Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fad6e987-5e31-4212-8de7-9e29b43e7687.roa
File:                     fad6e987-5e31-4212-8de7-9e29b43e7687.roa (raw, json)
Hash identifier:          aC3avY9zfbaGT6ujh66xFCLZYyj4UgMTSOT+3Lzyuyg=
Subject key identifier:   F1:75:0C:43:92:00:E2:AE:5E:F8:1F:E4:DE:FA:95:BA:FA:BA:6E:2C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C0532BAFB1E6D2BD71F79833899F7FBDD194E94
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fad6e987-5e31-4212-8de7-9e29b43e7687.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1e:400::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:05:32:ba:fb:1e:6d:2b:d7:1f:79:83:38:99:f7:fb:dd:19:4e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=056ae07814e54938cb83d93f37c87bb3a9a88200150550013680341322b6e5fc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ae:3f:36:97:60:9d:f3:ef:b2:e3:54:b9:27:
                    94:ae:f8:0d:18:36:92:66:22:0f:c1:93:6c:c9:f2:
                    43:c0:06:f1:5e:04:9e:d0:02:75:16:db:f8:78:8d:
                    6c:e2:bf:b8:17:06:98:5d:b6:c0:35:cd:c9:71:4d:
                    33:fd:0f:5b:52:9d:c4:bf:b9:fd:52:e4:55:b0:8f:
                    1d:ee:54:7d:3a:48:ef:2d:28:13:38:b9:37:13:67:
                    5b:d1:e0:5f:08:66:29:50:0e:92:56:d4:22:ca:d8:
                    34:43:2b:3f:b1:11:6f:cc:f0:49:6b:64:3b:52:97:
                    4b:2e:48:5e:b4:c1:f5:fb:84:c9:e6:33:6a:1f:54:
                    d7:ea:fb:f9:81:3c:fa:e7:32:9f:59:60:21:9a:33:
                    37:56:d8:db:6d:0c:53:ed:ef:c1:74:c4:57:83:70:
                    cd:ab:fd:09:3f:a2:49:5c:0e:60:d6:7a:23:99:3b:
                    0c:f7:83:5c:9d:f5:44:60:5b:f5:2a:94:cc:eb:a4:
                    e0:91:02:2e:b3:b1:3f:6d:05:fa:99:a4:75:7f:f2:
                    46:e2:b2:af:df:72:73:ec:9f:46:b3:f0:90:8d:99:
                    37:6f:3d:ea:70:65:69:37:1d:3d:bf:b5:3d:a4:b7:
                    23:7e:43:a4:22:4c:5f:ac:c7:91:3f:51:31:8a:5e:
                    4e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:75:0C:43:92:00:E2:AE:5E:F8:1F:E4:DE:FA:95:BA:FA:BA:6E:2C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fad6e987-5e31-4212-8de7-9e29b43e7687.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1e:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         c8:a0:3a:8f:45:db:9a:63:0e:d0:a1:ad:08:11:9e:0c:b7:c8:
         a5:de:48:c0:c0:25:5e:bc:b2:f0:74:7c:cf:3d:11:cd:37:af:
         4d:c1:c4:2a:2a:28:93:71:64:a5:91:ef:33:a8:53:dc:b0:7b:
         b3:e2:09:a7:52:70:87:32:4a:c1:b0:cb:fb:13:07:66:ba:de:
         75:9a:47:f4:c2:8a:54:54:dc:5d:ac:02:7b:c5:f3:2f:6f:7b:
         ed:a0:f0:46:dd:96:1d:35:e6:b3:af:5b:70:eb:38:76:6e:d7:
         ca:b5:a1:2b:e4:cb:0f:d3:8a:29:fd:ca:08:e6:eb:3d:91:6f:
         72:a0:eb:b9:6f:c9:86:76:cb:b6:46:7b:bd:79:78:00:dd:24:
         0a:df:3a:01:e5:75:bd:cc:20:24:ce:de:dd:d3:95:2c:e1:91:
         dd:7d:14:06:8d:c0:13:42:1e:55:33:7b:6d:88:05:ee:7e:dc:
         b2:b7:0f:ba:8a:d1:d2:45:0b:b1:a1:9b:fd:bd:a3:c7:db:1b:
         fa:c5:cc:85:4c:94:35:af:64:3c:2c:5e:3a:1a:d6:48:b5:2a:
         d7:46:33:39:ad:f8:1b:2e:62:8d:e7:09:cf:89:9a:32:9a:12:
         88:6d:dd:27:54:77:ec:0a:bd:0f:19:41:95:c6:1c:55:c0:ef:
         43:68:86:93
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUXAUyuvsebSvXH3mDOJn3+90ZTpQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTZhZTA3ODE0ZTU0OTM4Y2I4M2Q5M2YzN2M4N2JiM2E5
YTg4MjAwMTUwNTUwMDEzNjgwMzQxMzIyYjZlNWZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDrj82l2Cd8++y41S5J5Su+A0YNpJmIg/Bk2zJ8kPABvFe
BJ7QAnUW2/h4jWziv7gXBphdtsA1zclxTTP9D1tSncS/uf1S5FWwjx3uVH06SO8t
KBM4uTcTZ1vR4F8IZilQDpJW1CLK2DRDKz+xEW/M8ElrZDtSl0suSF60wfX7hMnm
M2ofVNfq+/mBPPrnMp9ZYCGaMzdW2NttDFPt78F0xFeDcM2r/Qk/oklcDmDWeiOZ
Owz3g1yd9URgW/UqlMzrpOCRAi6zsT9tBfqZpHV/8kbisq/fcnPsn0az8JCNmTdv
PepwZWk3HT2/tT2ktyN+Q6QiTF+sx5E/UTGKXk5vAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8XUMQ5IA4q5e+B/k3vqVuvq6biwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZhZDZlOTg3LTVlMzEtNDIxMi04ZGU3LTllMjliNDNlNzY4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgImAB8eBDANBgkqhkiG9w0BAQsFAAOCAQEAyKA6j0XbmmMO0KGtCBGeDLfI
pd5IwMAlXryy8HR8zz0RzTevTcHEKiook3FkpZHvM6hT3LB7s+IJp1JwhzJKwbDL
+xMHZrredZpH9MKKVFTcXawCe8XzL2977aDwRt2WHTXms69bcOs4dm7XyrWhK+TL
D9OKKf3KCObrPZFvcqDruW/JhnbLtkZ7vXl4AN0kCt86AeV1vcwgJM7e3dOVLOGR
3X0UBo3AE0IeVTN7bYgF7n7csrcPuorR0kULsaGb/b2jx9sb+sXMhUyUNa9kPCxe
OhrWSLUq10YzOa34Gy5ijecJz4maMpoSiG3dJ1R37Aq9DxlBlcYcVcDvQ2iGkw==
-----END CERTIFICATE-----