Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6879e00a-11c2-42a3-98a8-a2714d454034.roa
File:                     6879e00a-11c2-42a3-98a8-a2714d454034.roa (raw, json)
Hash identifier:          jDsZhf5BaCqoeGj/PPRRZoyD/NW321SV0a69h2w8Ozc=
Subject key identifier:   5E:35:7B:47:AC:C8:2F:65:08:A3:F9:71:0A:3D:BB:60:DF:25:A3:44
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       177B0C6168CC1A45464267BA7FF929246CB705A3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6879e00a-11c2-42a3-98a8-a2714d454034.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.112.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:7b:0c:61:68:cc:1a:45:46:42:67:ba:7f:f9:29:24:6c:b7:05:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e8:58:63:e2:cf:26:43:d1:82:33:f3:e1:a8:
                    ef:bf:9e:e0:5a:b7:be:c3:11:69:4a:7d:4a:70:37:
                    cf:e7:11:71:74:a7:11:97:4f:18:54:5c:6e:45:cb:
                    4f:39:9c:54:42:45:11:11:be:58:af:b6:c8:a4:c7:
                    72:93:34:3c:43:6a:c9:f3:c7:a2:db:e6:1c:48:f8:
                    18:cc:42:ac:4d:03:bb:b8:99:02:42:87:12:dc:1d:
                    77:8a:9d:d1:fd:65:bf:e1:db:c4:8d:9a:b0:21:11:
                    2a:47:25:71:90:62:4f:1b:ce:6f:92:2e:ff:cd:92:
                    76:72:7a:4f:1f:c7:aa:3b:0d:77:ad:7f:3f:b5:1d:
                    b1:69:07:ba:a8:6c:34:54:6a:a0:23:bb:66:19:9f:
                    ac:92:c5:5c:7a:c7:77:25:44:86:d9:62:8b:8f:db:
                    f5:25:a6:ff:b8:16:38:39:c7:0c:a2:e7:1e:38:0e:
                    0a:f1:f5:8c:8e:35:0a:00:6d:6d:42:a1:5d:11:6b:
                    76:ab:a6:1f:0f:e9:1e:96:c0:da:16:a7:c1:d4:22:
                    10:8f:bd:f2:0e:01:33:b9:a0:af:d1:00:85:5a:50:
                    1e:0d:10:f4:ec:97:65:27:2b:4f:ec:5d:7a:cc:51:
                    0d:8b:5f:76:92:3c:72:82:0b:e3:1d:bd:94:46:61:
                    e7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:35:7B:47:AC:C8:2F:65:08:A3:F9:71:0A:3D:BB:60:DF:25:A3:44
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6879e00a-11c2-42a3-98a8-a2714d454034.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:0f:70:6b:eb:e1:8d:bd:bb:88:6f:34:77:f3:20:02:d6:4c:
         70:f3:55:09:34:fd:05:8e:70:b5:51:a3:70:80:93:1f:00:24:
         9d:9b:70:d7:0a:3c:e2:5c:85:4a:f6:fd:ed:bb:27:a0:a1:6f:
         4f:d0:38:e2:21:21:59:d8:39:49:d3:99:42:0f:e9:96:8c:9b:
         4c:e7:34:27:d1:b5:3d:60:b2:d8:09:56:87:13:14:60:85:a7:
         e5:44:12:8a:ff:41:f7:98:15:c1:e2:35:21:cd:a0:d7:ca:7f:
         1c:4d:44:ad:f0:29:24:6b:74:51:d7:c7:d9:5b:15:d8:4a:ae:
         7e:99:89:f2:24:28:8e:34:2a:b2:6d:17:0d:87:4c:40:de:76:
         31:95:c4:68:40:53:63:55:9d:89:7e:f4:c0:56:3c:ff:44:12:
         63:f8:dc:5b:9f:9e:4a:d2:20:6b:8b:4b:89:19:6d:69:94:8a:
         dc:95:36:94:14:4d:26:35:1e:45:80:16:ae:04:61:b6:90:ef:
         48:c7:28:6a:78:66:8a:a1:54:73:38:d3:79:33:0f:da:1a:8a:
         12:13:12:93:17:46:ce:75:32:bd:60:11:9e:d5:31:11:f5:50:
         63:81:9d:1e:07:1a:c7:dd:d9:72:a4:7a:13:1e:e3:16:83:21:
         69:d9:10:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF3sMYWjMGkVGQme6f/kpJGy3BaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDIxZWRhOGUxNTE4ZWQ2ODcyZGI4NDM2ODdjODA3ODIx
NWEzYTExYzhjNjBkNzExYjFhY2I1OTg0Yzc4NWE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe6Fhj4s8mQ9GCM/PhqO+/nuBat77DEWlKfUpwN8/nEXF0
pxGXTxhUXG5Fy085nFRCRRERvlivtsikx3KTNDxDasnzx6Lb5hxI+BjMQqxNA7u4
mQJChxLcHXeKndH9Zb/h28SNmrAhESpHJXGQYk8bzm+SLv/NknZyek8fx6o7DXet
fz+1HbFpB7qobDRUaqAju2YZn6ySxVx6x3clRIbZYouP2/Ulpv+4Fjg5xwyi5x44
Dgrx9YyONQoAbW1CoV0Ra3arph8P6R6WwNoWp8HUIhCPvfIOATO5oK/RAIVaUB4N
EPTsl2UnK0/sXXrMUQ2LX3aSPHKCC+MdvZRGYefrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXjV7R6zIL2UIo/lxCj27YN8lo0QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4NzllMDBhLTExYzItNDJhMy05OGE4LWEyNzE0ZDQ1NDAzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3nAwDQYJKoZIhvcNAQELBQADggEBAE0PcGvr4Y29u4hvNHfzIALWTHDz
VQk0/QWOcLVRo3CAkx8AJJ2bcNcKPOJchUr2/e27J6Chb0/QOOIhIVnYOUnTmUIP
6ZaMm0znNCfRtT1gstgJVocTFGCFp+VEEor/QfeYFcHiNSHNoNfKfxxNRK3wKSRr
dFHXx9lbFdhKrn6ZifIkKI40KrJtFw2HTEDedjGVxGhAU2NVnYl+9MBWPP9EEmP4
3FufnkrSIGuLS4kZbWmUityVNpQUTSY1HkWAFq4EYbaQ70jHKGp4ZoqhVHM403kz
D9oaihITEpMXRs51Mr1gEZ7VMRH1UGOBnR4HGsfd2XKkehMe4xaDIWnZEPg=
-----END CERTIFICATE-----