Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c1955e4e-0d01-45dd-b075-df6e109abb9a.roa
File:                     c1955e4e-0d01-45dd-b075-df6e109abb9a.roa (raw, json)
Hash identifier:          aNnsBVm0jm+aMGjYF5YeBdKMAUcOKjDknNY3unE+KtU=
Subject key identifier:   D6:C9:7B:31:0F:2E:D2:27:26:CB:74:78:F6:AB:A4:4D:CD:D5:E9:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       146B8247ED2A346A369610ECA9B561916DD3AE5D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c1955e4e-0d01-45dd-b075-df6e109abb9a.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.131.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:6b:82:47:ed:2a:34:6a:36:96:10:ec:a9:b5:61:91:6d:d3:ae:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:26:3b:77:c2:14:54:2e:ca:ca:1d:89:85:57:
                    d2:88:c8:ef:3b:2b:03:ef:26:da:0d:44:80:48:0e:
                    65:99:e2:16:e4:c8:a8:c9:8d:27:3d:d7:e1:3d:5a:
                    46:67:24:28:69:97:30:dc:dc:88:c9:59:eb:ad:a9:
                    62:24:be:66:ac:7f:51:87:a3:8c:25:36:04:d1:ed:
                    8d:1f:5d:09:cd:40:f1:b5:7c:c2:45:2b:03:40:f3:
                    ad:84:93:86:c9:c2:1f:08:3a:18:76:01:c7:25:6c:
                    56:ba:27:82:a6:2c:c7:21:87:9b:91:80:a3:e0:1f:
                    65:56:1e:e0:be:19:00:6f:26:46:6b:87:80:a2:49:
                    8c:4d:7d:a3:1c:10:ac:fb:3c:9c:7c:82:10:8d:d5:
                    63:db:90:d1:dc:36:87:4d:3a:c0:a5:97:76:00:ac:
                    70:d8:68:a0:e1:f3:8f:b0:71:2e:5d:78:87:38:bf:
                    f0:72:34:bd:19:3a:04:c6:4f:3b:41:bf:c6:da:f7:
                    37:20:32:36:10:d6:ad:f6:26:23:b8:6a:e3:08:b5:
                    ae:17:62:b8:12:af:a7:96:91:b1:a1:10:7b:f8:05:
                    59:08:5c:d8:f1:f8:84:03:29:92:ab:4f:9e:e9:24:
                    d5:57:49:c8:cf:4d:38:78:61:0a:85:88:41:48:71:
                    4d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C9:7B:31:0F:2E:D2:27:26:CB:74:78:F6:AB:A4:4D:CD:D5:E9:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c1955e4e-0d01-45dd-b075-df6e109abb9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:9d:ef:f0:b8:a6:ac:3f:d2:0a:a1:c0:79:50:50:c4:aa:fb:
         28:85:d2:a1:64:a8:0f:36:fe:7c:1c:b6:5b:74:f6:3a:dc:9c:
         9d:90:07:8b:8c:4e:11:5a:f9:5e:38:fb:a7:66:9f:db:7f:0d:
         b3:23:6d:ef:19:f4:e4:c9:04:a8:fe:d2:c7:48:a0:a6:46:ab:
         01:01:0f:e7:61:5c:b7:e0:3e:56:bf:ac:0e:65:02:95:09:28:
         b9:37:aa:fc:fb:76:0a:64:f3:5d:c2:9f:9c:a9:7a:4f:15:a6:
         7f:12:03:a1:1f:63:b3:74:e7:ea:d4:59:83:25:ef:04:87:c5:
         3c:61:c2:ad:ed:35:bd:b1:8e:c0:ef:81:8a:52:5e:4d:bd:28:
         45:e0:60:f3:65:3a:c2:ac:f2:6c:e0:8a:75:0d:60:1e:b6:16:
         a6:cc:f5:b5:40:42:df:c1:e5:b0:0e:cc:a9:fa:45:e9:86:4f:
         c7:99:9c:ca:7a:5f:46:3f:a4:fa:4d:21:f1:33:a5:3b:12:2c:
         3f:04:84:50:cb:b3:4b:64:43:d7:9c:eb:ed:87:79:68:36:bf:
         07:49:52:d9:19:05:b0:f5:72:79:3a:7c:a9:ca:33:ee:cf:53:
         56:b6:61:f8:9f:36:a5:0c:d9:05:10:53:15:49:62:5f:a9:34:
         67:b6:88:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFGuCR+0qNGo2lhDsqbVhkW3Trl0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4N2RmOTYzM2MzNzNmOTllZGM4NjA3MjYwODViMTEyNmYy
Y2M4NjAyODFlNGRiYTI5NGM5ZmI4NjU3MTg5OWI2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDJjt3whRULsrKHYmFV9KIyO87KwPvJtoNRIBIDmWZ4hbk
yKjJjSc91+E9WkZnJChplzDc3IjJWeutqWIkvmasf1GHo4wlNgTR7Y0fXQnNQPG1
fMJFKwNA862Ek4bJwh8IOhh2AcclbFa6J4KmLMchh5uRgKPgH2VWHuC+GQBvJkZr
h4CiSYxNfaMcEKz7PJx8ghCN1WPbkNHcNodNOsCll3YArHDYaKDh84+wcS5deIc4
v/ByNL0ZOgTGTztBv8ba9zcgMjYQ1q32JiO4auMIta4XYrgSr6eWkbGhEHv4BVkI
XNjx+IQDKZKrT57pJNVXScjPTTh4YQqFiEFIcU3dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1sl7MQ8u0icmy3R49qukTc3V6Y8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MxOTU1ZTRlLTBkMDEtNDVkZC1iMDc1LWRmNmUxMDlhYmI5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5oMwDQYJKoZIhvcNAQELBQADggEBAKCd7/C4pqw/0gqhwHlQUMSq+yiF
0qFkqA82/nwctlt09jrcnJ2QB4uMThFa+V44+6dmn9t/DbMjbe8Z9OTJBKj+0sdI
oKZGqwEBD+dhXLfgPla/rA5lApUJKLk3qvz7dgpk813Cn5ypek8Vpn8SA6EfY7N0
5+rUWYMl7wSHxTxhwq3tNb2xjsDvgYpSXk29KEXgYPNlOsKs8mzginUNYB62FqbM
9bVAQt/B5bAOzKn6RemGT8eZnMp6X0Y/pPpNIfEzpTsSLD8EhFDLs0tkQ9ec6+2H
eWg2vwdJUtkZBbD1cnk6fKnKM+7PU1a2YfifNqUM2QUQUxVJYl+pNGe2iO8=
-----END CERTIFICATE-----