Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38c20ad1-4940-457a-a8c7-c8e8609575d6.roa
File:                     38c20ad1-4940-457a-a8c7-c8e8609575d6.roa (raw, json)
Hash identifier:          Ea81C6d9rfWTluy8gwKdZJuwYyl3D0S4GDYOGNenaWU=
Subject key identifier:   1B:BF:C8:BA:9C:01:9A:A9:23:0A:AA:D4:4A:64:31:F7:7D:64:A4:45
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73208BD25506CC699443B71BDC7E0FBCC4147A6D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38c20ad1-4940-457a-a8c7-c8e8609575d6.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:8060::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:20:8b:d2:55:06:cc:69:94:43:b7:1b:dc:7e:0f:bc:c4:14:7a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=e60e85147c496ecb4c5f16e7e2cb268bc8bbe6601913529271e6b7985ddf35d2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0e:d2:0d:39:e5:c2:58:d1:e5:df:3c:18:08:
                    be:70:84:0f:00:16:55:dd:9f:2d:93:79:f8:26:17:
                    fb:70:04:4a:f5:4c:de:06:c4:dd:81:1e:08:af:79:
                    85:82:5f:d8:a8:5b:6a:a6:5d:4d:a3:5b:00:06:47:
                    ee:76:f3:03:f7:48:b6:12:cd:e0:61:0e:c6:e5:37:
                    a0:19:09:48:c3:6b:15:f7:b4:3d:e4:72:87:35:d2:
                    4e:c8:21:b1:0e:c3:6d:dd:4c:e5:e6:31:f4:9d:ff:
                    ac:32:40:85:b1:e2:64:f6:4a:41:85:f5:fc:9d:e2:
                    fc:48:57:d6:1e:2a:1b:58:e0:8e:96:cb:44:fb:5a:
                    01:0d:86:59:25:74:32:17:c6:8f:70:df:24:8e:02:
                    b6:66:fd:8d:d6:17:f0:69:33:09:f3:3a:31:62:fd:
                    29:54:c5:24:5e:70:9b:d9:28:13:08:0b:8b:96:f2:
                    2a:af:2a:1d:eb:82:e0:8b:d7:e2:d0:eb:ed:03:b6:
                    40:f7:6d:e7:53:86:63:bb:01:48:5a:90:5c:52:59:
                    ac:b1:21:06:e8:9b:d2:07:1e:55:28:10:03:4b:7c:
                    a5:82:67:83:11:83:88:c9:2b:ea:74:d1:9e:2f:56:
                    a3:21:46:17:4c:e6:bc:43:37:5a:7e:09:8b:17:21:
                    a4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BF:C8:BA:9C:01:9A:A9:23:0A:AA:D4:4A:64:31:F7:7D:64:A4:45
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38c20ad1-4940-457a-a8c7-c8e8609575d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:8060::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:7a:cd:05:95:cd:f1:60:23:81:3c:05:d1:b2:21:17:70:16:
         53:8b:c5:e9:65:2c:83:ac:74:9b:c3:e3:bc:e6:c4:50:8c:34:
         71:c7:75:4e:77:7c:5a:e0:a4:89:63:20:a1:6d:be:0e:db:21:
         b0:dc:bd:54:ae:ba:b5:60:c0:3e:99:fa:f1:92:0d:6d:00:05:
         59:2f:90:d4:5e:7c:e2:23:58:33:a7:a9:fc:15:32:10:83:0d:
         a7:61:3b:1d:c8:2e:91:7c:38:fe:ae:7d:9c:73:16:1b:82:a0:
         a6:4c:e3:71:8b:47:03:73:ea:72:05:64:ca:6e:d3:ec:9f:8d:
         30:ea:72:ef:d3:c4:45:22:c6:d3:7c:a6:49:e1:e5:0c:e4:a1:
         31:2e:d1:d3:5f:85:b0:4d:7b:df:17:f8:94:ef:ec:7f:06:8b:
         9d:4a:f4:5b:fc:49:5a:66:23:b6:79:9c:f9:fc:eb:8c:f2:a9:
         9b:fe:df:2f:5c:b1:67:ae:7d:7d:d6:6f:44:41:ed:21:b0:43:
         fe:74:1e:6f:49:ab:59:b2:86:57:66:64:85:b7:cb:f7:85:4e:
         d8:65:92:ca:01:83:31:04:71:9c:2b:64:55:3a:78:70:e1:12:
         66:50:59:5c:b3:c0:0d:85:3d:6c:2d:5e:85:ef:61:4c:3d:e4:
         d2:31:be:b8
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcyCL0lUGzGmUQ7cb3H4PvMQUem0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjBlODUxNDdjNDk2ZWNiNGM1ZjE2ZTdlMmNiMjY4YmM4
YmJlNjYwMTkxMzUyOTI3MWU2Yjc5ODVkZGYzNWQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSDtINOeXCWNHl3zwYCL5whA8AFlXdny2TefgmF/twBEr1
TN4GxN2BHgiveYWCX9ioW2qmXU2jWwAGR+528wP3SLYSzeBhDsblN6AZCUjDaxX3
tD3kcoc10k7IIbEOw23dTOXmMfSd/6wyQIWx4mT2SkGF9fyd4vxIV9YeKhtY4I6W
y0T7WgENhlkldDIXxo9w3ySOArZm/Y3WF/BpMwnzOjFi/SlUxSRecJvZKBMIC4uW
8iqvKh3rguCL1+LQ6+0DtkD3bedThmO7AUhakFxSWayxIQbom9IHHlUoEANLfKWC
Z4MRg4jJK+p00Z4vVqMhRhdM5rxDN1p+CYsXIaQzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUG7/IupwBmqkjCqrUSmQx931kpEUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4YzIwYWQxLTQ5NDAtNDU3YS1hOGM3LWM4ZTg2MDk1NzVkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84gGAwDQYJKoZIhvcNAQELBQADggEBAGB6zQWVzfFgI4E8BdGyIRdw
FlOLxellLIOsdJvD47zmxFCMNHHHdU53fFrgpIljIKFtvg7bIbDcvVSuurVgwD6Z
+vGSDW0ABVkvkNRefOIjWDOnqfwVMhCDDadhOx3ILpF8OP6ufZxzFhuCoKZM43GL
RwNz6nIFZMpu0+yfjTDqcu/TxEUixtN8pknh5QzkoTEu0dNfhbBNe98X+JTv7H8G
i51K9Fv8SVpmI7Z5nPn864zyqZv+3y9csWeufX3Wb0RB7SGwQ/50Hm9Jq1myhldm
ZIW3y/eFTthlksoBgzEEcZwrZFU6eHDhEmZQWVyzwA2FPWwtXoXvYUw95NIxvrg=
-----END CERTIFICATE-----