Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/3137322e39392e32322e302f32342d3234203d3e20383334.roa
File:                     3137322e39392e32322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +NSqloT2n9KgO/z11q1eB6GEWVUHYATGBM7/Um3IKJ8=
Subject key identifier:   00:AF:A1:0B:E8:25:7C:CC:C4:E0:CA:B1:BA:A5:D3:C3:17:7A:B4:51
Certificate issuer:       /CN=8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe
Certificate serial:       74DF530296045D909ACE1BF29B554B94D55530BD
Authority key identifier: 4A:65:9D:2B:D2:0D:70:6E:89:F0:E9:C8:A1:E8:22:F2:DD:AE:BE:1F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/946afd34-6971-423f-b22a-575e2c73ab27/8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/3137322e39392e32322e302f32342d3234203d3e20383334.roa
Signing time:             Thu 06 Mar 2025 00:02:33 +0000
ROA not before:           Wed 05 Mar 2025 23:57:33 +0000
ROA not after:            Thu 05 Mar 2026 00:02:33 +0000
asID:                     834
IP address blocks:        172.99.22.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:df:53:02:96:04:5d:90:9a:ce:1b:f2:9b:55:4b:94:d5:55:30:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe
        Validity
            Not Before: Mar  5 23:57:33 2025 GMT
            Not After : Mar  5 00:02:33 2026 GMT
        Subject: CN=00AFA10BE8257CCCC4E0CAB1BAA5D3C3177AB451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:cf:72:b8:88:48:f0:88:e6:11:85:53:ce:73:
                    ef:85:a2:27:bd:46:15:de:f6:29:03:a3:ae:51:7b:
                    38:a9:55:7e:10:b6:d5:86:7c:86:a8:e6:26:06:b7:
                    06:ad:2f:8e:38:88:2c:dd:83:33:4b:25:77:78:8c:
                    5b:a6:b1:46:55:dd:4f:b5:37:1b:73:18:a2:c3:bd:
                    52:81:52:96:4e:49:43:91:0a:5e:ec:42:d3:17:3e:
                    be:07:24:4d:bc:21:cb:8b:6d:5f:77:54:12:71:04:
                    f1:a0:cb:bf:bf:12:e1:c2:ec:d8:f0:27:1b:37:45:
                    1e:db:f1:72:27:8a:47:37:2a:20:c6:8c:90:61:b9:
                    78:19:e7:48:98:a6:f7:c3:6b:e4:12:87:8e:aa:4b:
                    56:02:a2:93:01:dc:14:4b:c9:a0:39:05:fc:94:ed:
                    fc:a8:13:b1:2a:f3:26:1c:65:4c:14:59:e3:c7:5e:
                    b5:f9:20:16:2e:04:e3:38:e5:63:10:3d:04:03:19:
                    cd:56:ff:8f:ca:9d:ec:a2:a3:7b:6a:cc:15:f3:d1:
                    ee:89:22:34:cc:06:17:7a:d7:83:42:bc:68:f5:4a:
                    37:c2:f6:55:b4:c3:70:73:82:40:50:30:2d:fc:a8:
                    91:7e:c8:64:31:4c:93:2c:e2:c6:5f:08:f8:0e:a9:
                    c1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:AF:A1:0B:E8:25:7C:CC:C4:E0:CA:B1:BA:A5:D3:C3:17:7A:B4:51
            X509v3 Authority Key Identifier:
                keyid:4A:65:9D:2B:D2:0D:70:6E:89:F0:E9:C8:A1:E8:22:F2:DD:AE:BE:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/4A659D2BD20D706E89F0E9C8A1E822F2DDAEBE1F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/946afd34-6971-423f-b22a-575e2c73ab27/8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/3137322e39392e32322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.99.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:5c:4a:2b:df:62:e7:5c:37:05:16:51:e2:55:c2:4c:96:6e:
         4c:f3:33:a3:83:bf:c7:2d:96:1d:b3:f8:84:75:a9:df:0d:01:
         4d:df:44:77:92:f6:ea:bd:df:49:eb:5c:9f:22:68:18:8b:46:
         db:cf:14:00:d1:3f:ee:1e:2e:99:9d:7f:34:12:1e:f9:6c:f1:
         03:9f:e1:84:b2:73:4c:12:bc:b9:f9:78:d5:d5:3e:75:70:69:
         c8:aa:f8:92:5a:19:c4:4c:32:ee:bd:e7:cd:eb:58:f1:bb:d2:
         eb:2b:a8:4e:b6:a8:50:c3:62:4b:40:17:62:96:df:9a:4f:eb:
         3b:14:14:9a:36:29:96:c8:e0:a1:d0:7b:e3:14:8e:4f:2d:4b:
         fb:e0:ba:42:3f:5d:ff:0c:44:44:52:7b:d0:af:8b:c2:b7:0a:
         08:40:51:6d:28:92:d8:7a:e4:1f:31:1a:90:61:3e:ec:72:39:
         0b:3c:ba:66:9e:a5:2c:5a:73:93:c0:c9:06:e1:69:a1:71:ce:
         8a:e3:3f:2b:62:5b:36:0f:74:c0:60:48:a4:a9:83:c7:a6:ae:
         a6:35:e6:1a:59:1c:cb:f3:c3:d9:73:e6:e3:be:2c:9a:62:63:
         b1:40:fe:01:8b:1a:b6:db:fd:b5:8f:86:01:ef:d3:29:54:8a:
         1c:08:32:f5
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIUdN9TApYEXZCazhvym1VLlNVVML0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOGFhODAwYTgxNGFmMGRlYjA2NmE5NWY3OTk2ZjgzY2Q3
MjlhNDhkMDc1YjA5NTJmYmUwHhcNMjUwMzA1MjM1NzMzWhcNMjYwMzA1MDAwMjMz
WjAzMTEwLwYDVQQDEygwMEFGQTEwQkU4MjU3Q0NDQzRFMENBQjFCQUE1RDNDMzE3
N0FCNDUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9M9yuIhI8Ijm
EYVTznPvhaInvUYV3vYpA6OuUXs4qVV+ELbVhnyGqOYmBrcGrS+OOIgs3YMzSyV3
eIxbprFGVd1PtTcbcxiiw71SgVKWTklDkQpe7ELTFz6+ByRNvCHLi21fd1QScQTx
oMu/vxLhwuzY8CcbN0Ue2/FyJ4pHNyogxoyQYbl4GedImKb3w2vkEoeOqktWAqKT
AdwUS8mgOQX8lO38qBOxKvMmHGVMFFnjx161+SAWLgTjOOVjED0EAxnNVv+Pyp3s
oqN7aswV89HuiSI0zAYXeteDQrxo9Uo3wvZVtMNwc4JAUDAt/KiRfshkMUyTLOLG
Xwj4DqnBPwIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFACvoQvoJXzMxODKsbql08MX
erRRMB8GA1UdIwQYMBaAFEplnSvSDXBuifDpyKHoIvLdrr4fMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmOGJhYTY0YTgwMThiYWUwNTg0MGQwNDNiLzAv
NEE2NTlEMkJEMjBENzA2RTg5RjBFOUM4QTFFODIyRjJEREFFQkUxRi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvODcxZGE0MGYtNzkzYS00YTQ1LWEwYTktOTc4MTQ4
MzIxYTA3Lzk0NmFmZDM0LTY5NzEtNDIzZi1iMjJhLTU3NWUyYzczYWIyNy84YWE4
MDBhODE0YWYwZGViMDY2YTk1Zjc5OTZmODNjZDcyOWE0OGQwNzViMDk1MmZiZS5j
ZXIwgZsGCCsGAQUFBwELBIGOMIGLMIGIBggrBgEFBQcwC4Z8cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmOGJhYTY0YTgwMThiYWUw
NTg0MGQwNDNiLzAvMzEzNzMyMmUzOTM5MmUzMjMyMmUzMDJmMzIzNDJkMzIzNDIw
M2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQArGMWMA0GCSqGSIb3DQEBCwUAA4IBAQCY
XEor32LnXDcFFlHiVcJMlm5M8zOjg7/HLZYds/iEdanfDQFN30R3kvbqvd9J61yf
ImgYi0bbzxQA0T/uHi6ZnX80Eh75bPEDn+GEsnNMEry5+XjV1T51cGnIqviSWhnE
TDLuvefN61jxu9LrK6hOtqhQw2JLQBdilt+aT+s7FBSaNimWyOCh0HvjFI5PLUv7
4LpCP13/DEREUnvQr4vCtwoIQFFtKJLYeuQfMRqQYT7scjkLPLpmnqUsWnOTwMkG
4Wmhcc6K4z8rYls2D3TAYEikqYPHpq6mNeYaWRzL88PZc+bjviyaYmOxQP4Bixq2
2/21j4YB79MpVIocCDL1
-----END CERTIFICATE-----