Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/053811b9-b94a-4e26-ad46-b7338b7aeeec.roa
File:                     053811b9-b94a-4e26-ad46-b7338b7aeeec.roa (raw, json)
Hash identifier:          bgGHv7LWuw9yzn6UviXCQW92XBXaQmyjWtXZT7l+h9Y=
Subject key identifier:   98:1B:42:A3:1F:F7:48:C6:EF:C5:71:BE:8A:14:F0:50:75:E0:76:74
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       0D83E9D949545A0F1632CB8B20B38C6984529DA3
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/053811b9-b94a-4e26-ad46-b7338b7aeeec.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        216.24.240.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:83:e9:d9:49:54:5a:0f:16:32:cb:8b:20:b3:8c:69:84:52:9d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1f:17:2e:82:40:4b:08:43:c0:42:be:77:41:
                    e9:cf:c0:03:1d:65:e3:b0:96:f9:08:2c:bb:0c:88:
                    48:3e:cd:e7:c1:05:4e:80:5b:b3:99:24:af:27:40:
                    5d:16:d5:c3:34:ef:d0:ed:13:3d:83:86:8b:a6:f0:
                    13:b3:94:bb:c2:c4:03:fd:c7:14:94:e1:d0:88:31:
                    0e:c9:32:fa:00:e1:90:1e:9a:3c:80:ba:f1:64:84:
                    67:02:4e:1e:de:09:35:ca:8e:01:31:0c:de:c2:09:
                    52:9c:df:49:19:b7:b1:02:cd:dc:3b:aa:4e:02:a2:
                    de:55:7f:f7:0a:fe:b4:f3:73:a5:5b:27:05:60:f5:
                    91:b0:b8:7c:50:de:8b:4c:6b:a2:1a:77:cc:be:5f:
                    a7:18:26:4c:27:6a:f7:59:75:d5:61:ca:75:d8:35:
                    02:06:fa:01:e7:93:23:22:a4:af:a0:43:64:a1:94:
                    27:72:be:90:ba:85:b2:9e:f4:3c:87:1c:4a:c0:b7:
                    1f:10:01:23:84:ee:84:e5:92:ee:48:f6:bb:7c:7d:
                    ff:a7:dd:9c:ab:e8:8a:b3:bd:ee:18:90:6f:a2:d2:
                    1b:de:aa:dc:be:f4:ee:ae:19:c4:4e:93:c6:b8:2e:
                    04:55:b4:ac:43:0e:14:60:f9:c2:a3:74:1e:f9:1b:
                    bc:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:1B:42:A3:1F:F7:48:C6:EF:C5:71:BE:8A:14:F0:50:75:E0:76:74
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/053811b9-b94a-4e26-ad46-b7338b7aeeec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.24.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         65:77:1b:19:91:1a:37:fa:c6:a5:33:9c:88:f9:7f:5d:71:0c:
         dc:6c:e0:c1:cc:35:32:44:33:cb:a7:b5:29:7d:9e:d5:ad:e5:
         bd:7f:59:7d:f6:3b:1e:34:01:9f:10:cf:41:fe:d1:a2:60:3d:
         b2:f0:1f:cc:d3:53:92:46:23:d8:60:ae:5a:01:fc:7a:65:17:
         51:c7:7d:91:ee:51:25:19:d2:15:ba:f6:e3:6d:cc:b3:74:76:
         44:ed:11:b0:9c:d6:7d:8c:ff:bb:f1:db:56:6e:89:71:25:3c:
         19:aa:34:04:f4:36:4b:bb:be:d0:29:77:45:fa:0b:05:d7:6f:
         f9:38:4f:23:44:a4:ab:f9:9d:17:fe:1e:54:f2:6b:8a:24:cb:
         49:7f:48:f6:57:fd:6c:e7:ff:8f:8e:61:07:47:f4:9e:de:61:
         80:0e:ca:9f:e8:3f:c4:c0:e3:47:a9:c1:8b:52:a8:95:62:89:
         e6:af:d2:b6:1e:0b:76:49:cd:d4:b3:1b:96:fe:b6:aa:15:c9:
         78:1c:ba:d4:75:12:f4:01:c1:33:2a:9f:d7:7d:19:90:93:2b:
         f0:a2:2a:cc:4d:a6:3d:fe:47:43:41:60:53:f2:dc:0a:6e:e9:
         57:95:d2:e4:6f:69:bd:f9:ab:d8:e6:5d:72:f8:ce:d0:e0:3c:
         06:ff:61:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDYPp2UlUWg8WMsuLILOMaYRSnaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOGU1ZTc0MWEyOWZiNWMxNTAzZGY0MjEzYWFlNmIwMjdj
ZTdjZWU0YTY4OWQ5MzRiYjI4ZmM2OWFhNzM4Mjk2MS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwHxcugkBLCEPAQr53QenPwAMdZeOwlvkILLsMiEg+zefB
BU6AW7OZJK8nQF0W1cM079DtEz2Dhoum8BOzlLvCxAP9xxSU4dCIMQ7JMvoA4ZAe
mjyAuvFkhGcCTh7eCTXKjgExDN7CCVKc30kZt7ECzdw7qk4Cot5Vf/cK/rTzc6Vb
JwVg9ZGwuHxQ3otMa6Iad8y+X6cYJkwnavdZddVhynXYNQIG+gHnkyMipK+gQ2Sh
lCdyvpC6hbKe9DyHHErAtx8QASOE7oTlku5I9rt8ff+n3Zyr6Iqzve4YkG+i0hve
qty+9O6uGcROk8a4LgRVtKxDDhRg+cKjdB75G7yfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmBtCox/3SMbvxXG+ihTwUHXgdnQwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzA1MzgxMWI5LWI5NGEtNGUyNi1hZDQ2LWI3MzM4YjdhZWVlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYGPAwDQYJKoZIhvcNAQELBQADggEBAGV3GxmRGjf6xqUznIj5f11xDNxs
4MHMNTJEM8untSl9ntWt5b1/WX32Ox40AZ8Qz0H+0aJgPbLwH8zTU5JGI9hgrloB
/HplF1HHfZHuUSUZ0hW69uNtzLN0dkTtEbCc1n2M/7vx21ZuiXElPBmqNAT0Nku7
vtApd0X6CwXXb/k4TyNEpKv5nRf+HlTya4oky0l/SPZX/Wzn/4+OYQdH9J7eYYAO
yp/oP8TA40epwYtSqJViieav0rYeC3ZJzdSzG5b+tqoVyXgcutR1EvQBwTMqn9d9
GZCTK/CiKsxNpj3+R0NBYFPy3Apu6VeV0uRvab35q9jmXXL4ztDgPAb/Yeo=
-----END CERTIFICATE-----