Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a62a997-9b7b-441a-b9b2-dc02180d8cf6.roa
File:                     9a62a997-9b7b-441a-b9b2-dc02180d8cf6.roa (raw, json)
Hash identifier:          pzou2T6Itpj39sQldZKaY7LS5vC4LPpl3+Ut1HFj71w=
Subject key identifier:   2A:FC:04:B7:1B:4F:46:6F:8E:30:B1:09:5B:DB:04:1B:A6:0E:1D:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       08AF6DC3E9DFD1FE150D3A566D55094D8B496A07
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a62a997-9b7b-441a-b9b2-dc02180d8cf6.roa
Signing time:             Wed 29 Jan 2025 00:00:00 +0000
ROA not before:           Wed 29 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.190.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:af:6d:c3:e9:df:d1:fe:15:0d:3a:56:6d:55:09:4d:8b:49:6a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 29 00:00:00 2025 GMT
            Not After : Mar  5 23:59:59 2025 GMT
        Subject: serialNumber=7b0c20bf464010cfd12c09099ea07840e49d4a3eebf182419460531d65eb8976, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a4:82:df:eb:48:79:b9:b1:9e:b0:13:c2:b2:
                    0d:62:46:ff:7c:7a:ac:35:82:a6:d0:20:9d:4e:f5:
                    1f:d6:18:35:0f:de:73:11:4b:7d:56:a8:38:48:91:
                    f7:d7:04:72:fa:69:5c:de:fa:4a:e1:3c:67:99:87:
                    48:58:aa:c4:18:9a:cb:a3:3d:e0:78:65:f2:df:8a:
                    10:8b:31:5e:4f:2c:5f:e6:8a:1e:d1:c9:d0:56:79:
                    07:c8:31:87:fa:0e:3e:3e:33:9d:0c:5c:34:29:95:
                    29:1a:aa:42:d3:72:d6:cc:c1:bb:56:b6:80:6a:e8:
                    7b:00:2e:b9:ac:26:e3:e1:bb:33:fc:f1:f7:5c:a8:
                    fe:52:2e:27:0f:00:7f:ed:5c:4a:ca:5e:4c:48:ed:
                    26:d2:ec:01:d6:f6:4c:6c:37:6b:f5:a8:cd:1c:8d:
                    80:7e:b3:8a:18:cf:56:e6:0f:f2:31:64:e1:55:ab:
                    43:68:40:49:69:60:aa:53:bd:c2:45:cf:54:66:33:
                    5a:96:21:d1:92:08:6c:21:bb:c8:0f:c3:79:ed:a6:
                    ae:2e:2e:c6:fb:e7:ae:20:3c:87:c2:d6:65:c1:71:
                    7d:8b:98:b4:2b:0e:5a:61:54:8f:aa:d0:59:8a:e6:
                    2c:23:95:38:1a:af:44:3c:7f:1d:96:e5:7f:23:b3:
                    9c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FC:04:B7:1B:4F:46:6F:8E:30:B1:09:5B:DB:04:1B:A6:0E:1D:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a62a997-9b7b-441a-b9b2-dc02180d8cf6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:72:35:9c:c5:9e:6c:1d:68:15:35:5b:57:8b:3e:72:e5:c4:
         46:eb:08:05:0d:c9:4e:ba:a9:01:e0:a1:2e:d4:15:11:f4:fa:
         c1:5e:14:fd:a3:8f:40:aa:2a:45:d4:46:75:96:84:06:e2:4a:
         80:f5:ae:5d:61:ea:c6:15:eb:df:d6:e5:91:03:af:a1:ee:7b:
         40:51:2a:62:df:b1:fc:74:ef:5e:16:88:c3:6d:41:18:02:52:
         1a:88:b5:0a:a0:b2:d0:6e:66:4d:61:bb:8c:8b:ad:e0:f7:33:
         2f:54:45:f9:c0:46:d9:96:de:24:12:71:e0:01:9d:5d:df:ba:
         88:9e:ef:f9:a3:a5:65:c0:4b:9b:c5:83:f8:60:27:b7:f0:62:
         38:0e:76:00:ac:3c:6d:0b:40:e7:31:f5:12:e8:fe:99:eb:7b:
         0b:3c:2a:e2:b5:b7:c0:94:55:2a:a1:9a:4e:4a:ed:d5:26:40:
         02:7c:7b:41:68:8d:92:d4:98:f0:c2:b9:33:eb:bd:d0:60:f2:
         3a:99:32:2f:52:3c:1e:e4:2c:c8:6a:ce:94:65:65:41:ff:06:
         0a:f6:b1:af:fa:bf:c9:37:1d:05:f2:b5:da:a5:15:6b:04:4a:
         7b:63:38:86:8d:c5:a7:46:b6:76:2f:89:18:88:81:09:9b:78:
         09:02:3e:18
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCK9tw+nf0f4VDTpWbVUJTYtJagcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI5MDAwMDAwWhcNMjUwMzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjBjMjBiZjQ2NDAxMGNmZDEyYzA5MDk5ZWEwNzg0MGU0
OWQ0YTNlZWJmMTgyNDE5NDYwNTMxZDY1ZWI4OTc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQpILf60h5ubGesBPCsg1iRv98eqw1gqbQIJ1O9R/WGDUP
3nMRS31WqDhIkffXBHL6aVze+krhPGeZh0hYqsQYmsujPeB4ZfLfihCLMV5PLF/m
ih7RydBWeQfIMYf6Dj4+M50MXDQplSkaqkLTctbMwbtWtoBq6HsALrmsJuPhuzP8
8fdcqP5SLicPAH/tXErKXkxI7SbS7AHW9kxsN2v1qM0cjYB+s4oYz1bmD/IxZOFV
q0NoQElpYKpTvcJFz1RmM1qWIdGSCGwhu8gPw3ntpq4uLsb7564gPIfC1mXBcX2L
mLQrDlphVI+q0FmK5iwjlTgar0Q8fx2W5X8js5zjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKvwEtxtPRm+OMLEJW9sEG6YOHYIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhNjJhOTk3LTliN2ItNDQxYS1iOWIyLWRjMDIxODBkOGNmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4vjANBgkqhkiG9w0BAQsFAAOCAQEAM3I1nMWebB1oFTVbV4s+cuXERusI
BQ3JTrqpAeChLtQVEfT6wV4U/aOPQKoqRdRGdZaEBuJKgPWuXWHqxhXr39blkQOv
oe57QFEqYt+x/HTvXhaIw21BGAJSGoi1CqCy0G5mTWG7jIut4PczL1RF+cBG2Zbe
JBJx4AGdXd+6iJ7v+aOlZcBLm8WD+GAnt/BiOA52AKw8bQtA5zH1Euj+met7Czwq
4rW3wJRVKqGaTkrt1SZAAnx7QWiNktSY8MK5M+u90GDyOpkyL1I8HuQsyGrOlGVl
Qf8GCvaxr/q/yTcdBfK12qUVawRKe2M4ho3Fp0a2di+JGIiBCZt4CQI+GA==
-----END CERTIFICATE-----