Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa
File:                     65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa (raw, json)
Hash identifier:          qbOu4hyxepPjxZd+7ZDCIADDetrbxVmhjimeKYcLvac=
Subject key identifier:   AF:93:2F:76:E7:28:A1:05:95:9D:A2:71:D2:FB:50:69:30:F0:B7:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       775C9EB72DFFDD99499A12FFF1D2D0A8CC57C115
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffd:807b::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:5c:9e:b7:2d:ff:dd:99:49:9a:12:ff:f1:d2:d0:a8:cc:57:c1:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=0ec677422b2d735d00e600420d35dec8edb267c9fdd93797062f7958d799d8fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:df:ed:54:e8:eb:23:93:43:1e:ac:c3:95:77:
                    e7:ca:7c:75:52:2d:23:b6:49:2f:dc:e3:5b:ba:b2:
                    52:b6:92:8d:06:b6:ee:20:6c:ea:94:db:57:17:bd:
                    9a:02:b1:7b:33:08:d2:e7:20:82:4f:65:10:de:38:
                    b6:99:c5:e7:54:91:1f:42:d9:ee:71:78:b0:f4:55:
                    aa:b3:d5:65:ab:bd:0d:13:59:46:f5:71:1b:98:f5:
                    ec:62:76:ab:99:b7:16:60:db:52:6a:e9:21:ca:33:
                    dd:72:ec:32:82:c5:68:bc:ba:04:36:13:43:2b:04:
                    ba:70:d6:f7:e9:e4:70:86:4b:04:5e:78:26:2d:b1:
                    3d:ab:b7:f1:13:c2:b0:82:2c:f0:3e:b2:b5:a2:1e:
                    14:00:89:86:de:f7:2c:84:e7:51:60:d3:b5:37:61:
                    30:27:fd:51:9f:5f:3d:c6:a8:73:9d:f1:3c:64:bf:
                    a2:6d:d1:da:c1:8b:d7:b2:2f:ca:65:fb:21:4f:da:
                    3f:56:9b:d1:64:8a:41:05:07:6c:16:b9:e6:70:b4:
                    83:8a:2a:6b:de:5f:7c:89:b3:4e:9b:62:62:b8:4a:
                    09:48:77:6c:08:fc:a1:8b:b1:cd:13:0b:39:ea:3d:
                    3c:56:4c:e9:be:6b:e4:c8:c3:8b:83:3a:40:ac:83:
                    b2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:93:2F:76:E7:28:A1:05:95:9D:A2:71:D2:FB:50:69:30:F0:B7:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:807b::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:88:d9:f8:b6:2f:2a:dd:be:81:f8:bc:72:ae:71:5c:16:85:
         8e:43:34:a0:d7:59:42:26:db:ef:3d:19:54:15:7f:44:b4:3d:
         4d:a7:bd:4a:ba:6d:25:70:ca:26:7e:21:72:db:6f:de:3f:5a:
         61:0f:2e:c8:e2:a4:c0:9e:ab:53:7f:60:cb:d6:4c:34:4a:44:
         78:2f:d0:b3:06:e5:c7:f9:98:a0:b3:a0:26:9b:d6:77:c2:a3:
         1d:bd:29:4a:53:a2:1d:c6:fc:42:4a:9f:2e:11:63:b7:0f:7e:
         bc:ed:08:54:5f:b3:c5:7e:ea:f1:56:bd:37:cd:83:c5:ae:1c:
         59:66:93:22:15:aa:cc:58:20:56:d0:7a:6b:34:02:7c:f1:db:
         ee:a2:d9:14:81:6a:fb:35:4c:20:cb:65:ad:76:f4:d7:da:ef:
         23:87:9a:5f:ee:b5:10:ed:2b:78:b7:07:87:5f:1d:da:25:dc:
         f2:aa:de:8b:75:ab:4a:ce:8b:e9:25:05:2d:8b:4b:9f:64:7c:
         cd:f4:f0:8c:69:ce:b2:ea:2a:c5:6e:48:cb:63:f2:38:92:fa:
         21:16:fe:d0:56:92:d5:cc:7a:87:6b:19:0f:46:39:dc:0b:ee:
         11:85:3a:1e:a5:a6:e4:00:4c:09:96:26:54:f5:ce:2b:e0:f7:
         72:c4:10:30
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUd1yety3/3ZlJmhL/8dLQqMxXwRUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZWM2Nzc0MjJiMmQ3MzVkMDBlNjAwNDIwZDM1ZGVjOGVk
YjI2N2M5ZmRkOTM3OTcwNjJmNzk1OGQ3OTlkOGZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCM3+1U6Osjk0MerMOVd+fKfHVSLSO2SS/c41u6slK2ko0G
tu4gbOqU21cXvZoCsXszCNLnIIJPZRDeOLaZxedUkR9C2e5xeLD0Vaqz1WWrvQ0T
WUb1cRuY9exidquZtxZg21Jq6SHKM91y7DKCxWi8ugQ2E0MrBLpw1vfp5HCGSwRe
eCYtsT2rt/ETwrCCLPA+srWiHhQAiYbe9yyE51Fg07U3YTAn/VGfXz3GqHOd8Txk
v6Jt0drBi9eyL8pl+yFP2j9Wm9FkikEFB2wWueZwtIOKKmveX3yJs06bYmK4SglI
d2wI/KGLsc0TCznqPTxWTOm+a+TIw4uDOkCsg7J9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUr5MvducooQWVnaJx0vtQaTDwt2cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1YzdlNDM2LTUwYTAtNGM0NS1hNmQyLWE4OTljOGY1ZTc5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gHswDQYJKoZIhvcNAQELBQADggEBAFWI2fi2LyrdvoH4vHKucVwW
hY5DNKDXWUIm2+89GVQVf0S0PU2nvUq6bSVwyiZ+IXLbb94/WmEPLsjipMCeq1N/
YMvWTDRKRHgv0LMG5cf5mKCzoCab1nfCox29KUpToh3G/EJKny4RY7cPfrztCFRf
s8V+6vFWvTfNg8WuHFlmkyIVqsxYIFbQems0Anzx2+6i2RSBavs1TCDLZa129Nfa
7yOHml/utRDtK3i3B4dfHdol3PKq3ot1q0rOi+klBS2LS59kfM308IxpzrLqKsVu
SMtj8jiS+iEW/tBWktXMeodrGQ9GOdwL7hGFOh6lpuQATAmWJlT1zivg93LEEDA=
-----END CERTIFICATE-----