Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/0/3137322e39392e34302e302f32312d3231203d3e2035363530.roa
File:                     3137322e39392e34302e302f32312d3231203d3e2035363530.roa (raw, json)
Hash identifier:          u6euhw/0OuQ2z5nCo//7rLtEJsgM2K9y1DemVfqnpqE=
Subject key identifier:   FA:18:58:7F:F2:D0:1C:02:79:D5:93:51:F6:97:56:0C:11:51:85:16
Certificate issuer:       /CN=9cb00234359fcb78eee51e200b0e1e0a17b72696203dc83a90
Certificate serial:       437A4D8459D83811702772FC767F0A6C2DA9BEBB
Authority key identifier: 82:A9:16:3A:2E:99:48:4B:AC:A0:78:20:EC:4F:79:C6:86:66:49:8B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/86e0b138-bef4-49fe-9dd1-fa51383dbfce/9cb00234359fcb78eee51e200b0e1e0a17b72696203dc83a90.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/0/3137322e39392e34302e302f32312d3231203d3e2035363530.roa
Signing time:             Tue 04 Feb 2025 06:08:46 +0000
ROA not before:           Tue 04 Feb 2025 06:03:46 +0000
ROA not after:            Tue 03 Feb 2026 06:08:46 +0000
asID:                     5650
IP address blocks:        172.99.40.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:7a:4d:84:59:d8:38:11:70:27:72:fc:76:7f:0a:6c:2d:a9:be:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb00234359fcb78eee51e200b0e1e0a17b72696203dc83a90
        Validity
            Not Before: Feb  4 06:03:46 2025 GMT
            Not After : Feb  3 06:08:46 2026 GMT
        Subject: CN=FA18587FF2D01C0279D59351F697560C11518516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:37:40:b9:d1:ba:57:63:a4:48:e4:8e:bb:ec:
                    9a:74:9c:9e:2f:6b:5e:46:51:18:df:7d:c7:04:ae:
                    eb:c6:1b:8b:e3:3b:9c:f0:56:52:3e:e9:70:5e:74:
                    b8:73:65:81:3b:b6:7c:7e:03:d8:7d:8a:50:a3:a8:
                    8f:5a:29:15:f6:71:74:98:83:70:3f:22:95:5f:21:
                    55:71:ad:6f:42:a8:a2:90:f7:9f:46:94:9e:52:5a:
                    74:80:62:41:ee:0d:7e:94:d5:84:c3:e4:11:af:6e:
                    8d:53:44:66:66:12:68:fa:b3:d9:00:44:14:59:b8:
                    eb:1c:3a:5c:6c:96:a4:5a:a3:3d:ca:94:29:f7:8b:
                    e8:9f:de:b7:c7:fa:40:0e:70:ab:0f:b8:40:eb:e5:
                    8f:2d:80:b1:21:00:27:ae:0c:3e:2e:ed:9b:54:27:
                    a0:9d:fb:e0:83:38:1b:45:d2:b3:cb:72:4a:57:d2:
                    61:10:c9:bd:4b:e8:6a:2e:a7:6a:c2:79:d6:a6:ea:
                    8b:76:f9:5f:29:06:3b:2c:f2:38:b3:86:1d:e9:c2:
                    8e:42:30:e9:19:2e:94:f2:1f:33:27:b9:8d:7d:e1:
                    00:87:c2:6a:e5:64:32:7e:b4:17:44:1a:52:46:d0:
                    e5:46:b1:45:8e:34:92:00:4d:66:d5:7d:90:e5:cd:
                    5c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:18:58:7F:F2:D0:1C:02:79:D5:93:51:F6:97:56:0C:11:51:85:16
            X509v3 Authority Key Identifier:
                keyid:82:A9:16:3A:2E:99:48:4B:AC:A0:78:20:EC:4F:79:C6:86:66:49:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/0/82A9163A2E99484BACA07820EC4F79C68666498B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/86e0b138-bef4-49fe-9dd1-fa51383dbfce/9cb00234359fcb78eee51e200b0e1e0a17b72696203dc83a90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/0/3137322e39392e34302e302f32312d3231203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.99.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0a:52:8a:7a:03:da:2d:19:01:bf:a5:80:60:e0:72:27:fc:ed:
         5f:3f:33:8f:db:3d:e2:93:79:a6:4e:10:6d:cd:a2:4c:68:89:
         85:48:65:2b:61:cc:17:fb:c8:37:c1:91:28:d6:9b:5d:72:29:
         35:c8:85:84:6e:fd:4b:45:b0:d8:99:41:53:1e:60:1b:8f:30:
         c4:3f:9f:70:16:ed:cd:45:b9:3b:1c:ec:8f:26:4d:10:79:2f:
         04:b4:97:09:58:c3:bb:e3:64:96:0c:81:9a:68:4c:65:f1:fb:
         89:11:9f:7c:5f:35:45:e0:ec:82:46:62:3e:22:9b:77:83:d1:
         88:75:cd:c0:fa:c4:33:15:39:68:06:23:6c:f6:8e:10:e0:20:
         70:17:ff:7d:d5:6e:f9:02:7a:7b:88:5f:7b:ad:b5:f3:7c:08:
         62:9f:96:a7:15:24:58:a5:27:b5:8b:e6:8e:b7:25:d3:f3:16:
         49:3e:95:fd:82:87:06:f1:c2:b6:bc:30:45:d4:dc:85:ab:61:
         c0:2a:04:1d:c8:fb:cc:b1:2b:8a:a2:68:03:28:5e:07:c9:6d:
         32:63:bc:31:ff:a3:7d:4f:30:37:ce:63:9b:31:49:6c:17:1b:
         51:e5:b5:c9:e5:97:cd:3d:40:d8:eb:06:70:ff:80:21:e2:71:
         8c:47:04:c8
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgIUQ3pNhFnYOBFwJ3L8dn8KbC2pvrswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWNiMDAyMzQzNTlmY2I3OGVlZTUxZTIwMGIwZTFlMGEx
N2I3MjY5NjIwM2RjODNhOTAwHhcNMjUwMjA0MDYwMzQ2WhcNMjYwMjAzMDYwODQ2
WjAzMTEwLwYDVQQDEyhGQTE4NTg3RkYyRDAxQzAyNzlENTkzNTFGNjk3NTYwQzEx
NTE4NTE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DdAudG6V2Ok
SOSOu+yadJyeL2teRlEY333HBK7rxhuL4zuc8FZSPulwXnS4c2WBO7Z8fgPYfYpQ
o6iPWikV9nF0mINwPyKVXyFVca1vQqiikPefRpSeUlp0gGJB7g1+lNWEw+QRr26N
U0RmZhJo+rPZAEQUWbjrHDpcbJakWqM9ypQp94von963x/pADnCrD7hA6+WPLYCx
IQAnrgw+Lu2bVCegnfvggzgbRdKzy3JKV9JhEMm9S+hqLqdqwnnWpuqLdvlfKQY7
LPI4s4Yd6cKOQjDpGS6U8h8zJ7mNfeEAh8Jq5WQyfrQXRBpSRtDlRrFFjjSSAE1m
1X2Q5c1cLQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFPoYWH/y0BwCedWTUfaXVgwR
UYUWMB8GA1UdIwQYMBaAFIKpFjoumUhLrKB4IOxPecaGZkmLMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRlODcyODk1NzgwMTg3MzJhOTBhMmYwOTdmLzAv
ODJBOTE2M0EyRTk5NDg0QkFDQTA3ODIwRUM0Rjc5QzY4NjY2NDk4Qi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvYTczNDIwY2ItYjNjYy00YjAzLWJkYTctMWJlMjA0
OTMzYWU1Lzg2ZTBiMTM4LWJlZjQtNDlmZS05ZGQxLWZhNTEzODNkYmZjZS85Y2Iw
MDIzNDM1OWZjYjc4ZWVlNTFlMjAwYjBlMWUwYTE3YjcyNjk2MjAzZGM4M2E5MC5j
ZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODcyODk1NzgwMTg3MzJh
OTBhMmYwOTdmLzAvMzEzNzMyMmUzOTM5MmUzNDMwMmUzMDJmMzIzMTJkMzIzMTIw
M2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYI
KwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOsYygwDQYJKoZIhvcNAQELBQADggEB
AApSinoD2i0ZAb+lgGDgcif87V8/M4/bPeKTeaZOEG3NokxoiYVIZSthzBf7yDfB
kSjWm11yKTXIhYRu/UtFsNiZQVMeYBuPMMQ/n3AW7c1FuTsc7I8mTRB5LwS0lwlY
w7vjZJYMgZpoTGXx+4kRn3xfNUXg7IJGYj4im3eD0Yh1zcD6xDMVOWgGI2z2jhDg
IHAX/33VbvkCenuIX3uttfN8CGKflqcVJFilJ7WL5o63JdPzFkk+lf2Chwbxwra8
MEXU3IWrYcAqBB3I+8yxK4qiaAMoXgfJbTJjvDH/o31PMDfOY5sxSWwXG1Hltcnl
l809QNjrBnD/gCHicYxHBMg=
-----END CERTIFICATE-----