Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5135097d-0cfb-4485-bc6d-553bd45afa9c.roa
File:                     5135097d-0cfb-4485-bc6d-553bd45afa9c.roa (raw, json)
Hash identifier:          1AyML7mnpinlhfDNwui9og5ibR6rXpuMN1tFx6OkWJ8=
Subject key identifier:   43:84:10:0E:05:08:56:A6:B8:02:AE:72:BB:41:1F:CF:9B:A3:92:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       425D14FF2A3058CB2142CEFA16F91151969EAAC5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5135097d-0cfb-4485-bc6d-553bd45afa9c.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.60.88.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:5d:14:ff:2a:30:58:cb:21:42:ce:fa:16:f9:11:51:96:9e:aa:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=d730c587fe416876419dbb835565d09b1fe597b6b1985c1367554b06269cedeb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:70:e9:e6:3b:ba:bf:ab:e8:91:d3:7e:0e:6c:
                    12:dd:5c:e3:2d:5c:90:d6:e2:1f:12:ca:3d:fb:15:
                    19:62:83:8d:51:b8:51:a9:7b:3e:f5:d5:20:34:90:
                    c1:32:a5:83:3b:4a:ab:b8:05:d3:98:a1:16:a3:ca:
                    01:52:2b:eb:e6:b2:2d:ac:b9:a4:ac:be:d0:36:e7:
                    a9:1c:4c:67:69:d2:d6:df:6f:8a:9c:3b:93:3d:cd:
                    3e:39:fc:02:f5:53:d2:b0:78:6a:f5:3b:90:ba:9b:
                    bc:4c:21:b0:97:fd:76:2a:b5:42:da:e9:a3:f9:8f:
                    c3:69:c3:5f:41:3f:1d:f0:88:d1:34:de:a8:77:c2:
                    c1:31:29:8e:34:df:b2:9c:55:31:4c:fb:24:c8:71:
                    d6:42:4a:3c:09:64:48:e4:b6:65:af:63:28:d9:83:
                    69:35:0c:cd:1e:81:d7:af:cd:b5:0c:c5:4d:58:d2:
                    a5:b5:ec:2a:2a:80:56:be:2c:17:86:78:9e:c0:09:
                    9c:da:38:a9:74:21:63:50:c6:a3:8c:1a:ab:03:ec:
                    d3:4a:f3:34:5d:63:1d:43:07:b5:c1:ec:0b:68:93:
                    c2:52:f9:f7:5a:a6:42:b3:e6:c7:0b:2c:fd:75:8c:
                    ce:fa:80:7e:06:a6:14:66:66:ea:52:e4:3d:b1:d6:
                    46:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:84:10:0E:05:08:56:A6:B8:02:AE:72:BB:41:1F:CF:9B:A3:92:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5135097d-0cfb-4485-bc6d-553bd45afa9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:58:61:b7:06:8f:a8:fc:26:d4:5d:ef:9c:cf:21:a3:29:1c:
         1a:7e:cf:55:ad:44:d5:2e:c0:9c:ad:6c:84:5b:aa:e7:6c:5e:
         7c:6a:9f:c4:aa:d4:08:9a:d2:f3:e1:98:9e:b4:ee:53:38:87:
         4e:1a:1a:2c:05:71:7b:8b:41:29:aa:e3:55:69:3f:c7:e9:ab:
         10:4f:64:94:ce:6b:ed:0d:e1:e9:b6:96:70:d2:55:cc:a8:b9:
         b8:80:36:9b:06:12:f1:b8:e8:4d:d3:a7:54:85:7e:3d:73:8d:
         4d:79:ec:eb:1e:41:5b:d5:7c:55:ab:a2:31:7e:28:52:2d:39:
         80:16:6f:40:6d:42:cd:f8:97:ff:dc:0d:45:87:f5:51:65:c4:
         c5:45:8c:e3:3a:a8:eb:83:c7:75:35:69:78:2c:4c:08:c1:79:
         51:6f:f2:b8:de:5c:2f:45:26:58:fd:af:04:46:14:9b:86:64:
         71:8e:82:cd:b0:30:84:47:64:0e:27:f0:8c:f3:e2:8c:8e:ff:
         4e:0d:a4:d2:5a:39:f6:9e:29:f5:b7:dc:2f:a6:d8:69:b2:78:
         51:f2:2f:14:ae:aa:38:41:95:07:e7:25:e9:59:15:3f:71:5d:
         52:62:be:0e:25:a7:a4:65:df:b8:44:05:e3:25:45:c3:73:b0:
         f9:ea:3b:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQl0U/yowWMshQs76FvkRUZaeqsUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzMwYzU4N2ZlNDE2ODc2NDE5ZGJiODM1NTY1ZDA5YjFm
ZTU5N2I2YjE5ODVjMTM2NzU1NGIwNjI2OWNlZGViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGcOnmO7q/q+iR034ObBLdXOMtXJDW4h8Syj37FRlig41R
uFGpez711SA0kMEypYM7Squ4BdOYoRajygFSK+vmsi2suaSsvtA256kcTGdp0tbf
b4qcO5M9zT45/AL1U9KweGr1O5C6m7xMIbCX/XYqtULa6aP5j8Npw19BPx3wiNE0
3qh3wsExKY4037KcVTFM+yTIcdZCSjwJZEjktmWvYyjZg2k1DM0egdevzbUMxU1Y
0qW17CoqgFa+LBeGeJ7ACZzaOKl0IWNQxqOMGqsD7NNK8zRdYx1DB7XB7Atok8JS
+fdapkKz5scLLP11jM76gH4GphRmZupS5D2x1kazAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ4QQDgUIVqa4Aq5yu0Efz5ujkqswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUxMzUwOTdkLTBjZmItNDQ4NS1iYzZkLTU1M2JkNDVhZmE5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPFgwDQYJKoZIhvcNAQELBQADggEBAE1YYbcGj6j8JtRd75zPIaMpHBp+
z1WtRNUuwJytbIRbqudsXnxqn8Sq1Aia0vPhmJ607lM4h04aGiwFcXuLQSmq41Vp
P8fpqxBPZJTOa+0N4em2lnDSVcyoubiANpsGEvG46E3Tp1SFfj1zjU157OseQVvV
fFWrojF+KFItOYAWb0BtQs34l//cDUWH9VFlxMVFjOM6qOuDx3U1aXgsTAjBeVFv
8rjeXC9FJlj9rwRGFJuGZHGOgs2wMIRHZA4n8Izz4oyO/04NpNJaOfaeKfW33C+m
2GmyeFHyLxSuqjhBlQfnJelZFT9xXVJivg4lp6Rl37hEBeMlRcNzsPnqO2g=
-----END CERTIFICATE-----