Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade8587fa200185c5cb9bcb2bac/0/AS398465.roa
File:                     AS398465.roa (raw, json)
Hash identifier:          89VFVimQfcYS0CA3EF+PuuYebbgdFqJuNiPooLyP2bo=
Subject key identifier:   D2:D9:85:58:C9:34:F3:9E:D8:E2:E6:B8:23:FB:5C:C6:FE:BF:DA:32
Certificate issuer:       /CN=72cc1fd28d4a04c8473c3ac0b19940270cbbf123f3c0b1f7f9
Certificate serial:       08858840B5AE88D70984A4EE00DF9C019413C2BA
Authority key identifier: AB:5C:AF:A9:57:06:33:73:38:93:D9:1E:E4:B0:5A:1F:0E:CC:D0:6B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/3f5e2e5b-c731-4db8-9b87-af9f8e58a1c6/72cc1fd28d4a04c8473c3ac0b19940270cbbf123f3c0b1f7f9.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade8587fa200185c5cb9bcb2bac/0/AS398465.roa
Signing time:             Sun 05 Jan 2025 00:00:08 +0000
ROA not before:           Sat 04 Jan 2025 23:55:08 +0000
ROA not after:            Sun 04 Jan 2026 00:00:08 +0000
asID:                     398465
IP address blocks:        104.234.38.0/24 maxlen: 24
                          104.234.39.0/24 maxlen: 24
                          104.234.73.0/24 maxlen: 24
                          104.234.208.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:85:88:40:b5:ae:88:d7:09:84:a4:ee:00:df:9c:01:94:13:c2:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72cc1fd28d4a04c8473c3ac0b19940270cbbf123f3c0b1f7f9
        Validity
            Not Before: Jan  4 23:55:08 2025 GMT
            Not After : Jan  4 00:00:08 2026 GMT
        Subject: CN=D2D98558C934F39ED8E2E6B823FB5CC6FEBFDA32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:05:3f:0b:9b:38:4d:80:0e:dc:4e:8f:7f:4b:
                    50:b9:90:9c:d5:86:b3:47:29:82:51:3c:92:62:3a:
                    bf:d3:79:8a:02:13:f5:b0:51:4c:52:6a:e2:86:91:
                    c1:38:c6:e0:0b:bd:67:04:f8:df:c3:65:e4:bf:27:
                    e0:5e:21:a6:db:d3:bf:ab:67:1f:ff:3b:03:49:c8:
                    75:f8:4a:f8:22:2e:d2:49:fa:40:9c:1e:2c:f3:fd:
                    24:8a:5a:9c:81:2e:e1:36:f3:72:e3:98:6f:5d:fb:
                    2b:d8:6d:6e:b9:ff:4a:55:cb:20:e4:70:66:34:39:
                    ce:6e:a2:b3:f2:44:42:45:ea:aa:ef:98:32:b1:db:
                    5b:0a:b7:13:ba:df:83:c7:7b:4a:92:6d:eb:33:1c:
                    27:22:1e:9c:be:04:14:48:8a:80:ff:c5:f3:19:82:
                    78:0e:c0:a3:b2:17:5c:57:dd:29:bd:c2:02:2f:19:
                    74:f6:f5:b1:04:05:dc:c6:1b:82:64:82:62:84:3c:
                    c9:62:bb:14:7a:16:c4:9c:a6:b1:60:67:10:5a:fa:
                    8b:e9:11:6b:d1:00:33:40:a3:d6:e8:3a:29:77:f6:
                    d8:da:77:2c:76:52:bb:65:08:17:05:eb:3e:4c:cc:
                    0d:f7:5e:06:a8:9a:d0:51:10:15:8a:d0:67:44:d4:
                    1b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D9:85:58:C9:34:F3:9E:D8:E2:E6:B8:23:FB:5C:C6:FE:BF:DA:32
            X509v3 Authority Key Identifier:
                keyid:AB:5C:AF:A9:57:06:33:73:38:93:D9:1E:E4:B0:5A:1F:0E:CC:D0:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade8587fa200185c5cb9bcb2bac/0/AB5CAFA9570633733893D91EE4B05A1F0ECCD06B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/3f5e2e5b-c731-4db8-9b87-af9f8e58a1c6/72cc1fd28d4a04c8473c3ac0b19940270cbbf123f3c0b1f7f9.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade8587fa200185c5cb9bcb2bac/0/AS398465.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.234.38.0/23
                  104.234.73.0/24
                  104.234.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:35:07:ed:0f:d2:cc:aa:b4:27:63:61:9a:1e:1a:0f:2c:c3:
         64:70:fd:d3:55:96:ee:b2:dd:24:7c:06:ce:00:6e:a5:03:4f:
         eb:2d:6b:c5:6c:4f:81:20:09:d0:fb:4e:b9:2b:f6:9b:cd:4f:
         75:56:bc:8b:9a:80:80:3d:96:40:ce:b4:ea:e6:68:cd:3b:2c:
         50:09:c2:c9:db:c2:fc:91:4a:1a:8a:d7:0d:43:ed:1a:81:80:
         a1:fc:84:5d:bd:f4:52:1f:a2:27:e3:ca:57:c3:da:5f:8e:66:
         e8:ed:0f:32:7e:d4:5b:14:43:f0:18:cf:06:96:fc:33:71:09:
         8b:2f:57:29:03:22:61:9c:79:c2:fb:b4:57:fb:f9:4e:25:f4:
         d3:53:7e:b5:ad:8f:a1:d7:35:36:7c:e5:49:71:ff:b7:f0:07:
         a5:9a:64:37:d6:6a:ce:cd:20:13:d9:c5:71:cb:6b:2e:bb:76:
         c8:d3:f6:ee:ac:ae:c0:dd:4d:6e:8b:1f:5d:aa:9b:91:23:26:
         74:a7:90:d9:4d:84:d0:78:82:54:39:80:30:51:d2:05:22:45:
         5f:8c:2e:07:be:c6:3f:9a:32:3d:d1:36:4a:dd:d3:54:7b:1d:
         40:25:3b:18:b5:40:cf:1d:ae:13:2a:8b:92:74:93:5e:a9:06:
         bb:a3:6a:de
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgIUCIWIQLWuiNcJhKTuAN+cAZQTwrowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNzJjYzFmZDI4ZDRhMDRjODQ3M2MzYWMwYjE5OTQwMjcw
Y2JiZjEyM2YzYzBiMWY3ZjkwHhcNMjUwMTA0MjM1NTA4WhcNMjYwMTA0MDAwMDA4
WjAzMTEwLwYDVQQDEyhEMkQ5ODU1OEM5MzRGMzlFRDhFMkU2QjgyM0ZCNUNDNkZF
QkZEQTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwU/C5s4TYAO
3E6Pf0tQuZCc1YazRymCUTySYjq/03mKAhP1sFFMUmrihpHBOMbgC71nBPjfw2Xk
vyfgXiGm29O/q2cf/zsDSch1+Er4Ii7SSfpAnB4s8/0kilqcgS7hNvNy45hvXfsr
2G1uuf9KVcsg5HBmNDnObqKz8kRCReqq75gysdtbCrcTut+Dx3tKkm3rMxwnIh6c
vgQUSIqA/8XzGYJ4DsCjshdcV90pvcICLxl09vWxBAXcxhuCZIJihDzJYrsUehbE
nKaxYGcQWvqL6RFr0QAzQKPW6Dopd/bY2ncsdlK7ZQgXBes+TMwN914GqJrQURAV
itBnRNQbXwIDAQABo4ICizCCAocwHQYDVR0OBBYEFNLZhVjJNPOe2OLmuCP7XMb+
v9oyMB8GA1UdIwQYMBaAFKtcr6lXBjNzOJPZHuSwWh8OzNBrMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRlODU4N2ZhMjAwMTg1YzVjYjliY2IyYmFjLzAv
QUI1Q0FGQTk1NzA2MzM3MzM4OTNEOTFFRTRCMDVBMUYwRUNDRDA2Qi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvNzZmZTExZDQtZDM1Mi00OTk0LThmNmMtZDZjOTFi
MGI4NDE1LzNmNWUyZTViLWM3MzEtNGRiOC05Yjg3LWFmOWY4ZTU4YTFjNi83MmNj
MWZkMjhkNGEwNGM4NDczYzNhYzBiMTk5NDAyNzBjYmJmMTIzZjNjMGIxZjdmOS5j
ZXIwcAYIKwYBBQUHAQsEZDBiMGAGCCsGAQUFBzALhlRyc3luYzovL3Jwa2ktcnBz
LmFyaW4ubmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4NTg3ZmEyMDAxODVjNWNiOWJj
YjJiYWMvMC9BUzM5ODQ2NS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAWjqJgMEAGjqSQMEAGjq0DANBgkq
hkiG9w0BAQsFAAOCAQEAPTUH7Q/SzKq0J2Nhmh4aDyzDZHD901WW7rLdJHwGzgBu
pQNP6y1rxWxPgSAJ0PtOuSv2m81PdVa8i5qAgD2WQM606uZozTssUAnCydvC/JFK
GorXDUPtGoGAofyEXb30Uh+iJ+PKV8PaX45m6O0PMn7UWxRD8BjPBpb8M3EJiy9X
KQMiYZx5wvu0V/v5TiX001N+ta2Podc1NnzlSXH/t/AHpZpkN9Zqzs0gE9nFcctr
Lrt2yNP27qyuwN1NbosfXaqbkSMmdKeQ2U2E0HiCVDmAMFHSBSJFX4wuB77GP5oy
PdE2St3TVHsdQCU7GLVAzx2uEyqLknSTXqkGu6Nq3g==
-----END CERTIFICATE-----