Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba846737-14c5-4b5f-b37b-04331a1d5779.roa
File:                     ba846737-14c5-4b5f-b37b-04331a1d5779.roa (raw, json)
Hash identifier:          9eEUgknIdZXgn3y9chHilBBPcAMoq+tUUQuzDrPEtZo=
Subject key identifier:   ED:4E:55:1A:F2:AD:01:B8:E8:2D:B5:31:6E:CE:DF:E2:71:AB:D0:40
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       262AA2537CD64373761CE6D9DC8C07D6A1E8E47F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba846737-14c5-4b5f-b37b-04331a1d5779.roa
Signing time:             Mon 24 Mar 2025 17:11:07 +0000
ROA not before:           Mon 24 Mar 2025 17:11:07 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.150.128.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:2a:a2:53:7c:d6:43:73:76:1c:e6:d9:dc:8c:07:d6:a1:e8:e4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 17:11:07 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=9adafce3fde2b52493bc8325cbadfe55f7526e2dbbf71495f2038e66c28a1ea8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e1:a7:fc:e1:d9:ae:2a:db:54:8e:6d:b8:5b:
                    d4:99:4c:5c:d2:e2:b3:95:b0:a7:f5:da:0b:b6:a5:
                    60:ff:7d:82:92:3c:d1:b7:39:ae:62:59:78:ce:5e:
                    5c:73:80:37:47:7b:49:03:6c:45:6f:72:6b:a7:e0:
                    3f:b0:05:4d:c0:61:a3:fc:9f:88:b8:f5:1b:26:0b:
                    9d:d2:10:c2:b8:db:7f:a3:cc:4f:e6:00:50:42:de:
                    b8:61:75:7c:d2:94:37:dd:10:d0:d9:a4:66:01:88:
                    3f:72:8d:c1:d0:81:16:56:6a:a1:0b:8e:1a:4d:5f:
                    6c:46:a8:79:4e:7e:ef:58:42:0f:8f:1e:4a:59:de:
                    d0:92:d2:fb:96:d6:b0:2b:2c:cf:3d:ab:9a:db:da:
                    01:82:34:b8:dd:33:59:14:77:f3:96:5f:fe:b5:35:
                    f5:a5:bc:40:8d:8e:fd:a9:55:f3:90:d5:45:4b:d1:
                    4b:81:95:66:9c:ba:42:4d:9a:58:06:dc:90:ee:1b:
                    70:98:d3:b0:28:a5:f9:5d:b7:5c:91:59:e7:58:b2:
                    01:69:ed:13:6f:5b:38:33:34:ab:9e:b1:b0:b2:08:
                    4c:6e:30:0e:63:c0:9f:46:c2:47:54:d7:b9:f7:6f:
                    cc:c6:36:55:93:95:07:cb:b4:00:39:de:91:79:21:
                    d3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:4E:55:1A:F2:AD:01:B8:E8:2D:B5:31:6E:CE:DF:E2:71:AB:D0:40
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba846737-14c5-4b5f-b37b-04331a1d5779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.150.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:53:c4:a3:27:1c:00:9d:8b:18:c7:b5:34:0b:fe:1b:29:bb:
         75:f4:80:ae:39:b8:70:c2:c0:ad:f7:4a:40:37:17:e4:ee:0b:
         94:4d:61:5d:fb:72:e0:0f:b4:07:8a:91:a4:7d:eb:ea:7a:91:
         ce:fc:3e:d1:b2:6c:f6:49:7e:21:5e:1d:75:2c:dc:9b:0a:bd:
         77:d0:b5:01:80:3b:a9:02:b6:93:44:5d:6a:45:30:a5:a7:7a:
         4d:3c:82:63:5a:f8:74:39:51:f3:91:d7:1a:6f:b4:68:3b:d5:
         3d:76:00:64:09:78:f6:2f:8f:71:5a:ae:58:6f:41:c9:54:47:
         2c:6d:19:c9:c4:4d:f6:6a:6e:c7:33:32:17:51:6c:d1:e3:da:
         b1:0f:65:d2:54:fe:93:ee:c8:ee:f8:bd:00:87:ea:7b:04:a3:
         ed:e7:da:e7:5f:88:a9:1d:4b:e6:c4:4e:4f:ef:b0:49:23:46:
         15:0b:8f:30:f7:8d:c6:1c:f3:ef:2b:9d:1a:b8:6a:98:ea:0c:
         14:0d:5f:f6:34:81:45:b3:f8:b0:dd:b2:10:de:d7:2c:5a:db:
         d7:44:94:26:87:53:3f:39:d5:f2:7e:65:9d:1b:a7:30:d3:36:
         dc:4c:48:2a:11:a2:b5:2e:74:ee:a9:13:06:79:59:e9:2f:3d:
         26:79:46:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJiqiU3zWQ3N2HObZ3IwH1qHo5H8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTcxMTA3WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YWRhZmNlM2ZkZTJiNTI0OTNiYzgzMjVjYmFkZmU1NWY3
NTI2ZTJkYmJmNzE0OTVmMjAzOGU2NmMyOGExZWE4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj4af84dmuKttUjm24W9SZTFzS4rOVsKf12gu2pWD/fYKS
PNG3Oa5iWXjOXlxzgDdHe0kDbEVvcmun4D+wBU3AYaP8n4i49RsmC53SEMK423+j
zE/mAFBC3rhhdXzSlDfdENDZpGYBiD9yjcHQgRZWaqELjhpNX2xGqHlOfu9YQg+P
HkpZ3tCS0vuW1rArLM89q5rb2gGCNLjdM1kUd/OWX/61NfWlvECNjv2pVfOQ1UVL
0UuBlWacukJNmlgG3JDuG3CY07Aopfldt1yRWedYsgFp7RNvWzgzNKuesbCyCExu
MA5jwJ9GwkdU17n3b8zGNlWTlQfLtAA53pF5IdMbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7U5VGvKtAbjoLbUxbs7f4nGr0EAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JhODQ2NzM3LTE0YzUtNGI1Zi1iMzdiLTA0MzMxYTFkNTc3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2loAwDQYJKoZIhvcNAQELBQADggEBAIVTxKMnHACdixjHtTQL/hspu3X0
gK45uHDCwK33SkA3F+TuC5RNYV37cuAPtAeKkaR96+p6kc78PtGybPZJfiFeHXUs
3JsKvXfQtQGAO6kCtpNEXWpFMKWnek08gmNa+HQ5UfOR1xpvtGg71T12AGQJePYv
j3FarlhvQclURyxtGcnETfZqbsczMhdRbNHj2rEPZdJU/pPuyO74vQCH6nsEo+3n
2udfiKkdS+bETk/vsEkjRhULjzD3jcYc8+8rnRq4apjqDBQNX/Y0gUWz+LDdshDe
1yxa29dElCaHUz851fJ+ZZ0bpzDTNtxMSCoRorUudO6pEwZ5WekvPSZ5RhU=
-----END CERTIFICATE-----