Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/3137322e39392e32312e302f32342d3234203d3e20383334.roa
File:                     3137322e39392e32312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          fiotJBU7BsamyOYeyEiiG3zSgvuf6PmHgwMwXaELih8=
Subject key identifier:   98:2A:91:47:8D:F9:BC:B9:C2:60:60:8B:25:B2:1F:8E:79:C4:9F:9A
Certificate issuer:       /CN=8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe
Certificate serial:       35981ADA6F02FC21D46B6D1888EFEF8B961E6D06
Authority key identifier: 4A:65:9D:2B:D2:0D:70:6E:89:F0:E9:C8:A1:E8:22:F2:DD:AE:BE:1F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/946afd34-6971-423f-b22a-575e2c73ab27/8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/3137322e39392e32312e302f32342d3234203d3e20383334.roa
Signing time:             Tue 15 Apr 2025 00:02:06 +0000
ROA not before:           Mon 14 Apr 2025 23:57:06 +0000
ROA not after:            Tue 14 Apr 2026 00:02:06 +0000
asID:                     834
IP address blocks:        172.99.21.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:98:1a:da:6f:02:fc:21:d4:6b:6d:18:88:ef:ef:8b:96:1e:6d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe
        Validity
            Not Before: Apr 14 23:57:06 2025 GMT
            Not After : Apr 14 00:02:06 2026 GMT
        Subject: CN=982A91478DF9BCB9C260608B25B21F8E79C49F9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bf:09:6d:3f:82:01:b5:22:c1:1c:01:d4:90:
                    85:fd:bf:26:0c:54:04:48:0a:a2:1f:91:db:67:33:
                    23:d3:9c:e1:50:a3:a9:7e:ee:bc:e9:75:e9:c8:ed:
                    c0:a6:2c:29:3f:ee:af:e5:c0:f2:f5:ff:02:48:86:
                    40:b6:e0:17:6e:13:a3:af:cb:85:1f:03:db:d7:56:
                    0d:d7:5f:e4:e8:c3:2b:01:82:a0:d1:2b:58:54:3a:
                    d4:be:14:ec:af:71:05:a2:a6:c0:cc:82:55:e4:ec:
                    4d:a7:22:50:bf:7b:d1:79:e5:73:6c:37:e0:25:14:
                    6d:a4:b5:eb:dc:05:dd:82:18:49:42:8c:50:33:57:
                    1a:de:92:89:89:78:a5:bd:69:98:51:2e:26:b4:24:
                    e4:54:8d:c4:35:28:39:9e:c9:05:7e:c4:d7:f8:21:
                    3f:60:0f:ca:0d:b3:ff:08:0e:c2:e3:f7:c2:77:8c:
                    87:38:68:21:c3:4b:78:de:a0:7e:45:69:20:35:86:
                    be:8d:62:48:af:24:a6:44:f7:ed:54:33:c9:de:21:
                    2f:50:1b:dd:af:ba:b5:57:7f:26:37:dc:e3:eb:61:
                    0c:8a:3e:70:99:b3:6a:2c:63:e6:91:7a:0c:e1:07:
                    8e:b1:78:3d:4b:dc:b8:86:db:50:10:c8:56:f2:e6:
                    23:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:2A:91:47:8D:F9:BC:B9:C2:60:60:8B:25:B2:1F:8E:79:C4:9F:9A
            X509v3 Authority Key Identifier:
                keyid:4A:65:9D:2B:D2:0D:70:6E:89:F0:E9:C8:A1:E8:22:F2:DD:AE:BE:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/4A659D2BD20D706E89F0E9C8A1E822F2DDAEBE1F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/946afd34-6971-423f-b22a-575e2c73ab27/8aa800a814af0deb066a95f7996f83cd729a48d075b0952fbe.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bae05840d043b/0/3137322e39392e32312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.99.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:e6:74:7e:db:72:1b:c3:f1:13:f3:73:b5:09:23:18:88:2a:
         4b:45:d1:50:1b:83:8f:df:03:01:67:0d:b4:20:10:c4:94:39:
         bd:33:f2:88:9e:94:e8:78:66:d6:92:32:c8:ac:5b:7a:47:ee:
         6d:80:08:8f:fe:40:f0:f4:8c:a5:93:ed:25:be:47:e7:5b:9d:
         4f:e5:5c:02:f7:1b:d1:4b:a3:e8:78:03:10:1b:6f:ce:8e:96:
         b5:26:a2:00:89:11:93:ad:62:98:bb:c8:4c:2e:05:7b:c0:25:
         1a:a8:9e:dd:48:ad:2e:0a:9c:ad:15:4d:bc:21:6b:93:a7:65:
         05:ab:c2:5d:9e:f1:1a:b4:69:79:c3:6d:0d:c3:56:b3:7d:80:
         06:e1:d5:fe:7c:72:94:d5:fe:fb:d2:57:be:8a:43:e4:fd:cf:
         08:49:5b:b7:82:28:94:86:8a:1a:44:26:b7:a0:c9:5b:8d:57:
         23:7d:55:a0:f8:81:de:c9:07:ab:9a:8a:8a:5b:cd:89:cb:19:
         5f:b5:13:a8:5a:f9:4f:85:c9:f4:0a:85:3f:7e:6e:a0:83:8f:
         53:a8:39:71:9b:e2:bf:af:f0:96:f9:d5:b8:70:e1:95:cb:bc:
         71:43:3b:7e:91:d8:2d:dd:68:b5:4d:79:53:e3:50:d8:ad:d8:
         a7:78:20:ca
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIUNZga2m8C/CHUa20YiO/vi5YebQYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOGFhODAwYTgxNGFmMGRlYjA2NmE5NWY3OTk2ZjgzY2Q3
MjlhNDhkMDc1YjA5NTJmYmUwHhcNMjUwNDE0MjM1NzA2WhcNMjYwNDE0MDAwMjA2
WjAzMTEwLwYDVQQDEyg5ODJBOTE0NzhERjlCQ0I5QzI2MDYwOEIyNUIyMUY4RTc5
QzQ5RjlBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L8JbT+CAbUi
wRwB1JCF/b8mDFQESAqiH5HbZzMj05zhUKOpfu686XXpyO3ApiwpP+6v5cDy9f8C
SIZAtuAXbhOjr8uFHwPb11YN11/k6MMrAYKg0StYVDrUvhTsr3EFoqbAzIJV5OxN
pyJQv3vReeVzbDfgJRRtpLXr3AXdghhJQoxQM1ca3pKJiXilvWmYUS4mtCTkVI3E
NSg5nskFfsTX+CE/YA/KDbP/CA7C4/fCd4yHOGghw0t43qB+RWkgNYa+jWJIrySm
RPftVDPJ3iEvUBvdr7q1V38mN9zj62EMij5wmbNqLGPmkXoM4QeOsXg9S9y4httQ
EMhW8uYjpQIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFJgqkUeN+by5wmBgiyWyH455
xJ+aMB8GA1UdIwQYMBaAFEplnSvSDXBuifDpyKHoIvLdrr4fMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmOGJhYTY0YTgwMThiYWUwNTg0MGQwNDNiLzAv
NEE2NTlEMkJEMjBENzA2RTg5RjBFOUM4QTFFODIyRjJEREFFQkUxRi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvODcxZGE0MGYtNzkzYS00YTQ1LWEwYTktOTc4MTQ4
MzIxYTA3Lzk0NmFmZDM0LTY5NzEtNDIzZi1iMjJhLTU3NWUyYzczYWIyNy84YWE4
MDBhODE0YWYwZGViMDY2YTk1Zjc5OTZmODNjZDcyOWE0OGQwNzViMDk1MmZiZS5j
ZXIwgZsGCCsGAQUFBwELBIGOMIGLMIGIBggrBgEFBQcwC4Z8cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmOGJhYTY0YTgwMThiYWUw
NTg0MGQwNDNiLzAvMzEzNzMyMmUzOTM5MmUzMjMxMmUzMDJmMzIzNDJkMzIzNDIw
M2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQArGMVMA0GCSqGSIb3DQEBCwUAA4IBAQDV
5nR+23Ibw/ET83O1CSMYiCpLRdFQG4OP3wMBZw20IBDElDm9M/KInpToeGbWkjLI
rFt6R+5tgAiP/kDw9Iylk+0lvkfnW51P5VwC9xvRS6PoeAMQG2/Ojpa1JqIAiRGT
rWKYu8hMLgV7wCUaqJ7dSK0uCpytFU28IWuTp2UFq8JdnvEatGl5w20Nw1azfYAG
4dX+fHKU1f770le+ikPk/c8ISVu3giiUhooaRCa3oMlbjVcjfVWg+IHeyQermoqK
W82JyxlftROoWvlPhcn0CoU/fm6gg49TqDlxm+K/r/CW+dW4cOGVy7xxQzt+kdgt
3Wi1TXlT41DYrdineCDK
-----END CERTIFICATE-----