Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c416f57a-9b38-4d7e-8240-20535a4882a8.roa
File:                     c416f57a-9b38-4d7e-8240-20535a4882a8.roa (raw, json)
Hash identifier:          Jf315rhIaVv7sUK/5dCoJrH0wd6qqhxTYnZguBZSezA=
Subject key identifier:   12:13:35:5B:70:84:01:B4:AB:86:73:3E:47:A1:95:A5:2F:BB:DF:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3AF60F1A6A42B61C934FA0085DB3499B0ACCF2EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c416f57a-9b38-4d7e-8240-20535a4882a8.roa
Signing time:             Wed 29 Jan 2025 00:00:00 +0000
ROA not before:           Wed 29 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.223.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:f6:0f:1a:6a:42:b6:1c:93:4f:a0:08:5d:b3:49:9b:0a:cc:f2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 29 00:00:00 2025 GMT
            Not After : Mar  5 23:59:59 2025 GMT
        Subject: serialNumber=daa9b3918c9b6a1f9080615192047761a944f5c19c9403349ac90b11333b41bd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f0:1f:2f:fc:b0:b3:63:62:59:86:32:ba:b0:
                    9a:27:b5:83:61:59:fe:25:2e:a1:c3:af:1e:56:b8:
                    97:cd:ee:57:f0:ab:b8:40:85:7d:0c:a5:2b:a2:89:
                    4d:a6:17:87:d9:e4:ad:34:c8:ff:5e:14:51:e4:01:
                    92:95:b2:5f:68:fe:56:73:b5:20:64:2f:df:9e:ae:
                    61:14:9c:85:03:cc:21:73:2b:4e:60:d8:38:d3:88:
                    2c:6e:54:33:49:87:df:0b:ab:bb:a4:10:49:95:e2:
                    65:1c:c6:3e:d2:8f:22:ed:b1:fb:a7:a0:59:06:e0:
                    5b:c8:5b:f3:e3:2b:7b:8c:93:bf:76:01:fe:37:b8:
                    90:b7:7b:59:ea:1e:50:47:9c:69:fa:2f:78:46:fe:
                    0f:31:01:b3:b1:83:9f:19:b3:cb:0d:3b:bb:ad:8d:
                    46:9a:f2:c1:91:c6:f7:c0:6a:7c:9f:61:91:6a:21:
                    2d:cf:e5:af:e0:fa:a3:b4:f9:90:98:3f:3b:11:6b:
                    e5:28:29:ac:fc:4d:37:e4:26:d0:50:10:79:b6:6f:
                    67:98:1d:84:0a:6f:6d:c1:9b:0a:fe:a2:d8:6d:62:
                    ee:b2:20:da:7a:36:2b:8b:3e:4b:30:10:2b:1a:f0:
                    d8:fb:a4:0d:51:25:59:44:6b:be:58:85:96:de:61:
                    14:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:13:35:5B:70:84:01:B4:AB:86:73:3E:47:A1:95:A5:2F:BB:DF:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c416f57a-9b38-4d7e-8240-20535a4882a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.223.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         46:69:d7:a8:7c:9b:15:fe:1e:59:d7:e9:37:de:60:82:7e:7b:
         61:2a:60:b4:43:ae:85:d4:aa:ba:bb:7e:15:fa:93:f6:75:a5:
         93:3a:38:9e:79:7c:89:80:af:13:52:12:da:62:d9:7d:40:15:
         a7:96:14:b8:60:cf:12:89:82:fd:40:38:f9:03:8c:2f:c1:76:
         33:53:c5:e9:9f:cc:32:18:90:29:61:77:69:30:4e:2a:3d:15:
         8f:8e:af:86:56:24:45:c6:7e:ca:06:39:c0:e8:d8:0b:d6:94:
         27:3c:9a:5c:ba:c3:c8:d4:35:47:8c:13:07:f6:bd:fe:a2:f7:
         62:3e:88:d0:b8:4a:f2:ac:2b:dd:af:52:d2:d3:1e:31:2c:a6:
         9e:91:e8:ca:27:0f:bb:2a:8b:3d:fd:18:f1:85:bb:be:32:71:
         27:15:44:36:f4:08:1a:ee:29:6b:e1:2b:2e:9d:1c:0c:81:a0:
         6d:49:1d:4b:f7:36:11:b7:ab:9e:48:d2:30:29:84:56:cb:af:
         63:f8:9c:01:96:bb:c0:fc:9e:42:81:75:be:9e:3f:4b:a9:15:
         03:e3:ad:21:49:13:8b:da:cf:13:b4:6d:b3:e6:d1:ea:cb:36:
         84:48:dd:7a:51:85:bc:a3:4d:0f:84:43:40:7e:70:f5:d8:bf:
         9a:4e:93:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOvYPGmpCthyTT6AIXbNJmwrM8uswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI5MDAwMDAwWhcNMjUwMzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYWE5YjM5MThjOWI2YTFmOTA4MDYxNTE5MjA0Nzc2MWE5
NDRmNWMxOWM5NDAzMzQ5YWM5MGIxMTMzM2I0MWJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+8B8v/LCzY2JZhjK6sJontYNhWf4lLqHDrx5WuJfN7lfw
q7hAhX0MpSuiiU2mF4fZ5K00yP9eFFHkAZKVsl9o/lZztSBkL9+ermEUnIUDzCFz
K05g2DjTiCxuVDNJh98Lq7ukEEmV4mUcxj7SjyLtsfunoFkG4FvIW/PjK3uMk792
Af43uJC3e1nqHlBHnGn6L3hG/g8xAbOxg58Zs8sNO7utjUaa8sGRxvfAanyfYZFq
IS3P5a/g+qO0+ZCYPzsRa+UoKaz8TTfkJtBQEHm2b2eYHYQKb23Bmwr+othtYu6y
INp6NiuLPkswECsa8Nj7pA1RJVlEa75YhZbeYRT/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEhM1W3CEAbSrhnM+R6GVpS+7328wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M0MTZmNTdhLTliMzgtNGQ3ZS04MjQwLTIwNTM1YTQ4ODJhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdo34AwDQYJKoZIhvcNAQELBQADggEBAEZp16h8mxX+HlnX6TfeYIJ+e2Eq
YLRDroXUqrq7fhX6k/Z1pZM6OJ55fImArxNSEtpi2X1AFaeWFLhgzxKJgv1AOPkD
jC/BdjNTxemfzDIYkClhd2kwTio9FY+Or4ZWJEXGfsoGOcDo2AvWlCc8mly6w8jU
NUeMEwf2vf6i92I+iNC4SvKsK92vUtLTHjEspp6R6MonD7sqiz39GPGFu74ycScV
RDb0CBruKWvhKy6dHAyBoG1JHUv3NhG3q55I0jAphFbLr2P4nAGWu8D8nkKBdb6e
P0upFQPjrSFJE4vazxO0bbPm0erLNoRI3XpRhbyjTQ+EQ0B+cPXYv5pOk9g=
-----END CERTIFICATE-----