Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f9bc786-f823-4990-9a7a-7d78437b3ae2.roa
File:                     1f9bc786-f823-4990-9a7a-7d78437b3ae2.roa (raw, json)
Hash identifier:          aLdxqK0VQNhfQ02M/4Vx4j1jFsYia+TdhPnXq7+tr0A=
Subject key identifier:   2E:7B:16:3A:42:AB:03:FA:88:10:16:DC:85:1E:C6:1F:F7:FE:76:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E63BFF3A052C210E50A1FFF4CAEAE6E83A936B1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f9bc786-f823-4990-9a7a-7d78437b3ae2.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.112.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:63:bf:f3:a0:52:c2:10:e5:0a:1f:ff:4c:ae:ae:6e:83:a9:36:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=df2e7c363c8ce48293429a6a31fd8ef38053325e0b462a3d890875a0397fc275, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f4:79:11:9f:67:5b:dc:8f:d6:c2:a5:41:48:
                    21:51:07:4b:5e:cf:10:bd:79:51:dd:28:8c:86:ab:
                    97:45:28:67:2b:8b:f9:43:21:2e:e0:77:56:b8:f5:
                    53:b1:98:e6:52:85:ee:f7:49:bd:30:ff:18:5f:67:
                    d4:2a:dd:43:e4:17:c7:dc:9f:d2:bb:d6:6c:23:c3:
                    79:7b:86:f3:c1:69:ba:ae:1d:ad:42:86:2f:c4:1b:
                    db:19:0c:ad:f7:6b:05:0b:b5:24:8f:b8:32:5e:91:
                    73:dd:89:eb:61:5c:5b:a5:e7:1a:fe:a9:95:76:f7:
                    44:b2:ba:b0:d1:bb:63:fd:ab:31:31:98:de:a0:82:
                    87:50:69:0c:a6:73:15:48:d0:15:f5:3c:6c:f6:6f:
                    e7:27:0d:a5:f5:98:d7:62:db:fe:b4:41:d4:50:8d:
                    94:6b:dc:07:c6:1f:87:7d:f5:44:14:01:89:d1:b3:
                    86:63:07:71:d2:34:87:42:81:eb:63:77:11:b6:81:
                    f9:aa:43:d2:15:f9:ff:86:83:f6:1a:b7:0c:f8:2d:
                    60:65:e1:87:08:b7:7f:ce:bc:22:69:7d:3e:c9:8d:
                    04:37:e7:b1:c1:00:5a:52:4b:84:c5:eb:8d:3a:b1:
                    c2:76:a0:da:f9:83:61:7d:bc:e0:55:80:2e:1f:54:
                    17:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:7B:16:3A:42:AB:03:FA:88:10:16:DC:85:1E:C6:1F:F7:FE:76:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f9bc786-f823-4990-9a7a-7d78437b3ae2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.112.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         13:16:c9:f8:29:f7:6f:96:67:06:7b:9e:7e:c4:75:11:80:2f:
         fa:28:18:62:1a:ac:16:06:21:23:a0:9b:35:0a:f0:1d:3f:df:
         7f:db:a8:8e:d1:45:9f:d9:b9:0e:eb:9f:19:e4:cd:9a:f4:1e:
         43:f8:2d:85:d9:14:cc:67:f8:08:71:7e:76:4b:e7:f6:f6:8c:
         59:ab:29:25:bd:06:fb:e3:f1:95:0e:f1:41:14:04:45:cc:1c:
         3b:3c:b3:da:ad:db:d8:34:f7:19:38:d1:a6:a4:37:ce:53:12:
         66:74:73:a3:dd:54:7c:17:a9:80:1d:78:66:69:11:ef:17:06:
         b0:d0:7a:61:d6:99:46:8a:5a:c2:7b:77:4f:ce:4a:ae:60:56:
         13:7c:bf:16:62:0c:c0:42:5b:b6:8b:cc:32:2e:1a:9d:e1:46:
         69:e6:43:08:82:55:98:9e:b9:b1:22:20:72:9c:bd:6f:8b:f2:
         53:92:b9:05:6d:51:ba:e1:b2:41:3b:e2:61:09:fb:f2:7b:c4:
         56:ea:76:e6:60:46:0c:55:38:ad:07:4c:cd:f1:74:f0:ad:38:
         4f:67:4c:62:1a:3b:47:44:d3:ae:4c:b1:a3:a5:1a:31:76:aa:
         0b:01:91:af:ac:c2:be:bd:0f:f8:21:ed:c5:5f:d9:e0:fe:0b:
         a3:d4:93:08
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPmO/86BSwhDlCh//TK6uboOpNrEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjJlN2MzNjNjOGNlNDgyOTM0MjlhNmEzMWZkOGVmMzgw
NTMzMjVlMGI0NjJhM2Q4OTA4NzVhMDM5N2ZjMjc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx9HkRn2db3I/WwqVBSCFRB0tezxC9eVHdKIyGq5dFKGcr
i/lDIS7gd1a49VOxmOZShe73Sb0w/xhfZ9Qq3UPkF8fcn9K71mwjw3l7hvPBabqu
Ha1Chi/EG9sZDK33awULtSSPuDJekXPdiethXFul5xr+qZV290SyurDRu2P9qzEx
mN6ggodQaQymcxVI0BX1PGz2b+cnDaX1mNdi2/60QdRQjZRr3AfGH4d99UQUAYnR
s4ZjB3HSNIdCgetjdxG2gfmqQ9IV+f+Gg/Yatwz4LWBl4YcIt3/OvCJpfT7JjQQ3
57HBAFpSS4TF6406scJ2oNr5g2F9vOBVgC4fVBfjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULnsWOkKrA/qIEBbchR7GH/f+djYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmOWJjNzg2LWY4MjMtNDk5MC05YTdhLTdkNzg0MzdiM2FlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQcDANBgkqhkiG9w0BAQsFAAOCAQEAExbJ+Cn3b5ZnBnuefsR1EYAv+igY
YhqsFgYhI6CbNQrwHT/ff9uojtFFn9m5DuufGeTNmvQeQ/gthdkUzGf4CHF+dkvn
9vaMWaspJb0G++PxlQ7xQRQERcwcOzyz2q3b2DT3GTjRpqQ3zlMSZnRzo91UfBep
gB14ZmkR7xcGsNB6YdaZRopawnt3T85KrmBWE3y/FmIMwEJbtovMMi4aneFGaeZD
CIJVmJ65sSIgcpy9b4vyU5K5BW1RuuGyQTviYQn78nvEVup25mBGDFU4rQdMzfF0
8K04T2dMYho7R0TTrkyxo6UaMXaqCwGRr6zCvr0P+CHtxV/Z4P4Lo9STCA==
-----END CERTIFICATE-----