Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/9e3196b4-9f82-4703-9602-d82216170d7e.roa
File:                     9e3196b4-9f82-4703-9602-d82216170d7e.roa (raw, json)
Hash identifier:          zkoXBS6Xl5pZfxrsNnEBPGVsPrXCc1T9M4Wb9vH/bG0=
Subject key identifier:   E4:A0:26:4E:2C:11:25:48:E4:DD:EB:12:E2:0C:82:DD:7A:A1:B8:81
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       0B3D8639515422FD0581FE5D5DB927A0EA4AB963
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/9e3196b4-9f82-4703-9602-d82216170d7e.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.171.176.0/20 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:3d:86:39:51:54:22:fd:05:81:fe:5d:5d:b9:27:a0:ea:4a:b9:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: serialNumber=ab742c52340b840181079a16d13b1e83ede0d07aad299b30014718c7169004e2, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ec:ba:69:cd:e1:c1:49:fc:d0:b2:17:0e:12:
                    66:e8:fa:4c:ec:6c:fa:26:be:d5:30:97:5a:3b:f2:
                    8a:34:db:2c:ae:f8:0c:6a:f0:5a:d0:20:3d:13:a6:
                    16:23:f9:17:41:54:06:fb:b3:50:c4:5b:86:d9:85:
                    ee:77:8a:7e:e9:6e:a8:23:b0:50:71:60:4b:3c:1b:
                    1f:ab:1d:d8:d0:60:69:df:33:b8:3f:2c:b6:03:44:
                    09:88:98:7d:de:ac:b6:71:e3:0f:6e:11:89:d1:e4:
                    40:09:d4:cd:94:95:a2:22:af:52:c5:0d:71:c3:4d:
                    2a:f0:78:26:11:ab:9d:d5:b9:70:b1:73:6c:af:82:
                    5c:b7:1e:a9:d2:e9:f4:f6:2e:3f:cd:e1:18:9e:ae:
                    7d:29:32:d1:30:29:f0:dd:fe:40:42:16:50:5a:5f:
                    15:02:f4:04:b0:ab:7b:83:f3:de:0a:95:a5:76:55:
                    af:75:0f:0f:a9:e1:75:95:7a:94:a5:14:1e:e5:0c:
                    d6:f9:68:f4:bb:98:f2:34:36:af:a2:4f:73:51:5e:
                    b4:e8:8b:20:79:43:f0:37:8f:d2:4f:25:73:02:1c:
                    dc:5c:a5:05:e8:fd:66:b8:3a:d5:fe:de:2c:7c:5a:
                    81:f3:b8:67:08:45:8a:d7:9d:09:1a:32:a6:d2:d6:
                    37:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A0:26:4E:2C:11:25:48:E4:DD:EB:12:E2:0C:82:DD:7A:A1:B8:81
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/9e3196b4-9f82-4703-9602-d82216170d7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.171.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         79:c9:d5:52:e8:c8:4f:af:3e:52:5d:e4:6c:16:ce:d6:ca:34:
         4f:78:84:ea:7f:76:d8:98:58:7b:0e:d3:d0:c6:90:70:bb:00:
         ac:f2:49:43:85:a6:3b:d7:43:a3:f1:a4:59:05:54:a1:75:f9:
         60:57:1e:55:4a:25:3d:ff:4a:84:6f:b9:3c:4f:d0:97:b0:8e:
         3f:b0:03:7a:2d:e4:4a:37:55:b3:a5:9b:db:2b:db:6e:32:be:
         af:96:2c:1b:e1:0f:2f:6c:ce:63:02:63:8f:5b:d5:df:03:91:
         b9:33:84:83:0e:a7:f3:fe:e9:5f:6b:05:36:35:53:5b:ec:67:
         77:b0:f6:b2:0b:22:1b:a5:99:ba:bf:22:2c:cc:32:21:64:ed:
         c5:e3:eb:94:23:e7:16:8f:99:4e:da:a9:43:d7:b0:a1:8c:bc:
         dd:03:92:e1:3d:62:0a:01:52:00:49:8d:3c:19:e8:c6:51:f3:
         6e:51:a9:e8:dc:76:5a:3c:62:a6:24:62:b4:cb:ac:0b:2b:23:
         ee:08:15:09:30:f2:e8:5a:fe:13:88:d0:12:29:37:42:89:43:
         7e:ab:ca:53:07:8e:95:19:e4:69:b2:23:1d:23:e1:d7:d0:ed:
         f1:78:d6:ad:4b:c7:c9:3b:5d:01:84:2a:4e:6b:42:de:e0:9b:
         f4:4f:b3:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCz2GOVFUIv0Fgf5dXbknoOpKuWMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjc0MmM1MjM0MGI4NDAxODEwNzlhMTZkMTNiMWU4M2Vk
ZTBkMDdhYWQyOTliMzAwMTQ3MThjNzE2OTAwNGUyMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN7LppzeHBSfzQshcOEmbo+kzsbPomvtUwl1o78oo02yyu
+Axq8FrQID0TphYj+RdBVAb7s1DEW4bZhe53in7pbqgjsFBxYEs8Gx+rHdjQYGnf
M7g/LLYDRAmImH3erLZx4w9uEYnR5EAJ1M2UlaIir1LFDXHDTSrweCYRq53VuXCx
c2yvgly3HqnS6fT2Lj/N4Riern0pMtEwKfDd/kBCFlBaXxUC9ASwq3uD894KlaV2
Va91Dw+p4XWVepSlFB7lDNb5aPS7mPI0Nq+iT3NRXrToiyB5Q/A3j9JPJXMCHNxc
pQXo/Wa4OtX+3ix8WoHzuGcIRYrXnQkaMqbS1jfJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5KAmTiwRJUjk3esS4gyC3XqhuIEwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzllMzE5NmI0LTlmODItNDcwMy05NjAyLWQ4MjIxNjE3MGQ3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATPq7AwDQYJKoZIhvcNAQELBQADggEBAHnJ1VLoyE+vPlJd5GwWztbKNE94
hOp/dtiYWHsO09DGkHC7AKzySUOFpjvXQ6PxpFkFVKF1+WBXHlVKJT3/SoRvuTxP
0Jewjj+wA3ot5Eo3VbOlm9sr224yvq+WLBvhDy9szmMCY49b1d8DkbkzhIMOp/P+
6V9rBTY1U1vsZ3ew9rILIhulmbq/IizMMiFk7cXj65Qj5xaPmU7aqUPXsKGMvN0D
kuE9YgoBUgBJjTwZ6MZR825Rqejcdlo8YqYkYrTLrAsrI+4IFQkw8uha/hOI0BIp
N0KJQ36rylMHjpUZ5GmyIx0j4dfQ7fF41q1Lx8k7XQGEKk5rQt7gm/RPs8U=
-----END CERTIFICATE-----