Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c8a22460-1c12-4314-8b13-6a586edac27c.roa
File:                     c8a22460-1c12-4314-8b13-6a586edac27c.roa (raw, json)
Hash identifier:          R1tqwJ4v3h2TfuOHkyvqpevD0gRQ/G01xiQsMnbUN64=
Subject key identifier:   22:AA:91:69:4A:35:14:BE:CE:8B:2D:99:D6:F5:C2:6A:49:DE:1C:84
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       320A57A5E6AB7039F966FC77027D6B08B1A9AC6E
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c8a22460-1c12-4314-8b13-6a586edac27c.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ec00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:0a:57:a5:e6:ab:70:39:f9:66:fc:77:02:7d:6b:08:b1:a9:ac:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=811a624ab24008e0db8db3392d1b73a2ffb4d2347ef0e86319321e5d3c0cff16, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:40:88:f1:9a:1a:c8:7f:50:21:ef:d5:2e:a3:
                    73:80:26:f2:e5:7d:b6:f0:b2:f3:21:49:9b:8b:20:
                    31:34:8b:56:52:85:3e:61:8d:aa:34:a1:ea:5b:74:
                    5c:46:d7:b8:ae:54:c9:14:00:77:ba:f0:99:63:7b:
                    a6:19:c1:22:7d:b9:f6:ae:e4:c1:e2:48:3a:21:b3:
                    99:34:27:a7:18:ef:c5:7a:2f:aa:bc:fa:1e:9e:d7:
                    4b:c5:72:ac:9a:cc:d8:aa:de:9a:8d:a0:68:a8:30:
                    73:b0:c2:78:27:32:28:d8:f3:29:95:cd:db:29:7d:
                    0b:78:a6:19:8e:42:53:9d:c4:5a:99:55:70:b5:f9:
                    1d:58:e7:af:04:62:fe:52:bf:fa:cb:ef:2d:56:f0:
                    65:fe:24:fb:55:77:24:34:91:72:b6:00:74:61:ad:
                    e5:ea:60:39:6a:60:54:9a:2e:1e:ab:19:3e:3f:fe:
                    11:dd:18:1d:04:6f:f2:06:7e:4c:ae:cb:e7:3e:07:
                    d5:5e:e1:c7:eb:ea:47:cf:9e:e1:69:f2:a6:05:ad:
                    9a:b6:58:d4:50:46:cd:44:bb:a7:9a:d8:c5:25:bf:
                    22:89:09:fb:f7:9f:ad:3a:67:8d:a1:d2:19:b3:88:
                    7c:76:17:6f:36:25:e9:42:7c:bf:31:86:80:d0:39:
                    9d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AA:91:69:4A:35:14:BE:CE:8B:2D:99:D6:F5:C2:6A:49:DE:1C:84
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c8a22460-1c12-4314-8b13-6a586edac27c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:15:e7:30:51:94:7c:2a:44:ed:89:65:69:e0:c8:97:2f:2d:
         40:04:3c:e1:82:27:dd:e3:b3:14:ad:0c:f5:7e:3d:08:25:2f:
         90:f4:ed:e5:18:e7:47:f6:d2:92:9e:1e:1c:39:25:aa:c9:6f:
         f6:aa:e7:28:41:9a:c1:4c:65:1d:ea:39:44:5a:05:bd:00:4f:
         0f:1a:4f:3a:30:76:0f:9a:f0:83:11:30:37:0d:4a:73:ab:50:
         0a:65:39:2e:17:1b:2e:22:32:86:ca:8b:7f:3c:29:82:33:10:
         1f:91:05:4a:15:d7:15:60:da:34:cf:8b:1d:fc:79:ac:ab:ee:
         fe:fe:66:a1:4c:b7:76:b8:f9:73:a4:a6:a0:24:57:01:7c:13:
         84:91:00:45:f8:b6:97:6b:e5:96:db:2e:18:42:e6:bd:d3:a1:
         ce:10:b2:40:43:33:d6:81:4b:9e:0b:fe:68:b8:ae:58:11:ce:
         67:ec:69:ec:04:c1:15:50:e2:44:62:37:d0:61:51:60:85:18:
         da:f7:8c:9e:72:9a:f6:f9:cd:ed:57:c1:e5:50:35:06:6c:73:
         4b:13:d9:78:0b:1e:e3:56:5e:b9:e8:15:8f:12:7d:e0:c9:eb:
         e5:a2:60:ff:9c:cf:94:e9:18:01:1e:26:0c:83:56:7b:e6:92:
         64:70:9a:7d
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMgpXpearcDn5Zvx3An1rCLGprG4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MTFhNjI0YWIyNDAwOGUwZGI4ZGIzMzkyZDFiNzNhMmZm
YjRkMjM0N2VmMGU4NjMxOTMyMWU1ZDNjMGNmZjE2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnQIjxmhrIf1Ah79Uuo3OAJvLlfbbwsvMhSZuLIDE0i1ZS
hT5hjao0oepbdFxG17iuVMkUAHe68Jlje6YZwSJ9ufau5MHiSDohs5k0J6cY78V6
L6q8+h6e10vFcqyazNiq3pqNoGioMHOwwngnMijY8ymVzdspfQt4phmOQlOdxFqZ
VXC1+R1Y568EYv5Sv/rL7y1W8GX+JPtVdyQ0kXK2AHRhreXqYDlqYFSaLh6rGT4/
/hHdGB0Eb/IGfkyuy+c+B9Ve4cfr6kfPnuFp8qYFrZq2WNRQRs1Eu6ea2MUlvyKJ
Cfv3n606Z42h0hmziHx2F282JelCfL8xhoDQOZ0HAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUIqqRaUo1FL7Oiy2Z1vXCakneHIQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M4YTIyNDYwLTFjMTItNDMxNC04YjEzLTZhNTg2ZWRhYzI3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD77DANBgkqhkiG9w0BAQsFAAOCAQEAchXnMFGUfCpE7YllaeDIly8t
QAQ84YIn3eOzFK0M9X49CCUvkPTt5RjnR/bSkp4eHDklqslv9qrnKEGawUxlHeo5
RFoFvQBPDxpPOjB2D5rwgxEwNw1Kc6tQCmU5LhcbLiIyhsqLfzwpgjMQH5EFShXX
FWDaNM+LHfx5rKvu/v5moUy3drj5c6SmoCRXAXwThJEARfi2l2vlltsuGELmvdOh
zhCyQEMz1oFLngv+aLiuWBHOZ+xp7ATBFVDiRGI30GFRYIUY2veMnnKa9vnN7VfB
5VA1BmxzSxPZeAse41ZeuegVjxJ94Mnr5aJg/5zPlOkYAR4mDINWe+aSZHCafQ==
-----END CERTIFICATE-----