Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/028118d1-babf-45ab-b5d9-f9af98ec99cd.roa
File:                     028118d1-babf-45ab-b5d9-f9af98ec99cd.roa (raw, json)
Hash identifier:          snvAzITh55nYEUuMSEobfXGrOAKgys7V+Yaq+Y76vFI=
Subject key identifier:   DB:75:8F:62:B9:7C:8C:EE:8B:30:FF:1A:9E:71:2A:84:45:80:E7:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A34376DAA0BA228BD8EA88869E73343955262EF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/028118d1-babf-45ab-b5d9-f9af98ec99cd.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f70:8000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:34:37:6d:aa:0b:a2:28:bd:8e:a8:88:69:e7:33:43:95:52:62:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=7120991a4c2426c5e5d773000931abceca291d03717320348752f6b1db895578, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:a9:28:b9:fc:00:9f:90:fa:a8:01:d4:87:e9:
                    7a:16:71:fa:c7:9a:8c:10:93:57:b7:da:75:d7:01:
                    8b:43:ed:81:b1:8e:52:3a:c1:3a:85:b5:e3:95:17:
                    43:25:a7:6a:a2:b5:f7:50:f8:ed:8b:11:94:26:6b:
                    4f:00:bf:ae:d5:32:35:18:af:bc:e9:da:de:e7:d6:
                    77:40:bb:95:bf:a4:d2:82:30:58:9d:c6:77:63:3f:
                    44:ec:c9:ca:eb:0b:8d:f6:56:b0:00:cf:a3:9f:a4:
                    8d:70:70:de:db:c0:11:46:a5:67:e2:08:95:f1:4e:
                    55:13:f2:a3:20:d4:ce:7a:b7:71:63:66:7e:70:0e:
                    22:19:8a:e7:8a:88:de:9d:87:c6:18:14:65:0a:87:
                    64:da:aa:8e:0d:42:d2:f2:4b:e3:46:1e:34:52:19:
                    97:e4:d1:5b:5f:28:fa:9c:b0:c4:ea:4b:d6:15:88:
                    dd:f1:fe:63:fe:ac:31:11:ac:c7:2a:7c:9d:d2:bf:
                    0d:0e:78:a5:cd:1b:8f:09:7b:10:31:bb:f4:8c:35:
                    28:91:fa:5c:54:bc:0b:90:ae:c9:a8:ae:cd:03:c7:
                    1c:4b:2f:d9:a0:d4:32:67:ab:cc:2b:26:9b:fa:fc:
                    b1:f7:ff:b7:a9:0b:45:45:79:b1:1f:e2:c9:ce:5c:
                    b2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:75:8F:62:B9:7C:8C:EE:8B:30:FF:1A:9E:71:2A:84:45:80:E7:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/028118d1-babf-45ab-b5d9-f9af98ec99cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ca:d2:d3:dc:75:20:38:ff:a9:a7:18:29:28:ca:9c:f8:25:45:
         a9:a9:0b:2c:a8:97:6e:15:82:a0:6f:3f:3b:f3:c0:c1:8a:e1:
         f0:87:d3:6b:01:06:0f:e6:86:d5:a2:f2:d9:2f:87:e0:1b:e1:
         02:85:bf:55:cd:7c:29:79:68:4f:56:18:37:ee:c4:5d:d3:f4:
         03:10:5f:00:33:94:14:b0:e7:55:b0:71:8f:f0:4b:0d:5e:93:
         6a:72:52:3d:1a:b1:f0:e1:06:6a:2b:f3:25:2f:04:e8:62:d3:
         ab:5b:c4:6d:b7:5e:ad:b2:59:32:e2:26:00:72:b9:00:50:fa:
         02:57:de:a9:2c:a2:8a:3b:8b:12:08:35:7f:a6:2e:55:1b:ab:
         e1:d4:05:6d:53:b3:5d:c5:be:28:b7:1f:9b:a6:c5:a3:fe:83:
         e5:25:2a:13:06:a9:60:9c:78:7d:6d:c7:98:00:f8:23:e3:30:
         1c:0c:f9:f6:07:33:a9:40:19:1b:cb:95:f5:f6:91:64:78:43:
         3f:e3:1d:94:9b:ff:b1:17:d4:3c:17:e4:f3:21:00:4a:eb:24:
         0d:7f:5f:f6:77:12:ac:39:e0:02:82:7a:20:27:52:a5:62:29:
         41:5c:a2:33:a0:a9:f7:29:e4:8f:99:6e:78:ea:e4:d4:9e:4c:
         fb:f1:73:e6
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUSjQ3baoLoii9jqiIaeczQ5VSYu8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTIwOTkxYTRjMjQyNmM1ZTVkNzczMDAwOTMxYWJjZWNh
MjkxZDAzNzE3MzIwMzQ4NzUyZjZiMWRiODk1NTc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD3qSi5/ACfkPqoAdSH6XoWcfrHmowQk1e32nXXAYtD7YGx
jlI6wTqFteOVF0Mlp2qitfdQ+O2LEZQma08Av67VMjUYr7zp2t7n1ndAu5W/pNKC
MFidxndjP0TsycrrC432VrAAz6OfpI1wcN7bwBFGpWfiCJXxTlUT8qMg1M56t3Fj
Zn5wDiIZiueKiN6dh8YYFGUKh2Taqo4NQtLyS+NGHjRSGZfk0VtfKPqcsMTqS9YV
iN3x/mP+rDERrMcqfJ3Svw0OeKXNG48JexAxu/SMNSiR+lxUvAuQrsmors0DxxxL
L9mg1DJnq8wrJpv6/LH3/7epC0VFebEf4snOXLI1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU23WPYrl8jO6LMP8annEqhEWA530wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyODExOGQxLWJhYmYtNDVhYi1iNWQ5LWY5YWY5OGVjOTljZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wgDANBgkqhkiG9w0BAQsFAAOCAQEAytLT3HUgOP+ppxgpKMqc+CVF
qakLLKiXbhWCoG8/O/PAwYrh8IfTawEGD+aG1aLy2S+H4BvhAoW/Vc18KXloT1YY
N+7EXdP0AxBfADOUFLDnVbBxj/BLDV6TanJSPRqx8OEGaivzJS8E6GLTq1vEbbde
rbJZMuImAHK5AFD6AlfeqSyiijuLEgg1f6YuVRur4dQFbVOzXcW+KLcfm6bFo/6D
5SUqEwapYJx4fW3HmAD4I+MwHAz59gczqUAZG8uV9faRZHhDP+MdlJv/sRfUPBfk
8yEASuskDX9f9ncSrDngAoJ6ICdSpWIpQVyiM6Cp9ynkj5lueOrk1J5M+/Fz5g==
-----END CERTIFICATE-----