Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2504247-930a-4d81-afa2-bd56d5414b8d.roa
File:                     b2504247-930a-4d81-afa2-bd56d5414b8d.roa (raw, json)
Hash identifier:          kgjDZuor84K5Zn87gm3onqIxp3gdVdeOxaOOZnI3qms=
Subject key identifier:   DF:74:E0:AD:3A:36:C0:80:04:6A:56:86:20:8C:0A:63:82:14:30:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1DE295FD3B3C887193275EE94E1CE54BE33B84F2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2504247-930a-4d81-afa2-bd56d5414b8d.roa
Signing time:             Tue 01 Apr 2025 00:10:22 +0000
ROA not before:           Tue 01 Apr 2025 00:10:22 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.99.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:e2:95:fd:3b:3c:88:71:93:27:5e:e9:4e:1c:e5:4b:e3:3b:84:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  1 00:10:22 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: serialNumber=6af0f86eb2afd723bb9a034800f0b1ce1a3422a8ad3a36c436df8122e9650392, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:48:44:d8:7f:01:47:63:70:ca:6d:3e:a0:71:
                    2f:8f:b1:ab:d9:0e:72:83:23:ee:92:c0:01:63:06:
                    6b:35:46:41:07:9a:70:dc:55:d9:ff:d4:4e:9d:04:
                    8d:f0:82:33:11:1b:37:b4:11:c0:0b:c4:8a:f3:8b:
                    28:cd:7e:ec:92:e3:c6:e5:a9:81:97:33:53:30:ca:
                    e7:5b:0c:b0:e3:f6:d8:f1:9a:c0:c3:80:85:67:03:
                    8c:8f:96:26:26:ca:80:5f:ae:4e:20:92:6a:9a:09:
                    07:26:a8:8e:65:86:29:26:a8:94:e2:0f:ee:2f:39:
                    67:c9:4b:04:70:cd:10:a7:47:86:a2:6d:ab:01:c0:
                    c7:62:db:85:27:c7:b3:d9:2e:f1:0c:aa:68:09:ef:
                    c8:90:9d:a9:14:36:7e:8c:2e:d3:0e:93:a3:91:ab:
                    6a:25:0b:3f:20:de:25:6f:92:88:1b:ad:a6:b3:d3:
                    1b:b4:3c:28:22:66:ee:4f:fe:f2:0a:7b:b7:9e:da:
                    e3:d9:27:a8:3a:c2:ee:9e:f5:ae:68:50:cf:b2:6b:
                    64:cf:d0:2b:51:f6:3c:01:dc:26:72:ff:23:f3:31:
                    45:73:de:35:b1:f8:b8:82:ae:b0:a3:ed:39:40:91:
                    fa:53:50:9e:b8:e8:46:25:66:a1:d8:da:d9:9b:c1:
                    39:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:74:E0:AD:3A:36:C0:80:04:6A:56:86:20:8C:0A:63:82:14:30:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2504247-930a-4d81-afa2-bd56d5414b8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:fa:2b:70:c6:44:70:3f:76:b2:20:f7:d8:f1:78:59:03:03:
         fc:05:51:49:67:d2:cb:41:74:65:8d:dd:28:7e:80:5d:6f:ed:
         b6:2e:87:0b:2d:72:76:74:77:a3:3d:91:9a:b2:ca:84:22:64:
         27:44:7d:2c:0d:33:bd:2e:4a:eb:df:ec:c5:2e:7f:d3:85:b6:
         c1:52:66:8f:17:cb:bc:a2:bd:0f:fa:94:71:2b:23:60:69:47:
         45:05:c4:f6:98:3f:59:58:b2:8f:d6:38:01:b2:29:ca:76:f4:
         42:ce:7d:a7:16:b2:0d:44:b1:e8:63:0a:52:92:d0:ca:e5:ff:
         03:b2:c5:7c:31:1c:b9:01:cf:7b:ec:35:21:1c:84:c4:9c:f5:
         ed:9c:b1:ca:55:60:86:52:df:35:7a:0c:57:e5:e2:b6:ed:e1:
         30:bc:91:4a:a6:cf:ef:e8:08:de:3d:0d:fb:20:b5:6d:21:c2:
         ea:97:ab:4f:ab:94:09:4f:10:9d:ed:51:96:0d:32:47:bb:8e:
         5c:03:5c:66:8d:26:bf:34:57:6b:f0:22:39:50:78:ad:7e:3d:
         bd:54:de:cc:10:c0:af:26:30:5d:4b:f1:7c:c2:9b:a4:f9:f4:
         46:5e:79:cc:51:eb:20:52:86:89:65:92:35:3d:d3:1d:1c:25:
         84:ed:9d:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHeKV/Ts8iHGTJ17pThzlS+M7hPIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDAxMDAxMDIyWhcNMjUwNTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YWYwZjg2ZWIyYWZkNzIzYmI5YTAzNDgwMGYwYjFjZTFh
MzQyMmE4YWQzYTM2YzQzNmRmODEyMmU5NjUwMzkyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrSETYfwFHY3DKbT6gcS+PsavZDnKDI+6SwAFjBms1RkEH
mnDcVdn/1E6dBI3wgjMRGze0EcALxIrziyjNfuyS48blqYGXM1MwyudbDLDj9tjx
msDDgIVnA4yPliYmyoBfrk4gkmqaCQcmqI5lhikmqJTiD+4vOWfJSwRwzRCnR4ai
basBwMdi24Unx7PZLvEMqmgJ78iQnakUNn6MLtMOk6ORq2olCz8g3iVvkogbraaz
0xu0PCgiZu5P/vIKe7ee2uPZJ6g6wu6e9a5oUM+ya2TP0CtR9jwB3CZy/yPzMUVz
3jWx+LiCrrCj7TlAkfpTUJ646EYlZqHY2tmbwTkRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU33TgrTo2wIAEalaGIIwKY4IUMNUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IyNTA0MjQ3LTkzMGEtNGQ4MS1hZmEyLWJkNTZkNTQxNGI4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3mMwDQYJKoZIhvcNAQELBQADggEBAFb6K3DGRHA/drIg99jxeFkDA/wF
UUln0stBdGWN3Sh+gF1v7bYuhwstcnZ0d6M9kZqyyoQiZCdEfSwNM70uSuvf7MUu
f9OFtsFSZo8Xy7yivQ/6lHErI2BpR0UFxPaYP1lYso/WOAGyKcp29ELOfacWsg1E
sehjClKS0Mrl/wOyxXwxHLkBz3vsNSEchMSc9e2cscpVYIZS3zV6DFfl4rbt4TC8
kUqmz+/oCN49DfsgtW0hwuqXq0+rlAlPEJ3tUZYNMke7jlwDXGaNJr80V2vwIjlQ
eK1+Pb1U3swQwK8mMF1L8XzCm6T59EZeecxR6yBShollkjU90x0cJYTtnek=
-----END CERTIFICATE-----