Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/381fc6e6-5d49-41bc-b584-d9437c68e3cd.roa
File:                     381fc6e6-5d49-41bc-b584-d9437c68e3cd.roa (raw, json)
Hash identifier:          Y1CXTx++DyY4mytREpQ8udZMn9kt0f8SfwLdhN//7yI=
Subject key identifier:   C7:00:97:58:D9:88:CD:4C:03:86:C5:F3:27:37:47:F3:BF:02:C1:79
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       16D020F16B683D2E18C9C16EBE70FEEA08FC82FD
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/381fc6e6-5d49-41bc-b584-d9437c68e3cd.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:d0:20:f1:6b:68:3d:2e:18:c9:c1:6e:be:70:fe:ea:08:fc:82:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=51dd2fb38eda6aabf29372ef7de973baa44f83825177cdd1e0e5440b41f79b9d, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d4:7b:b7:a4:db:62:13:a2:34:3c:f6:c7:15:
                    13:9c:f2:47:38:46:5c:09:90:98:cf:80:e7:06:00:
                    30:6b:69:8f:6b:3f:98:ad:ab:a6:38:5c:bd:c5:15:
                    96:d1:7d:19:9b:34:02:34:df:cc:92:46:0d:c9:df:
                    18:25:65:b2:18:02:45:83:49:b9:31:c8:59:cf:ee:
                    cc:bb:6d:f1:b3:84:ee:c1:c3:c3:3f:1e:d9:88:26:
                    f3:cd:5c:d9:79:1b:ef:bc:5d:44:dc:de:9b:bc:5c:
                    bf:19:72:8d:4b:0b:2b:81:5c:54:a9:6c:16:ea:81:
                    92:af:46:94:62:a3:65:60:c0:e4:26:be:74:11:0d:
                    34:89:89:c9:e1:08:62:aa:6d:88:5c:5b:ae:05:f0:
                    96:dd:90:9c:b0:68:74:bc:be:52:20:42:40:cb:2e:
                    3c:61:26:4b:44:cd:41:1c:2e:24:00:57:8f:c2:84:
                    b4:29:46:de:0a:0e:e3:7e:e1:de:9e:0c:63:9e:f3:
                    7d:ce:e2:7c:cd:dc:1d:81:f7:df:89:c9:1e:49:41:
                    85:3c:8e:6d:18:2a:cd:46:c7:12:e1:0d:2f:30:35:
                    70:0e:7e:dd:c6:8c:3b:9b:66:c6:eb:a3:e5:1b:13:
                    86:3c:84:92:1d:db:c5:51:d3:73:04:e3:14:8f:3d:
                    d2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:00:97:58:D9:88:CD:4C:03:86:C5:F3:27:37:47:F3:BF:02:C1:79
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/381fc6e6-5d49-41bc-b584-d9437c68e3cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:b8:80:66:af:93:b5:1b:3d:8f:65:69:53:0e:cd:b1:a5:b2:
         8d:f5:13:17:08:10:14:73:3d:ef:e6:38:54:0e:2f:d0:38:01:
         87:50:0d:98:86:fb:f1:a0:40:e3:f9:80:2a:2a:69:93:ec:e6:
         9e:3b:ce:54:5b:64:ee:db:79:c2:88:ab:d8:73:59:b2:82:7b:
         39:c6:b0:5a:f6:ca:2f:dc:1f:e0:44:f4:e1:ff:14:21:cf:00:
         74:0d:b8:75:12:5f:b9:cf:ee:e6:f0:6d:3f:2c:aa:14:f8:bf:
         80:a5:ae:84:3f:46:9c:f2:98:df:36:b4:7b:02:0e:12:ec:7c:
         76:4b:18:16:b0:8b:a2:a7:d4:47:29:b0:4f:54:7b:4f:e8:81:
         a6:66:a4:2b:22:f9:55:6e:07:f0:76:90:e2:38:6f:06:90:6f:
         d8:0b:83:b9:95:a8:7c:d2:7c:34:7e:a7:c0:02:14:af:07:36:
         bb:a1:cb:dd:3e:3f:49:00:7c:1b:40:89:9c:8b:fa:2b:a0:e0:
         b6:08:36:52:4c:c0:02:d7:bb:1c:31:20:e3:12:7d:95:2e:50:
         d7:7a:9b:a1:ef:b7:20:3f:e5:61:ef:c9:e5:e5:b3:a5:a8:04:
         fb:db:50:22:90:ff:19:cc:5a:76:be:ca:08:d9:69:0e:9a:1a:
         7c:a7:31:c3
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUFtAg8WtoPS4YycFuvnD+6gj8gv0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNANTFkZDJmYjM4ZWRhNmFhYmYyOTM3
MmVmN2RlOTczYmFhNDRmODM4MjUxNzdjZGQxZTBlNTQ0MGI0MWY3OWI5ZDEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNR7t6TbYhOiNDz2xxUTnPJHOEZc
CZCYz4DnBgAwa2mPaz+YraumOFy9xRWW0X0ZmzQCNN/MkkYNyd8YJWWyGAJFg0m5
MchZz+7Mu23xs4TuwcPDPx7ZiCbzzVzZeRvvvF1E3N6bvFy/GXKNSwsrgVxUqWwW
6oGSr0aUYqNlYMDkJr50EQ00iYnJ4Qhiqm2IXFuuBfCW3ZCcsGh0vL5SIEJAyy48
YSZLRM1BHC4kAFePwoS0KUbeCg7jfuHengxjnvN9zuJ8zdwdgfffickeSUGFPI5t
GCrNRscS4Q0vMDVwDn7dxow7m2bG66PlGxOGPISSHdvFUdNzBOMUjz3SwwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMcAl1jZiM1MA4bF8yc3R/O/AsF5MB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzM4MWZjNmU2LTVkNDktNDFiYy1iNTg0LWQ5NDM3YzY4ZTNjZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBmuIBmr5O1Gz2PZWlT
Ds2xpbKN9RMXCBAUcz3v5jhUDi/QOAGHUA2YhvvxoEDj+YAqKmmT7OaeO85UW2Tu
23nCiKvYc1mygns5xrBa9sov3B/gRPTh/xQhzwB0Dbh1El+5z+7m8G0/LKoU+L+A
pa6EP0ac8pjfNrR7Ag4S7Hx2SxgWsIuip9RHKbBPVHtP6IGmZqQrIvlVbgfwdpDi
OG8GkG/YC4O5lah80nw0fqfAAhSvBza7ocvdPj9JAHwbQImci/oroOC2CDZSTMAC
17scMSDjEn2VLlDXepuh77cgP+Vh78nl5bOlqAT721AikP8ZzFp2vsoI2WkOmhp8
pzHD
-----END CERTIFICATE-----