Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21474df8-6b21-4eb1-9680-20a1d401e8e1.roa
File:                     21474df8-6b21-4eb1-9680-20a1d401e8e1.roa (raw, json)
Hash identifier:          XDi/BkVoWLPtfGlrdmfhL8ChuRdl+vCRT1klSG9VNhE=
Subject key identifier:   0A:CF:9C:63:52:F2:55:5F:7D:F6:F1:E8:CF:6C:86:A6:FB:CF:50:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B0F0B09C156005CCA248610056A689A6D6F480C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21474df8-6b21-4eb1-9680-20a1d401e8e1.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:7440::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:0f:0b:09:c1:56:00:5c:ca:24:86:10:05:6a:68:9a:6d:6f:48:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=232163a7fc4ab1358ec5ec6d7487bced4c7f17f5e4f85e44afad25d2b423339f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:59:67:04:5a:77:35:00:13:e4:8b:56:57:da:
                    c1:ec:b1:5f:65:94:66:f2:b7:39:28:de:fe:82:68:
                    7b:ff:26:7b:76:70:c5:80:99:60:44:1f:54:3c:2d:
                    d9:52:88:e7:0d:95:59:4b:b1:21:4e:ca:5c:5f:19:
                    01:39:08:c0:d0:5c:19:46:a7:66:95:75:4b:73:b1:
                    93:dc:df:19:c9:ac:0d:d1:81:2f:bc:b9:08:15:ae:
                    0e:3f:c5:b8:25:bb:50:e6:95:87:67:d9:7d:f5:b9:
                    12:17:8b:27:7c:ff:a0:ac:c6:ea:e2:7f:08:07:9f:
                    56:6c:c8:7d:2c:ec:79:84:70:e4:a9:47:b9:d7:e5:
                    fe:33:4e:09:df:eb:b8:e4:ff:af:1c:88:53:01:16:
                    ab:97:c6:42:f9:da:06:5d:be:41:91:d8:e8:ad:75:
                    b6:e8:6f:41:fe:43:a8:70:c8:3b:ad:90:31:ad:2f:
                    ad:5e:c3:33:5b:9d:e2:23:16:93:dc:35:19:19:ec:
                    e7:10:0d:a4:82:fb:44:31:b8:ff:17:1b:70:27:13:
                    e1:91:70:de:53:6c:7e:7d:05:41:94:a9:ce:eb:af:
                    06:be:8e:a3:c1:d8:ea:3b:2a:95:54:3b:17:9f:4f:
                    29:57:fb:09:d2:e8:04:d9:e0:07:f2:ae:ce:c9:f6:
                    2d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CF:9C:63:52:F2:55:5F:7D:F6:F1:E8:CF:6C:86:A6:FB:CF:50:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21474df8-6b21-4eb1-9680-20a1d401e8e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:7440::/48

    Signature Algorithm: sha256WithRSAEncryption
         d2:bf:82:4b:01:d0:8b:5b:fd:42:80:02:79:6c:05:28:93:01:
         35:c6:3d:05:9f:29:83:43:f7:62:d9:91:c3:47:bd:93:98:92:
         75:65:80:d8:a7:5a:b6:4e:27:29:11:81:c6:57:3c:c9:97:6d:
         1f:ce:75:cf:8b:1e:46:0c:47:bb:88:59:c4:63:87:4a:f1:ca:
         ba:a7:b8:b6:fc:dd:90:db:f2:65:b5:7c:03:c5:f7:81:c3:15:
         a6:17:3b:60:14:50:45:70:3e:11:dc:e9:66:93:6b:f8:c9:ea:
         f4:2b:cb:51:79:f0:73:b2:43:41:51:47:96:dd:58:a4:76:0c:
         f3:77:e3:21:30:90:d9:cb:87:eb:13:e5:57:d5:67:63:e0:83:
         cb:69:a3:3b:e2:f0:47:12:25:7e:14:a6:74:ea:ec:11:04:dd:
         b3:7b:90:b5:82:e0:9b:3b:42:c2:5e:3a:85:5d:53:95:5f:e6:
         1e:62:a2:03:b3:46:3b:5f:fa:67:11:95:ba:37:1b:9c:c8:9c:
         0b:db:3e:d7:10:48:22:96:ee:00:e5:fc:d2:e4:d8:91:f8:70:
         3d:61:2f:88:fb:b0:fa:2b:68:3d:14:1e:05:db:b8:a0:bf:8f:
         bc:8a:03:e2:e8:65:ba:5e:96:b0:e4:94:e2:a1:83:4b:04:af:
         32:68:84:1b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWw8LCcFWAFzKJIYQBWpomm1vSAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzIxNjNhN2ZjNGFiMTM1OGVjNWVjNmQ3NDg3YmNlZDRj
N2YxN2Y1ZTRmODVlNDRhZmFkMjVkMmI0MjMzMzlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6WWcEWnc1ABPki1ZX2sHssV9llGbytzko3v6CaHv/Jnt2
cMWAmWBEH1Q8LdlSiOcNlVlLsSFOylxfGQE5CMDQXBlGp2aVdUtzsZPc3xnJrA3R
gS+8uQgVrg4/xbglu1DmlYdn2X31uRIXiyd8/6CsxurifwgHn1ZsyH0s7HmEcOSp
R7nX5f4zTgnf67jk/68ciFMBFquXxkL52gZdvkGR2Oitdbbob0H+Q6hwyDutkDGt
L61ewzNbneIjFpPcNRkZ7OcQDaSC+0QxuP8XG3AnE+GRcN5TbH59BUGUqc7rrwa+
jqPB2Oo7KpVUOxefTylX+wnS6ATZ4Afyrs7J9i07AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUCs+cY1LyVV999vHoz2yGpvvPUH0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxNDc0ZGY4LTZiMjEtNGViMS05NjgwLTIwYTFkNDAxZThlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/0dEAwDQYJKoZIhvcNAQELBQADggEBANK/gksB0Itb/UKAAnlsBSiT
ATXGPQWfKYND92LZkcNHvZOYknVlgNinWrZOJykRgcZXPMmXbR/Odc+LHkYMR7uI
WcRjh0rxyrqnuLb83ZDb8mW1fAPF94HDFaYXO2AUUEVwPhHc6WaTa/jJ6vQry1F5
8HOyQ0FRR5bdWKR2DPN34yEwkNnLh+sT5VfVZ2Pgg8tpozvi8EcSJX4UpnTq7BEE
3bN7kLWC4Js7QsJeOoVdU5Vf5h5iogOzRjtf+mcRlbo3G5zInAvbPtcQSCKW7gDl
/NLk2JH4cD1hL4j7sPoraD0UHgXbuKC/j7yKA+LoZbpelrDklOKhg0sErzJohBs=
-----END CERTIFICATE-----