Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa
File:                     eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa (raw, json)
Hash identifier:          nna3R+mcKGXtztMGozps+j1+RmYnB/o3vVB3gne0hPw=
Subject key identifier:   5D:D4:99:5F:0F:0E:0B:C8:F0:B8:92:AF:3C:52:8B:84:B2:3D:6C:64
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       1B01E8716DBA709F439527620E3487CE14FC5BE0
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa
Signing time:             Mon 31 Mar 2025 16:11:02 +0000
ROA not before:           Mon 31 Mar 2025 16:11:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        96.127.0.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:01:e8:71:6d:ba:70:9f:43:95:27:62:0e:34:87:ce:14:fc:5b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Mar 31 16:11:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=24d88ecded82c336c1dcbf9656ebcc22e2d80501acfae2637f6ad26c1e40cbe7, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7f:c8:97:e6:18:8f:ed:ab:22:26:47:60:b8:
                    08:86:44:7f:ed:1e:9a:22:82:de:cc:10:f5:f0:ae:
                    49:58:e5:d0:74:36:a3:76:19:49:22:59:a6:34:93:
                    f0:99:c7:30:c8:0b:7a:ad:af:86:5b:ca:5c:86:92:
                    49:36:fb:43:2b:0a:9b:8b:fc:18:fd:3b:96:df:fa:
                    26:d7:53:20:3b:bd:03:42:08:19:50:77:ac:d2:82:
                    ce:93:9b:15:f2:a9:f8:27:66:ec:11:c0:6a:7d:88:
                    9c:60:78:a4:dc:7e:60:db:75:f8:0c:c0:20:06:a3:
                    31:cd:43:84:53:de:56:fa:57:8f:b6:f9:17:e0:53:
                    c3:2f:44:3f:d4:cb:82:c7:27:8c:5b:36:7d:93:13:
                    c6:74:28:83:bf:dd:ab:46:7d:e6:7d:ca:ce:6a:d6:
                    df:b2:de:0b:f5:44:36:e4:ac:3b:f1:aa:be:91:70:
                    94:34:d1:44:c2:ca:de:a2:07:e4:86:58:51:96:ca:
                    69:b5:af:fb:f0:1e:da:aa:9b:18:a2:58:51:34:5a:
                    7f:88:8a:6a:e8:42:53:b3:1c:dc:19:06:ff:02:1a:
                    a3:a4:4c:d3:ec:05:29:0f:f0:56:47:41:31:9b:4e:
                    25:82:8e:5a:ad:70:f3:80:5e:63:94:7c:df:c1:80:
                    bc:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D4:99:5F:0F:0E:0B:C8:F0:B8:92:AF:3C:52:8B:84:B2:3D:6C:64
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3e:62:ba:3f:8b:3c:9c:d7:a2:01:1b:4a:a4:dc:29:2b:d5:df:
         59:79:ee:a4:34:62:95:c1:16:37:72:bf:97:6f:75:b5:86:06:
         17:f3:4b:f4:70:25:05:5e:fc:2f:af:3b:23:d3:e7:9c:62:5b:
         3b:14:9d:b4:bd:82:f7:ab:3f:89:e8:54:de:ac:f6:53:b9:88:
         a9:fa:8d:39:9e:57:67:fe:fd:f8:76:c5:05:37:a5:a6:12:14:
         89:bf:2f:a4:0a:51:d3:dd:e3:4e:03:dc:f4:da:51:75:c1:76:
         21:63:a4:58:3b:f7:90:ca:58:cc:77:2b:69:7b:c7:cd:f3:97:
         fb:88:87:61:d8:63:03:32:a8:76:02:a8:30:df:3d:0d:42:c5:
         6a:b6:c4:2e:eb:8a:20:34:5f:22:90:62:f0:8d:e6:ad:0a:d9:
         a5:62:ef:8f:3c:67:c1:bd:b5:e5:45:ae:8d:57:15:52:db:6f:
         6c:93:e1:0e:21:4d:5d:e6:ef:c3:cc:96:5f:48:93:d5:a1:b0:
         d5:b2:79:74:ca:0f:e8:fc:06:b5:b1:4a:dd:fb:3f:c6:f2:90:
         1f:65:23:10:57:90:7b:4b:43:74:ce:ee:9a:ac:27:6d:c1:77:
         77:48:f0:d9:25:8c:72:88:a7:f4:30:60:ab:f6:64:6f:b8:63:
         bf:27:cc:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGwHocW26cJ9DlSdiDjSHzhT8W+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwMzMxMTYxMTAyWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGQ4OGVjZGVkODJjMzM2YzFkY2JmOTY1NmViY2MyMmUy
ZDgwNTAxYWNmYWUyNjM3ZjZhZDI2YzFlNDBjYmU3MS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDof8iX5hiP7asiJkdguAiGRH/tHpoigt7MEPXwrklY5dB0
NqN2GUkiWaY0k/CZxzDIC3qtr4ZbylyGkkk2+0MrCpuL/Bj9O5bf+ibXUyA7vQNC
CBlQd6zSgs6TmxXyqfgnZuwRwGp9iJxgeKTcfmDbdfgMwCAGozHNQ4RT3lb6V4+2
+RfgU8MvRD/Uy4LHJ4xbNn2TE8Z0KIO/3atGfeZ9ys5q1t+y3gv1RDbkrDvxqr6R
cJQ00UTCyt6iB+SGWFGWymm1r/vwHtqqmxiiWFE0Wn+IimroQlOzHNwZBv8CGqOk
TNPsBSkP8FZHQTGbTiWCjlqtcPOAXmOUfN/BgLzHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXdSZXw8OC8jwuJKvPFKLhLI9bGQwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1L2VhYzUxOGVkLTBlMTEtNGZlNS05YTllLTUzYTA1ZGU2MGY3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgfwAwDQYJKoZIhvcNAQELBQADggEBAD5iuj+LPJzXogEbSqTcKSvV31l5
7qQ0YpXBFjdyv5dvdbWGBhfzS/RwJQVe/C+vOyPT55xiWzsUnbS9gverP4noVN6s
9lO5iKn6jTmeV2f+/fh2xQU3paYSFIm/L6QKUdPd404D3PTaUXXBdiFjpFg795DK
WMx3K2l7x83zl/uIh2HYYwMyqHYCqDDfPQ1CxWq2xC7riiA0XyKQYvCN5q0K2aVi
7488Z8G9teVFro1XFVLbb2yT4Q4hTV3m78PMll9Ik9WhsNWyeXTKD+j8BrWxSt37
P8bykB9lIxBXkHtLQ3TO7pqsJ23Bd3dI8NkljHKIp/QwYKv2ZG+4Y78nzLg=
-----END CERTIFICATE-----