Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f9e506-a927-4f83-8642-f09e6dcb30e1.roa
File:                     74f9e506-a927-4f83-8642-f09e6dcb30e1.roa (raw, json)
Hash identifier:          jQN6Q4R3rxKsHyvquj8L0u/cYGqvWl3RqmLQy+mmav8=
Subject key identifier:   0D:2C:AA:37:53:0B:1A:C2:13:7C:78:70:1C:A8:B9:40:64:D6:A3:47
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       523678664EBE18CCBD094B397819C6361FAAF607
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f9e506-a927-4f83-8642-f09e6dcb30e1.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        15.153.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:36:78:66:4e:be:18:cc:bd:09:4b:39:78:19:c6:36:1f:aa:f6:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:56:8b:83:3d:97:33:2a:3a:7d:2d:3d:10:11:
                    82:46:0b:7e:30:42:6a:10:9c:ee:d6:06:be:27:75:
                    0c:fd:05:dd:dd:41:6d:24:ac:af:8e:47:e7:e7:52:
                    5e:34:77:fe:05:49:f7:41:15:0d:15:93:ac:d2:42:
                    ff:99:69:e9:89:75:6e:bb:87:f0:b0:da:7b:b5:e6:
                    9d:65:9a:62:46:eb:d8:bf:9a:2f:b4:d5:5f:ef:15:
                    81:2e:fb:72:5b:93:d9:f5:b5:6e:1c:2b:29:ab:3a:
                    8d:2e:d1:6e:50:0a:9c:e9:a3:bc:de:1c:7d:8b:fe:
                    7e:30:45:c2:22:66:ba:ed:28:6d:36:bb:59:3e:c1:
                    a6:42:70:5a:7c:9a:a7:7b:91:8a:16:6b:dc:76:da:
                    05:e1:72:98:c2:b3:fb:93:6d:ab:e9:49:2d:0f:b8:
                    69:1b:6e:9d:6e:48:0c:05:de:fe:cd:36:5c:a5:7f:
                    9f:55:3a:68:01:da:e2:22:2b:24:79:48:21:fa:c4:
                    75:7a:df:1d:a4:ef:29:44:e4:0f:df:4b:1b:26:59:
                    b8:19:00:23:38:1c:15:87:8c:97:e3:bc:1b:ca:63:
                    a1:eb:29:d5:37:e6:fd:a4:26:5d:61:bb:69:cb:23:
                    11:78:c8:e1:81:1f:59:e6:5a:00:ea:df:46:fb:ce:
                    ff:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:2C:AA:37:53:0B:1A:C2:13:7C:78:70:1C:A8:B9:40:64:D6:A3:47
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f9e506-a927-4f83-8642-f09e6dcb30e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         80:37:77:f2:42:e0:52:8b:af:a4:0c:78:50:b6:a3:0b:3f:e6:
         e2:51:bb:e4:6a:3a:d9:42:64:bd:78:24:d7:05:7b:66:98:a7:
         12:07:fb:e4:52:f4:5f:de:69:e8:d6:09:2a:42:79:0d:e0:a0:
         07:54:97:ab:3c:00:70:59:23:47:b6:5a:16:7a:40:76:12:af:
         df:a4:48:a1:ff:ab:ea:2d:bf:03:54:11:af:e4:35:98:40:1c:
         26:04:7d:6b:57:7f:46:c8:0b:80:a6:2c:87:19:ee:36:c3:71:
         57:a8:55:31:65:9a:50:bf:08:a6:5e:3f:a9:8a:93:37:90:a9:
         36:aa:b2:2c:76:34:9f:b1:05:dd:da:23:78:b7:e7:a9:6e:39:
         21:81:f2:6a:f4:70:cb:a4:38:0d:aa:9a:76:d6:cc:bf:9b:8e:
         44:c1:cf:73:a7:76:d5:94:c5:04:df:d5:91:6e:0d:87:60:b7:
         01:af:d9:dc:64:d8:f2:cc:a8:a7:6c:ae:a9:8e:22:1f:6f:91:
         3e:f1:96:25:ad:be:bc:12:d9:3b:63:50:1f:ef:fe:af:1e:a1:
         47:5c:c1:ee:b1:bc:4a:f7:fb:6c:06:38:34:71:fe:e2:2b:b4:
         5f:f3:1a:82:a1:13:7d:45:80:7d:a3:3f:d7:57:ee:ae:a2:dd:
         de:dd:1b:07
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUjZ4Zk6+GMy9CUs5eBnGNh+q9gcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTFiZjViMWUwMTNmYTk1Nzk2MmQ5NjNkYjdjY2VhNGE1
NzhkOGNkYzg0MDBkNzk0NGQ2ZjYzODVjZjUwNjJmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEVouDPZczKjp9LT0QEYJGC34wQmoQnO7WBr4ndQz9Bd3d
QW0krK+OR+fnUl40d/4FSfdBFQ0Vk6zSQv+ZaemJdW67h/Cw2nu15p1lmmJG69i/
mi+01V/vFYEu+3Jbk9n1tW4cKymrOo0u0W5QCpzpo7zeHH2L/n4wRcIiZrrtKG02
u1k+waZCcFp8mqd7kYoWa9x22gXhcpjCs/uTbavpSS0PuGkbbp1uSAwF3v7NNlyl
f59VOmgB2uIiKyR5SCH6xHV63x2k7ylE5A/fSxsmWbgZACM4HBWHjJfjvBvKY6Hr
KdU35v2kJl1hu2nLIxF4yOGBH1nmWgDq30b7zv+dAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDSyqN1MLGsITfHhwHKi5QGTWo0cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0ZjllNTA2LWE5MjctNGY4My04NjQyLWYwOWU2ZGNiMzBlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPmTANBgkqhkiG9w0BAQsFAAOCAQEAgDd38kLgUouvpAx4ULajCz/m4lG7
5Go62UJkvXgk1wV7ZpinEgf75FL0X95p6NYJKkJ5DeCgB1SXqzwAcFkjR7ZaFnpA
dhKv36RIof+r6i2/A1QRr+Q1mEAcJgR9a1d/RsgLgKYshxnuNsNxV6hVMWWaUL8I
pl4/qYqTN5CpNqqyLHY0n7EF3dojeLfnqW45IYHyavRwy6Q4DaqadtbMv5uORMHP
c6d21ZTFBN/VkW4Nh2C3Aa/Z3GTY8syop2yuqY4iH2+RPvGWJa2+vBLZO2NQH+/+
rx6hR1zB7rG8Svf7bAY4NHH+4iu0X/MagqETfUWAfaM/11furqLd3t0bBw==
-----END CERTIFICATE-----