Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a764f24-7058-4161-b89e-768a905c8ad3.roa
File:                     8a764f24-7058-4161-b89e-768a905c8ad3.roa (raw, json)
Hash identifier:          Ytp8EznL3ylAx8NxOX6sMdOHT8TZW2UoqYD9ciTI57A=
Subject key identifier:   ED:68:A9:87:B2:46:16:E4:24:44:3E:5A:7E:7A:4A:1B:D1:47:CC:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       673C653CE4E77D9B8E3B77632DF6087229F02C67
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a764f24-7058-4161-b89e-768a905c8ad3.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1f:4000::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:3c:65:3c:e4:e7:7d:9b:8e:3b:77:63:2d:f6:08:72:29:f0:2c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=386cf7ea3fdec24afe42c74d7c00c5b241dffd6ba3fa0b4010c5d2cd5aef8970, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:02:9e:6a:8e:ca:82:87:f3:26:80:8c:87:22:
                    01:2c:e1:fa:da:5f:40:03:73:34:8c:bc:d2:c3:16:
                    31:79:84:b1:e7:94:66:29:4a:00:4d:bd:76:cd:e9:
                    29:c2:e5:ec:1d:a6:cb:de:6b:3e:de:bd:2e:d1:02:
                    9c:b3:cc:ed:7c:8f:28:df:b2:20:4d:b9:45:f0:39:
                    56:2e:41:57:21:66:b3:27:41:4f:f6:82:be:f7:2a:
                    1d:96:61:06:c3:bd:6a:9b:93:62:eb:28:60:95:4d:
                    4f:be:39:9a:b8:00:21:64:03:5d:92:d2:30:4b:27:
                    bf:b8:19:f4:e1:b1:21:f3:9b:71:a1:e4:02:a6:b1:
                    c5:e4:79:6f:b5:41:03:b3:e4:c8:96:25:5d:7d:87:
                    1b:28:85:c7:91:5c:e6:67:b7:81:96:d0:e5:e6:67:
                    c5:91:5f:31:2e:e8:e1:65:57:7a:fd:d8:1f:3d:b3:
                    4d:11:dd:02:a6:5a:4f:e6:e2:38:a1:96:aa:e3:7a:
                    d1:f1:41:b0:73:a5:1d:0d:62:5f:33:6a:9b:58:99:
                    ee:1e:7c:26:a4:3d:1e:b9:bb:b3:b6:1f:be:bc:7c:
                    21:c7:18:3b:cb:08:b5:e2:d7:99:c9:14:30:85:08:
                    a9:fb:8d:36:0f:a8:17:2d:46:89:61:fc:a4:cf:ad:
                    e9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:68:A9:87:B2:46:16:E4:24:44:3E:5A:7E:7A:4A:1B:D1:47:CC:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a764f24-7058-4161-b89e-768a905c8ad3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1f:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         4b:cc:b6:c6:ad:bb:ea:9e:18:a3:6e:e5:91:4f:b7:44:d4:78:
         3d:65:a9:df:c5:45:01:cf:69:d6:7f:f7:ab:e3:b4:48:c8:bc:
         57:e4:94:bc:2c:3e:d8:26:72:59:c8:f8:24:3b:87:ce:f0:18:
         60:09:1d:f4:dc:64:ef:ce:5f:11:d2:85:59:ee:ef:1e:87:6c:
         6b:77:a6:f9:0b:a9:24:18:db:26:66:61:71:cf:63:a4:15:77:
         97:66:fd:78:fe:bd:0e:6b:b6:2c:f9:f5:5d:70:94:2c:ff:d4:
         32:88:42:39:27:eb:2a:32:39:58:84:87:ca:ce:28:5b:0c:2f:
         8d:85:25:98:7c:26:9c:19:23:2f:21:36:76:d1:b2:6b:21:c7:
         fc:4f:45:87:ae:ad:4e:57:82:8c:65:03:53:c0:2e:a5:8e:a3:
         c3:ca:e2:0a:4d:ef:c7:66:d9:a1:9f:b1:60:41:d6:9b:67:89:
         49:58:a3:c5:52:be:4d:98:27:57:da:ab:08:69:2d:a5:0b:01:
         ac:df:d4:dd:55:62:4c:32:7d:73:e3:6f:2b:49:f8:74:2b:c5:
         d2:d7:c9:ed:32:0c:a3:c3:52:8a:9f:c1:5b:a0:af:17:f1:97:
         1d:b1:a6:f8:ad:de:d0:23:7f:fb:4b:fb:47:2c:05:2f:a1:27:
         92:f6:3d:a1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZzxlPOTnfZuOO3djLfYIcinwLGcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzODZjZjdlYTNmZGVjMjRhZmU0MmM3NGQ3YzAwYzViMjQx
ZGZmZDZiYTNmYTBiNDAxMGM1ZDJjZDVhZWY4OTcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuAp5qjsqCh/MmgIyHIgEs4fraX0ADczSMvNLDFjF5hLHn
lGYpSgBNvXbN6SnC5ewdpsveaz7evS7RApyzzO18jyjfsiBNuUXwOVYuQVchZrMn
QU/2gr73Kh2WYQbDvWqbk2LrKGCVTU++OZq4ACFkA12S0jBLJ7+4GfThsSHzm3Gh
5AKmscXkeW+1QQOz5MiWJV19hxsohceRXOZnt4GW0OXmZ8WRXzEu6OFlV3r92B89
s00R3QKmWk/m4jihlqrjetHxQbBzpR0NYl8zaptYme4efCakPR65u7O2H768fCHH
GDvLCLXi15nJFDCFCKn7jTYPqBctRolh/KTPrenjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU7Wiph7JGFuQkRD5afnpKG9FHzJMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhhNzY0ZjI0LTcwNTgtNDE2MS1iODllLTc2OGE5MDVjOGFkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8fQDANBgkqhkiG9w0BAQsFAAOCAQEAS8y2xq276p4Yo27lkU+3RNR4
PWWp38VFAc9p1n/3q+O0SMi8V+SUvCw+2CZyWcj4JDuHzvAYYAkd9Nxk785fEdKF
We7vHodsa3em+QupJBjbJmZhcc9jpBV3l2b9eP69Dmu2LPn1XXCULP/UMohCOSfr
KjI5WISHys4oWwwvjYUlmHwmnBkjLyE2dtGyayHH/E9Fh66tTleCjGUDU8AupY6j
w8riCk3vx2bZoZ+xYEHWm2eJSVijxVK+TZgnV9qrCGktpQsBrN/U3VViTDJ9c+Nv
K0n4dCvF0tfJ7TIMo8NSip/BW6CvF/GXHbGm+K3e0CN/+0v7RywFL6EnkvY9oQ==
-----END CERTIFICATE-----