Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1adf4d9d-eda9-4fe8-8f93-4b6c05e8aba4.roa
File:                     1adf4d9d-eda9-4fe8-8f93-4b6c05e8aba4.roa (raw, json)
Hash identifier:          MZZ1Y2payAX0EGUwXZKNmm53UEye1fVQxKgFdkS3BgM=
Subject key identifier:   72:8D:9C:BF:06:CC:7C:B7:58:67:D3:94:51:C1:B4:83:D9:7D:5B:D0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29854D0774BE2E621FB7360601D3EC880B61643F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1adf4d9d-eda9-4fe8-8f93-4b6c05e8aba4.roa
Signing time:             Fri 07 Mar 2025 00:00:39 +0000
ROA not before:           Fri 07 Mar 2025 00:00:39 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     26982
IP address blocks:        192.31.212.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:85:4d:07:74:be:2e:62:1f:b7:36:06:01:d3:ec:88:0b:61:64:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  7 00:00:39 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:be:8c:ff:44:31:3c:8e:26:66:23:ca:2d:cd:
                    29:9f:4b:70:25:ae:f7:1b:3d:79:89:8c:d7:33:dd:
                    82:b5:1e:34:36:7d:c0:9e:cd:b6:ec:ff:6f:e6:8a:
                    a6:13:a8:78:67:a1:eb:12:61:3d:24:69:fa:2e:92:
                    ee:0f:fc:37:ba:27:77:25:5a:ec:ed:d0:ad:18:2d:
                    c4:92:4f:7e:34:36:51:87:df:97:d0:4e:01:90:ca:
                    12:f2:3c:10:b3:99:16:bd:27:55:e5:ca:e0:20:b9:
                    33:9c:96:70:15:c4:18:f2:9a:0b:26:38:5c:8e:20:
                    29:cb:15:5f:64:c3:d4:86:da:d8:59:7e:9d:94:6b:
                    dd:ca:4e:ab:78:7f:fd:b7:a1:39:42:83:b3:78:1b:
                    95:09:49:ef:f3:19:00:0a:58:71:1d:a4:1f:bb:56:
                    4a:23:04:0f:bd:a8:d0:36:66:e5:58:e6:3b:45:c1:
                    17:5a:22:12:b5:77:cc:9a:b2:6c:b8:e2:f1:4a:ec:
                    ce:cb:84:51:4a:60:c8:e9:b8:54:af:c0:77:0a:bb:
                    a0:54:00:5c:55:9c:76:dd:a0:d2:d0:8d:fb:2a:11:
                    2d:b0:5d:0a:97:09:10:bf:a1:00:b9:7d:3a:56:c8:
                    53:42:3f:0c:12:ca:ab:5d:df:52:d6:f8:76:f7:11:
                    d2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:8D:9C:BF:06:CC:7C:B7:58:67:D3:94:51:C1:B4:83:D9:7D:5B:D0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1adf4d9d-eda9-4fe8-8f93-4b6c05e8aba4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.31.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:24:15:0a:97:0b:b9:43:d3:65:44:00:b1:a1:20:f0:80:f9:
         ed:b0:7a:2d:1c:95:ba:69:19:34:cb:7e:67:8e:b3:31:74:e6:
         0f:23:2a:db:8a:55:63:3a:c9:1e:bd:f5:a5:24:64:1f:c1:fe:
         d2:79:12:c4:30:51:b3:d9:38:e0:81:6e:d6:4c:55:3b:e3:10:
         8f:39:5c:b4:4c:ec:40:b9:6d:e9:a4:ca:53:8c:82:ad:ea:84:
         a8:d2:50:79:b9:61:82:2c:f2:97:f7:cd:94:c9:a2:76:85:dd:
         9a:85:54:b7:fd:82:ac:d1:3b:e1:87:62:50:b0:6b:72:4b:15:
         88:a4:6f:d7:79:88:dc:ee:a5:85:30:69:1d:b3:a7:99:7d:b7:
         12:43:0a:ec:77:ce:7f:cb:f9:1f:26:f7:76:d6:b0:a2:31:2f:
         19:a9:90:eb:0d:f4:8b:8a:4c:70:1c:ba:a3:86:86:38:1e:23:
         98:6d:43:e3:9a:0f:fe:3a:cf:e3:4a:96:ec:07:5f:5e:25:4e:
         9c:f6:1b:56:48:45:db:53:ec:48:86:70:ee:b8:57:d5:74:4e:
         cd:50:f1:3d:f4:cf:cf:a9:28:ac:ab:ea:87:13:60:07:00:40:
         5f:68:33:73:55:7f:9e:ab:51:48:0b:1b:45:e5:08:6b:6b:1b:
         3f:f6:64:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKYVNB3S+LmIftzYGAdPsiAthZD8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA3MDAwMDM5WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTM4M2NkMDEyNjQwYjcwNDE0NDZmZmI0ZTI2NDZiODg5
NmZiMWU1ZDc1ZTA2NmU0ZGQzYzQ3NDU1MmFjOGI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvvoz/RDE8jiZmI8otzSmfS3AlrvcbPXmJjNcz3YK1HjQ2
fcCezbbs/2/miqYTqHhnoesSYT0kafouku4P/De6J3clWuzt0K0YLcSST340NlGH
35fQTgGQyhLyPBCzmRa9J1XlyuAguTOclnAVxBjymgsmOFyOICnLFV9kw9SG2thZ
fp2Ua93KTqt4f/23oTlCg7N4G5UJSe/zGQAKWHEdpB+7VkojBA+9qNA2ZuVY5jtF
wRdaIhK1d8yasmy44vFK7M7LhFFKYMjpuFSvwHcKu6BUAFxVnHbdoNLQjfsqES2w
XQqXCRC/oQC5fTpWyFNCPwwSyqtd31LW+Hb3EdKZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUco2cvwbMfLdYZ9OUUcG0g9l9W9AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFhZGY0ZDlkLWVkYTktNGZlOC04ZjkzLTRiNmMwNWU4YWJhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAH9QwDQYJKoZIhvcNAQELBQADggEBACQkFQqXC7lD02VEALGhIPCA+e2w
ei0clbppGTTLfmeOszF05g8jKtuKVWM6yR699aUkZB/B/tJ5EsQwUbPZOOCBbtZM
VTvjEI85XLRM7EC5bemkylOMgq3qhKjSUHm5YYIs8pf3zZTJonaF3ZqFVLf9gqzR
O+GHYlCwa3JLFYikb9d5iNzupYUwaR2zp5l9txJDCux3zn/L+R8m93bWsKIxLxmp
kOsN9IuKTHAcuqOGhjgeI5htQ+OaD/46z+NKluwHX14lTpz2G1ZIRdtT7EiGcO64
V9V0Ts1Q8T30z8+pKKyr6ocTYAcAQF9oM3NVf56rUUgLG0XlCGtrGz/2ZPU=
-----END CERTIFICATE-----