Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b10fd9a-2796-4477-a76a-de2223e52295.roa
File:                     3b10fd9a-2796-4477-a76a-de2223e52295.roa (raw, json)
Hash identifier:          ST0Jt7fLAvMys58jC77tpzpH8HGxAiOZ4RF9rB/rVmg=
Subject key identifier:   7B:75:8A:2E:8F:E6:DE:EC:9F:B1:8F:13:DE:A5:BA:AD:77:D2:A0:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2BE56124E753F820BE70D4484E13F3F842B3D53A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b10fd9a-2796-4477-a76a-de2223e52295.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f1f:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:e5:61:24:e7:53:f8:20:be:70:d4:48:4e:13:f3:f8:42:b3:d5:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=dc950294a4f1e5a6fd8d502cb62815e9f268566a7d25a57d1767c06eef4b6e90, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fa:9e:69:2e:3f:30:2a:e3:22:4e:c9:7d:38:
                    37:b9:72:3b:96:52:42:72:38:8c:7d:59:14:b6:60:
                    5b:97:20:ba:fb:26:72:54:09:d6:28:80:66:cc:e2:
                    70:dc:a7:1f:76:1e:78:68:76:76:c6:49:cb:d8:39:
                    d5:e5:7f:06:72:7a:ac:00:e6:56:95:e8:fc:ba:04:
                    5c:e6:6e:52:2a:e1:42:d9:48:0e:86:1c:27:47:55:
                    ff:f3:0e:c3:5d:7c:f0:6e:92:84:f1:ea:b4:d3:f6:
                    0e:af:d7:80:39:d7:aa:be:93:f3:ed:3b:39:5f:4f:
                    04:ad:9d:9f:82:66:c1:14:cd:34:4a:da:cc:62:f1:
                    e7:a2:f0:d2:ff:99:13:71:a1:cd:ad:3b:00:57:4d:
                    6d:28:04:5c:e4:55:26:89:b6:55:97:77:0a:d2:8c:
                    b3:d6:06:a6:19:1c:9d:77:b5:64:d2:be:e4:3e:9a:
                    ad:99:2f:3b:a7:a2:3d:a2:b7:15:c4:78:d0:29:66:
                    60:9e:c3:1f:d2:0d:b9:85:fa:d6:92:cd:df:e1:34:
                    af:91:9c:34:93:c2:ed:aa:87:b5:30:c5:08:4e:cb:
                    42:d1:5f:7a:20:64:ca:2c:41:96:bf:fc:e6:f6:57:
                    f8:50:f4:d5:02:a2:53:31:a7:79:60:b3:15:66:90:
                    b0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:75:8A:2E:8F:E6:DE:EC:9F:B1:8F:13:DE:A5:BA:AD:77:D2:A0:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b10fd9a-2796-4477-a76a-de2223e52295.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1f:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a7:78:86:d3:cd:62:6a:07:e2:38:b7:3a:27:25:92:83:1c:d9:
         b0:9e:ec:e7:a4:34:20:ba:e4:4e:23:a3:05:02:31:cd:f4:fd:
         28:e7:f3:18:b3:5e:5f:02:79:56:05:07:f2:6a:b4:b5:70:e6:
         2e:d1:c7:8e:5b:86:4f:9d:3b:b5:de:15:11:1d:9a:e2:9e:e9:
         37:4b:dd:df:ed:c4:d0:9f:5f:8b:5c:0a:61:cb:e1:8b:d0:bc:
         77:7e:8b:a7:f8:37:be:77:a5:e5:b4:d8:94:a2:25:f7:72:7b:
         9e:ca:f2:da:4b:07:1a:6d:6f:25:81:f8:a6:d4:5e:5a:e6:62:
         d9:6b:05:b9:c3:46:03:dd:11:98:02:2c:ac:86:d3:18:0a:6f:
         e1:2e:d7:58:0b:87:48:dd:6f:51:12:df:9c:04:3b:82:f5:c0:
         f7:41:9e:85:e4:1a:d4:33:7f:2f:3d:69:30:80:99:7a:25:ba:
         82:1a:b3:df:f1:92:13:8a:65:5e:27:07:81:b6:26:c9:94:ec:
         b1:16:70:24:08:47:43:a6:aa:76:71:60:95:23:87:99:d4:49:
         af:51:bb:78:a9:e1:c7:af:cc:6b:79:90:4e:43:b0:2b:f1:07:
         39:f2:7b:35:a6:18:9d:1a:04:cb:0f:48:19:1f:e9:d9:bf:9a:
         fe:b7:13:64
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUK+VhJOdT+CC+cNRIThPz+EKz1TowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzk1MDI5NGE0ZjFlNWE2ZmQ4ZDUwMmNiNjI4MTVlOWYy
Njg1NjZhN2QyNWE1N2QxNzY3YzA2ZWVmNGI2ZTkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz+p5pLj8wKuMiTsl9ODe5cjuWUkJyOIx9WRS2YFuXILr7
JnJUCdYogGbM4nDcpx92HnhodnbGScvYOdXlfwZyeqwA5laV6Py6BFzmblIq4ULZ
SA6GHCdHVf/zDsNdfPBukoTx6rTT9g6v14A516q+k/PtOzlfTwStnZ+CZsEUzTRK
2sxi8eei8NL/mRNxoc2tOwBXTW0oBFzkVSaJtlWXdwrSjLPWBqYZHJ13tWTSvuQ+
mq2ZLzunoj2itxXEeNApZmCewx/SDbmF+taSzd/hNK+RnDSTwu2qh7UwxQhOy0LR
X3ogZMosQZa//Ob2V/hQ9NUColMxp3lgsxVmkLDRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUe3WKLo/m3uyfsY8T3qW6rXfSoJ8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiMTBmZDlhLTI3OTYtNDQ3Ny1hNzZhLWRlMjIyM2U1MjI5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8fgDANBgkqhkiG9w0BAQsFAAOCAQEAp3iG081iagfiOLc6JyWSgxzZ
sJ7s56Q0ILrkTiOjBQIxzfT9KOfzGLNeXwJ5VgUH8mq0tXDmLtHHjluGT507td4V
ER2a4p7pN0vd3+3E0J9fi1wKYcvhi9C8d36Lp/g3vnel5bTYlKIl93J7nsry2ksH
Gm1vJYH4ptReWuZi2WsFucNGA90RmAIsrIbTGApv4S7XWAuHSN1vURLfnAQ7gvXA
90GeheQa1DN/Lz1pMICZeiW6ghqz3/GSE4plXicHgbYmyZTssRZwJAhHQ6aqdnFg
lSOHmdRJr1G7eKnhx6/Ma3mQTkOwK/EHOfJ7NaYYnRoEyw9IGR/p2b+a/rcTZA==
-----END CERTIFICATE-----