Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
File:                     d040f02c-c962-433b-9282-37c1d283eaeb.roa (raw, json)
Hash identifier:          ykzf6dGjJGz1UUQUS33MYYxahE41HHfacH3UTn8tTyw=
Subject key identifier:   5B:E7:9B:2F:D2:7D:B2:38:2B:30:7E:F9:28:47:CE:09:33:2F:AD:CC
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       553DB85F071C752133AC46F292BA3D16500CE713
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:eb00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:3d:b8:5f:07:1c:75:21:33:ac:46:f2:92:ba:3d:16:50:0c:e7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=a10b00f41f09900bf3718250cd86f74c5401c3db3d71fa8665f3fd3fb43638f2, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:64:16:ee:16:00:32:5a:e4:10:97:26:5a:89:
                    ba:47:ec:8d:b6:1b:03:12:4e:ba:b5:4e:92:98:32:
                    5b:3e:79:04:75:64:04:13:80:55:fa:c2:16:e4:9e:
                    94:a4:5b:f1:cf:b3:41:82:38:7d:13:ce:45:8a:b1:
                    3d:68:c1:3d:b0:21:af:53:1a:37:b1:23:22:e2:22:
                    ee:92:94:e2:ae:f8:fb:89:86:75:93:e9:bd:d5:2b:
                    90:1b:4b:6b:c5:05:5f:99:69:fd:e3:8c:c7:0f:74:
                    e1:68:21:95:6a:70:10:cd:8c:7f:d9:51:08:5f:01:
                    55:0e:0b:25:8d:5a:2e:96:b9:92:01:6a:1b:63:56:
                    5d:a6:a6:f1:f8:ab:20:8d:a9:cc:d5:21:42:fc:62:
                    7f:70:b8:81:07:7e:06:fa:5a:48:3c:f3:aa:5f:cc:
                    69:3e:d6:60:3b:b3:6d:46:6b:87:c6:7e:ac:fc:66:
                    11:83:9a:a8:f6:ff:31:87:3c:48:aa:31:15:61:7f:
                    22:e2:bf:b4:fb:e7:2b:e3:30:53:0e:b6:42:0d:01:
                    be:16:bc:32:10:6c:69:95:2d:19:81:0f:75:ce:bd:
                    33:79:a4:6d:04:31:c5:92:c5:d5:92:db:3b:19:83:
                    06:96:78:c8:6e:61:1b:fa:3f:69:ef:4f:1a:b7:4a:
                    56:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E7:9B:2F:D2:7D:B2:38:2B:30:7E:F9:28:47:CE:09:33:2F:AD:CC
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:eb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         96:fb:6f:87:bb:97:31:1c:e1:8a:ad:1f:c7:07:d3:b6:ee:3f:
         4a:21:19:68:cb:95:a3:39:3a:81:44:61:b7:cb:a8:c7:b9:37:
         bc:28:46:4c:6d:d7:8a:56:e7:1d:7b:5f:f5:14:e2:ec:f6:ca:
         f7:3c:57:3c:86:89:86:35:34:cb:83:09:f9:a5:5c:f8:c4:50:
         12:dd:f2:67:0d:b9:e3:af:bf:ab:d1:7a:93:75:d6:d6:19:15:
         bd:25:cd:67:65:c8:f5:7d:30:d3:f0:a3:f6:54:54:dc:86:4f:
         07:6a:5f:b3:09:43:1d:b6:38:83:ef:3a:f3:99:88:a9:10:71:
         cc:a1:9c:82:35:11:e6:28:51:ac:a0:a6:56:eb:5b:42:59:16:
         71:48:26:cc:df:14:e0:5e:c5:a5:ac:fd:90:2a:84:07:e8:8d:
         4b:01:9c:8b:ab:9c:cc:f9:c5:aa:98:1d:d5:0d:f3:d5:16:ec:
         08:c3:1f:26:e0:af:4f:90:54:65:9b:b5:35:74:0b:12:fe:66:
         7e:8c:79:a5:fb:37:82:7e:1a:0f:99:9d:a3:85:fb:68:e3:68:
         50:c3:89:a6:20:2f:58:7b:a5:53:84:dd:4b:c5:73:32:b2:93:
         9c:67:bc:bb:30:bd:57:ff:b9:07:ac:14:00:ec:b3:f4:0c:19:
         9e:0c:b3:f1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUVT24XwccdSEzrEbykro9FlAM5xMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTBiMDBmNDFmMDk5MDBiZjM3MTgyNTBjZDg2Zjc0YzU0
MDFjM2RiM2Q3MWZhODY2NWYzZmQzZmI0MzYzOGYyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRZBbuFgAyWuQQlyZaibpH7I22GwMSTrq1TpKYMls+eQR1
ZAQTgFX6whbknpSkW/HPs0GCOH0TzkWKsT1owT2wIa9TGjexIyLiIu6SlOKu+PuJ
hnWT6b3VK5AbS2vFBV+Zaf3jjMcPdOFoIZVqcBDNjH/ZUQhfAVUOCyWNWi6WuZIB
ahtjVl2mpvH4qyCNqczVIUL8Yn9wuIEHfgb6Wkg886pfzGk+1mA7s21Ga4fGfqz8
ZhGDmqj2/zGHPEiqMRVhfyLiv7T75yvjMFMOtkINAb4WvDIQbGmVLRmBD3XOvTN5
pG0EMcWSxdWS2zsZgwaWeMhuYRv6P2nvTxq3SlbhAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUW+ebL9J9sjgrMH75KEfOCTMvrcwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QwNDBmMDJjLWM5NjItNDMzYi05MjgyLTM3YzFkMjgzZWFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76zANBgkqhkiG9w0BAQsFAAOCAQEAlvtvh7uXMRzhiq0fxwfTtu4/
SiEZaMuVozk6gURht8uox7k3vChGTG3XilbnHXtf9RTi7PbK9zxXPIaJhjU0y4MJ
+aVc+MRQEt3yZw2546+/q9F6k3XW1hkVvSXNZ2XI9X0w0/Cj9lRU3IZPB2pfswlD
HbY4g+8685mIqRBxzKGcgjUR5ihRrKCmVutbQlkWcUgmzN8U4F7Fpaz9kCqEB+iN
SwGci6uczPnFqpgd1Q3z1RbsCMMfJuCvT5BUZZu1NXQLEv5mfox5pfs3gn4aD5md
o4X7aONoUMOJpiAvWHulU4TdS8VzMrKTnGe8uzC9V/+5B6wUAOyz9AwZngyz8Q==
-----END CERTIFICATE-----