Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7331dc92-0c6b-4184-8a6d-8d27a7257b88.roa
File:                     7331dc92-0c6b-4184-8a6d-8d27a7257b88.roa (raw, json)
Hash identifier:          0DxqpeafqdDGmvdXsuUJr9zZg2bHgIUcVijfmLBT91U=
Subject key identifier:   99:76:70:59:49:C7:9A:0F:9A:87:FC:A7:38:1C:CA:46:13:8A:00:61
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5813C4B929C27797C1D21229EECE8388A10ECCC1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7331dc92-0c6b-4184-8a6d-8d27a7257b88.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.172.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:13:c4:b9:29:c2:77:97:c1:d2:12:29:ee:ce:83:88:a1:0e:cc:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:7e:c3:04:1e:6c:00:8f:aa:82:4f:8b:31:d7:
                    df:30:52:eb:55:ee:3f:01:45:dc:de:1b:3f:31:0e:
                    34:4e:88:f9:90:6b:82:2a:69:a0:22:a2:81:8f:ef:
                    dd:83:41:92:e6:8d:d3:df:88:ea:7d:dd:21:20:59:
                    1d:c5:5f:0f:1b:3a:64:26:9b:52:5a:27:45:ba:0b:
                    c2:6e:5a:4c:b9:7c:ea:48:a0:b9:fa:48:44:2c:24:
                    ce:19:0b:39:45:f1:b9:a2:d7:a8:3a:fc:33:30:e1:
                    05:0a:0c:58:f0:a0:24:e7:1d:6e:c5:47:fa:92:de:
                    4f:8e:e5:bb:ed:81:89:fe:87:47:30:7c:48:51:77:
                    dc:0f:d8:f5:23:b9:9f:9a:74:53:45:5a:91:01:c3:
                    db:93:38:5e:52:31:1f:72:34:47:36:88:ec:ae:b0:
                    e8:c0:d3:6c:2b:6a:f7:59:59:36:7b:6d:e8:9e:93:
                    1c:c5:ce:29:0e:67:ac:f2:fe:4e:27:0b:c5:ec:b1:
                    6b:3d:1b:17:f3:5b:f0:33:75:34:88:a0:3a:c0:40:
                    f4:25:8c:55:f9:9c:8a:f0:38:9e:72:5d:71:35:f1:
                    02:c0:89:d1:21:65:27:35:25:76:2b:2a:cc:11:93:
                    29:46:ad:a6:15:03:be:6d:df:c4:96:47:9d:b5:7d:
                    e5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:76:70:59:49:C7:9A:0F:9A:87:FC:A7:38:1C:CA:46:13:8A:00:61
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7331dc92-0c6b-4184-8a6d-8d27a7257b88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.172.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         82:db:95:90:55:aa:ca:b7:40:60:62:a3:49:fd:8d:36:73:6c:
         26:96:fb:ed:30:2e:1d:2d:f7:4c:2e:fc:26:85:a9:7d:52:64:
         2e:8f:7d:ca:bd:65:ed:1e:a9:60:b3:cd:8c:63:2c:05:5d:77:
         7b:1e:6d:5d:de:33:8f:b5:5b:9b:60:f1:f7:88:36:2f:04:d5:
         2e:34:7b:a6:12:90:c2:8a:12:46:bb:bd:23:4d:c0:fd:22:59:
         93:29:f9:8d:11:c1:8b:bb:bd:26:58:b4:05:7f:fa:4b:8c:2e:
         e6:07:81:02:7c:21:f7:4a:60:2c:55:e0:68:eb:40:e5:f2:40:
         a4:90:f7:cb:cf:d6:f7:fb:85:6e:73:9d:a1:cf:cc:5a:04:78:
         a8:ac:fb:72:56:79:c0:36:1d:ba:c2:1a:1c:6e:32:3a:18:36:
         86:b3:09:44:11:56:d4:85:6f:d9:fd:63:3a:01:44:57:9a:8c:
         a2:46:94:09:f1:3a:b5:28:0c:e8:69:1e:36:0d:f5:b5:f6:19:
         df:9b:e3:22:20:83:7a:75:7d:b5:7a:e0:3a:4b:3b:73:a5:34:
         9a:8b:7e:24:19:77:6b:1e:a7:a6:2d:18:c0:15:73:28:84:b8:
         5d:0a:33:c5:8d:b9:8a:23:c7:1c:fa:de:42:47:7c:56:c7:f2:
         3a:6f:4c:4f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWBPEuSnCd5fB0hIp7s6DiKEOzMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjE2MzA0OWRlZDQzZmIxMGNiYzFhNTNmMDdlNzdmYjA5
MDAwMDYzYTAzZWM4MDFmNDA1NzUzMzIyYzYwOTgzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1fsMEHmwAj6qCT4sx198wUutV7j8BRdzeGz8xDjROiPmQ
a4IqaaAiooGP792DQZLmjdPfiOp93SEgWR3FXw8bOmQmm1JaJ0W6C8JuWky5fOpI
oLn6SEQsJM4ZCzlF8bmi16g6/DMw4QUKDFjwoCTnHW7FR/qS3k+O5bvtgYn+h0cw
fEhRd9wP2PUjuZ+adFNFWpEBw9uTOF5SMR9yNEc2iOyusOjA02wravdZWTZ7beie
kxzFzikOZ6zy/k4nC8XssWs9GxfzW/AzdTSIoDrAQPQljFX5nIrwOJ5yXXE18QLA
idEhZSc1JXYrKswRkylGraYVA75t38SWR521feV3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmXZwWUnHmg+ah/ynOBzKRhOKAGEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzczMzFkYzkyLTBjNmItNDE4NC04YTZkLThkMjdhNzI1N2I4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESrDANBgkqhkiG9w0BAQsFAAOCAQEAgtuVkFWqyrdAYGKjSf2NNnNsJpb7
7TAuHS33TC78JoWpfVJkLo99yr1l7R6pYLPNjGMsBV13ex5tXd4zj7Vbm2Dx94g2
LwTVLjR7phKQwooSRru9I03A/SJZkyn5jRHBi7u9Jli0BX/6S4wu5geBAnwh90pg
LFXgaOtA5fJApJD3y8/W9/uFbnOdoc/MWgR4qKz7clZ5wDYdusIaHG4yOhg2hrMJ
RBFW1IVv2f1jOgFEV5qMokaUCfE6tSgM6GkeNg31tfYZ35vjIiCDenV9tXrgOks7
c6U0mot+JBl3ax6npi0YwBVzKIS4XQozxY25iiPHHPreQkd8VsfyOm9MTw==
-----END CERTIFICATE-----