15:6d:d0:ee:5f:0b:1a:2f:b3:05:2d:
                    72:4d:24:c1:80:5e:45:bc:a2:f7:64:92:35:d5:7f:
                    3f:8b:5c:7a:7f:83:6f:4d:5f:a8:00:e7:8d:4b:8f:
                    b4:f8:f9:84:26:ef:6a:48:c0:7c:20:59:fd:15:ff:
                    eb:1c:d9:4c:6c:d4:93:34:26:01:67:c4:6f:d8:3c:
                    ad:59:4f:ad:cb:63:fd:20:4d:9c:52:6e:72:62:20:
                    c0:51:40:40:9a:fd:46:86:5b:92:89:18:99:33:34:
                    18:2d:15:a8:a5:53:05:f1:4e:aa:94:e8:d1:21:06:
                    5d:4c:de:92:3d:7b:72:0b:a1:dd:21:7c:13:27:38:
                    38:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:89:85:DD:04:BE:4B:87:B0:06:7D:27:51:F1:4B:CD:CD:B5:64:7C
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/de5759b0-8ae0-4c75-8bc6-1760901356b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.251.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:36:f9:42:02:cd:9b:32:08:0f:5f:31:57:3b:07:6d:47:1c:
         1e:30:59:d4:3a:db:13:61:18:aa:0b:3e:89:9c:fb:25:44:32:
         90:9a:42:23:47:7b:91:17:e9:a2:85:2c:4d:4d:b1:64:f0:a4:
         9a:68:6d:23:9a:3b:25:3a:4d:51:cd:12:51:98:b9:5e:40:5b:
         83:a0:ec:c3:90:15:c6:73:79:70:22:b7:d3:13:9b:ea:d5:73:
         b1:64:7f:49:cb:23:a6:42:53:79:a3:be:99:0e:bd:1c:d3:a3:
         fa:3d:60:0e:a4:7b:86:e5:23:92:35:7d:26:53:0e:ba:87:78:
         1a:f3:ea:61:c0:6e:cb:12:ae:d5:35:08:49:18:f4:da:13:0b:
         16:ad:45:a8:c7:43:cd:5e:7d:84:30:8c:32:e3:a8:ea:ad:b0:
         1c:22:01:74:15:90:92:77:e6:14:7d:76:1a:55:4c:fc:a7:56:
         bb:9e:f2:2f:43:0a:95:e4:f2:e6:5d:3e:4f:cb:73:a2:c5:69:
         e3:07:dd:dc:31:4e:6c:5d:ed:38:fd:41:79:0e:2d:f6:c1:5b:
         37:ad:28:27:59:25:75:d6:19:68:e6:c3:ac:fc:60:41:62:54:
         00:cb:76:c8:85:27:1d:b7:0c:a7:a0:fd:18:66:8b:98:de:5f:
         e9:12:89:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAJSXubzccu/KQRiFA0jehogJabwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwMzIxMDA0MDE2WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWJmMjU3Njk3OWViNGQ5ZWU1YzhjZjRiNDlmZjlkMzdi
YjVkYzNhOTU1NDAzYjZkY2RjMzM5NTBlNGVmNjNiMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsNelOvCqhz41YOP1V1bYg/9wciIhEhDoek/YSjafJTGzr
L/ZPJvyOMI9sjVPsMvImBgdYEK6E3vlu604N1UwNcIEK38mfjCNpZMFH55haAh9j
HO7R99B6G8ISt1q+L8/zwjA+pMlem6mWOF8pST4PWnfqEFQSddwh+goVbdDuXwsa
L7MFLXJNJMGAXkW8ovdkkjXVfz+LXHp/g29NX6gA541Lj7T4+YQm72pIwHwgWf0V
/+sc2Uxs1JM0JgFnxG/YPK1ZT63LY/0gTZxSbnJiIMBRQECa/UaGW5KJGJkzNBgt
FailUwXxTqqU6NEhBl1M3pI9e3ILod0hfBMnODhZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs4mF3QS+S4ewBn0nUfFLzc21ZHwwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2RlNTc1OWIwLThhZTAtNGM3NS04YmM2LTE3NjA5MDEzNTZiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHN+/QwDQYJKoZIhvcNAQELBQADggEBAHY2+UICzZsyCA9fMVc7B21HHB4w
WdQ62xNhGKoLPomc+yVEMpCaQiNHe5EX6aKFLE1NsWTwpJpobSOaOyU6TVHNElGY
uV5AW4Og7MOQFcZzeXAit9MTm+rVc7Fkf0nLI6ZCU3mjvpkOvRzTo/o9YA6ke4bl
I5I1fSZTDrqHeBrz6mHAbssSrtU1CEkY9NoTCxatRajHQ81efYQwjDLjqOqtsBwi
AXQVkJJ35hR9dhpVTPynVrue8i9DCpXk8uZdPk/Lc6LFaeMH3dwxTmxd7Tj9QXkO
LfbBWzetKCdZJXXWGWjmw6z8YEFiVADLdsiFJx23DKeg/Rhmi5jeX+kSidg=
-----END CERTIFICATE-----