Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c00ee110-9782-449a-a4e0-6b2a6ceffa21.roa
File:                     c00ee110-9782-449a-a4e0-6b2a6ceffa21.roa (raw, json)
Hash identifier:          Yez6IYeTCW/1hqn7yRVUL/KXSjYlUcpvKarVBeWObCU=
Subject key identifier:   58:CC:E3:1E:6F:90:FD:2D:99:A3:DB:37:97:47:AB:7A:65:8B:0C:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B6E40A4C31FA56010FF840B578E5AF3C7BCF7E8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c00ee110-9782-449a-a4e0-6b2a6ceffa21.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        182.28.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:6e:40:a4:c3:1f:a5:60:10:ff:84:0b:57:8e:5a:f3:c7:bc:f7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=e9a2c01047122322a316b224a78ca0e23a8d6d952299e5c6555eba01e8f8ec88, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:79:ea:d4:94:14:c0:71:1d:1b:3d:c9:80:42:
                    1d:8a:f1:78:8e:7b:76:e5:7d:a1:3a:ef:df:90:c8:
                    07:e4:b9:4c:03:a7:d5:39:5c:f2:75:8e:40:c6:93:
                    38:1a:f2:f6:f9:26:2d:a8:ad:64:ae:0b:3e:cd:d4:
                    54:3b:b4:78:70:a4:70:d6:b0:e9:6c:51:b5:c0:4b:
                    d6:f7:b2:4b:83:35:1d:f4:e9:86:f0:18:a5:be:dd:
                    5b:eb:fb:69:67:49:fc:32:8c:9c:7e:47:03:70:f2:
                    31:ab:ef:eb:b6:e3:fd:71:ea:06:85:09:51:8e:45:
                    44:a8:31:00:9a:69:b4:86:4a:2c:bc:c8:90:61:54:
                    a0:80:93:b7:6e:b5:0f:1b:51:b0:1e:cc:1b:3d:a5:
                    88:21:f7:9a:8b:4b:0f:ea:2f:9d:c4:73:7f:29:34:
                    e4:12:37:55:54:c4:34:41:fa:b9:e3:07:16:84:0f:
                    ff:aa:15:b2:a1:b6:bd:bb:73:e4:e0:93:75:44:1a:
                    c0:cf:40:b7:6f:0e:9e:88:39:58:86:08:d8:4c:85:
                    53:55:cc:a3:63:4c:6a:71:36:61:d2:a1:5b:18:9a:
                    a6:ee:36:47:7c:91:26:89:16:3a:0b:9a:34:dd:c5:
                    96:88:e9:95:62:5e:de:13:0c:2c:44:44:35:79:91:
                    59:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:CC:E3:1E:6F:90:FD:2D:99:A3:DB:37:97:47:AB:7A:65:8B:0C:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c00ee110-9782-449a-a4e0-6b2a6ceffa21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:e5:3d:eb:33:49:9b:f8:20:3e:f3:5f:18:4c:0f:a5:1e:a2:
         fe:c0:f2:84:ca:e9:81:b2:e4:5e:d4:e3:87:9c:7b:f7:a4:af:
         e9:02:04:d0:ff:8d:fa:b5:ad:c1:88:a9:66:7b:ab:07:53:e4:
         06:39:7e:42:17:eb:48:6c:37:4d:f3:64:c1:9f:db:0d:d4:1c:
         47:ba:2f:4f:40:f7:45:67:15:fe:22:0b:07:2b:2f:51:2b:8e:
         3f:02:4a:2a:d2:c3:8c:0b:2c:60:5d:f5:ab:cb:e9:22:be:79:
         d2:39:35:7d:00:39:d1:cd:b8:4a:a3:10:8d:63:89:ec:83:b6:
         4a:91:f8:78:79:0a:9d:d6:dc:7a:f9:bf:de:a8:a3:ae:c0:85:
         5f:a9:45:8f:ed:7c:fb:af:97:82:5c:b3:07:a2:07:8c:a1:07:
         60:5d:11:3b:64:13:e9:a0:ae:1a:b7:8b:49:9f:a8:3e:21:86:
         7c:b6:02:ab:7f:93:de:4e:50:3f:13:66:8c:6e:cf:fe:66:07:
         f1:d5:eb:40:ba:20:7e:43:f3:3a:b6:b8:0b:4f:b2:1a:01:e1:
         b1:e6:65:0d:23:10:1e:8d:16:51:1e:33:5c:20:a2:fa:e6:4b:
         65:be:f0:69:3c:8f:a1:52:ed:05:4c:c2:9e:ce:57:d0:4f:8a:
         42:88:45:5e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUG25ApMMfpWAQ/4QLV45a88e89+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOWEyYzAxMDQ3MTIyMzIyYTMxNmIyMjRhNzhjYTBlMjNh
OGQ2ZDk1MjI5OWU1YzY1NTVlYmEwMWU4ZjhlYzg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5eerUlBTAcR0bPcmAQh2K8XiOe3blfaE679+QyAfkuUwD
p9U5XPJ1jkDGkzga8vb5Ji2orWSuCz7N1FQ7tHhwpHDWsOlsUbXAS9b3skuDNR30
6YbwGKW+3Vvr+2lnSfwyjJx+RwNw8jGr7+u24/1x6gaFCVGORUSoMQCaabSGSiy8
yJBhVKCAk7dutQ8bUbAezBs9pYgh95qLSw/qL53Ec38pNOQSN1VUxDRB+rnjBxaE
D/+qFbKhtr27c+Tgk3VEGsDPQLdvDp6IOViGCNhMhVNVzKNjTGpxNmHSoVsYmqbu
Nkd8kSaJFjoLmjTdxZaI6ZViXt4TDCxERDV5kVnxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWMzjHm+Q/S2Zo9s3l0eremWLDPYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwMGVlMTEwLTk3ODItNDQ5YS1hNGUwLTZiMmE2Y2VmZmEyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwC2HDANBgkqhkiG9w0BAQsFAAOCAQEAIuU96zNJm/ggPvNfGEwPpR6i/sDy
hMrpgbLkXtTjh5x796Sv6QIE0P+N+rWtwYipZnurB1PkBjl+QhfrSGw3TfNkwZ/b
DdQcR7ovT0D3RWcV/iILBysvUSuOPwJKKtLDjAssYF31q8vpIr550jk1fQA50c24
SqMQjWOJ7IO2SpH4eHkKndbcevm/3qijrsCFX6lFj+18+6+XglyzB6IHjKEHYF0R
O2QT6aCuGreLSZ+oPiGGfLYCq3+T3k5QPxNmjG7P/mYH8dXrQLogfkPzOra4C0+y
GgHhseZlDSMQHo0WUR4zXCCi+uZLZb7waTyPoVLtBUzCns5X0E+KQohFXg==
-----END CERTIFICATE-----