Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa
File:                     a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa (raw, json)
Hash identifier:          ElIztC9A/PuKjT+DQpi8QHUOUb3qi/8DSl4V7NUTbHY=
Subject key identifier:   58:A4:97:5D:CE:AA:FE:B2:8E:80:F1:CC:CB:DC:9E:2A:D5:B0:C4:FF
Certificate issuer:       /CN=6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267
Certificate serial:       02D68C0FEB48ACA9EE808044EFF25EB114684AFB
Authority key identifier: 6D:CA:65:D0:71:4D:7E:F2:56:90:BC:09:13:D3:54:DB:AC:89:2A:5E
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:c940::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:d6:8c:0f:eb:48:ac:a9:ee:80:80:44:ef:f2:5e:b1:14:68:4a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=ad1a6d74e71822e57ce080a1eb5d8f38639fe80c470d61736f2595707d82f9e9, CN=15f1683a-c0c2-4266-9a96-ecf9eba3239c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:82:7d:ef:ce:40:1f:e3:18:fb:05:bd:bc:
                    f8:ec:a2:9f:54:c3:54:32:4e:10:76:46:db:3b:57:
                    53:1b:67:71:bc:a2:e8:67:de:6a:db:c8:0c:b3:16:
                    65:5a:72:5c:c0:9b:1d:de:7a:d5:4a:e3:45:80:f4:
                    90:a7:15:84:1c:fa:e8:07:54:82:a7:3c:af:f0:8b:
                    0d:96:a6:21:68:08:93:bd:4b:ca:9a:c8:12:f0:5e:
                    e4:5f:ce:e0:45:63:f1:56:2d:92:d5:a6:4e:d3:ee:
                    c6:c3:e8:34:88:1e:a6:f5:45:32:fb:b7:41:2e:b5:
                    07:9b:19:f1:ac:b7:f2:39:80:50:b0:37:a2:c5:00:
                    60:fa:e0:3a:a9:7a:0f:d1:06:f2:ab:a4:e4:f0:cd:
                    f8:df:d0:49:2f:9c:22:5e:3a:3b:4b:b3:39:d1:e3:
                    dc:ea:0c:4f:2c:58:bc:da:8a:e8:b9:30:cb:67:4a:
                    1a:a0:de:f9:38:2a:62:a6:33:59:e0:b6:61:04:fb:
                    87:7a:55:9b:8b:23:84:64:cb:8b:d2:78:69:f0:8b:
                    96:09:c8:c3:64:b3:d1:5a:e4:57:21:ec:b7:05:c3:
                    65:d8:fc:fa:5e:a0:e3:43:57:fb:5c:6c:15:de:54:
                    d0:1d:86:22:af:9c:79:fe:d7:15:d5:0b:f1:00:bf:
                    ff:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A4:97:5D:CE:AA:FE:B2:8E:80:F1:CC:CB:DC:9E:2A:D5:B0:C4:FF
            X509v3 Authority Key Identifier:
                keyid:6D:CA:65:D0:71:4D:7E:F2:56:90:BC:09:13:D3:54:DB:AC:89:2A:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/5d7wm5lPjPYLrYyQKcAGV3ULImc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:c940::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:17:bf:18:41:6d:b6:18:64:7f:7c:27:26:90:7a:1f:b9:f6:
         45:5d:b4:f0:48:29:0c:bd:7c:b2:da:14:80:82:b6:fa:9b:5e:
         9f:78:c2:58:82:40:45:80:38:c8:5a:54:c0:f3:e0:4f:8e:ce:
         84:9d:9d:8a:9d:cc:f3:d8:2f:91:cb:a6:47:7d:a3:cd:54:9e:
         46:77:74:38:17:4f:86:1b:fc:13:7a:63:67:f7:b9:6d:e4:d1:
         ed:8c:04:9d:f8:8b:2b:fb:33:ab:40:64:e9:a5:aa:96:a7:2d:
         c1:8d:4a:60:d7:2b:2b:d3:06:0c:1f:1a:1c:e0:dd:52:d4:f0:
         8e:51:96:c7:48:ad:eb:6d:c1:55:88:1a:fb:91:38:07:4d:c1:
         e9:f5:fa:65:58:9f:73:5f:97:f1:a1:6f:85:30:54:37:cd:5c:
         40:63:1c:64:a8:60:95:e4:94:14:28:52:d6:f4:9c:0e:9a:34:
         07:50:8e:7f:0f:d3:17:5a:aa:99:e5:27:0c:48:1d:a8:99:be:
         1c:0f:ca:f6:c2:c9:79:26:73:26:ef:4f:18:8f:78:b1:5b:7b:
         df:41:64:13:1c:de:af:ed:f6:4c:d7:08:d2:80:f5:79:df:b2:
         99:4f:61:be:04:a0:bc:2f:4a:97:1c:5b:63:f6:ec:51:6b:f3:
         c6:2e:1f:db
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUAtaMD+tIrKnugIBE7/JesRRoSvswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmY5Yjk4NWIwZmU1ZGVmMDliOTk0ZjhjZjYwYmFkOGM5
MDI5YzAwNjU3NzUwYjIyNjcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDFhNmQ3NGU3MTgyMmU1N2NlMDgwYTFlYjVkOGYzODYz
OWZlODBjNDcwZDYxNzM2ZjI1OTU3MDdkODJmOWU5MS0wKwYDVQQDEyQxNWYxNjgz
YS1jMGMyLTQyNjYtOWE5Ni1lY2Y5ZWJhMzIzOWMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwXoJ9785AH+MY+wW9vPjsop9Uw1QyThB2Rts7V1MbZ3G8
ouhn3mrbyAyzFmVaclzAmx3eetVK40WA9JCnFYQc+ugHVIKnPK/wiw2WpiFoCJO9
S8qayBLwXuRfzuBFY/FWLZLVpk7T7sbD6DSIHqb1RTL7t0EutQebGfGst/I5gFCw
N6LFAGD64Dqpeg/RBvKrpOTwzfjf0EkvnCJeOjtLsznR49zqDE8sWLzaiui5MMtn
Shqg3vk4KmKmM1ngtmEE+4d6VZuLI4Rky4vSeGnwi5YJyMNks9Fa5Fch7LcFw2XY
/PpeoONDV/tcbBXeVNAdhiKvnHn+1xXVC/EAv/8xAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUWKSXXc6q/rKOgPHMy9yeKtWwxP8wHwYDVR0jBBgwFoAUbcpl0HFNfvJW
kLwJE9NU26yJKl4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83Mjc2YjJmYS01
NDhkLTQ5NzAtODMxNC04ZDczOTQ1YzM0ZDgvNmY5Yjk4NWIwZmU1ZGVmMDliOTk0
ZjhjZjYwYmFkOGM5MDI5YzAwNjU3NzUwYjIyNjcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjNmNmI2ODgtY2ZmNC00MDJmLTk3ZDUtMDJm
NmYxODg2YjdlL2E4ZmY5MzM3LTIxZDgtNGQ1ZS1iOTg4LWQxYTk4M2Q3M2FlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2IzZjZiNjg4LWNmZjQtNDAyZi05N2Q1
LTAyZjZmMTg4NmI3ZS81ZDd3bTVsUGpQWUxyWXlRS2NBR1YzVUxJbWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBclAMA0GCSqGSIb3DQEBCwUAA4IBAQBlF78YQW22GGR/fCcmkHofufZF
XbTwSCkMvXyy2hSAgrb6m16feMJYgkBFgDjIWlTA8+BPjs6EnZ2Knczz2C+Ry6ZH
faPNVJ5Gd3Q4F0+GG/wTemNn97lt5NHtjASd+Isr+zOrQGTppaqWpy3BjUpg1ysr
0wYMHxoc4N1S1PCOUZbHSK3rbcFViBr7kTgHTcHp9fplWJ9zX5fxoW+FMFQ3zVxA
YxxkqGCV5JQUKFLW9JwOmjQHUI5/D9MXWqqZ5ScMSB2omb4cD8r2wsl5JnMm708Y
j3ixW3vfQWQTHN6v7fZM1wjSgPV537KZT2G+BKC8L0qXHFtj9uxRa/PGLh/b
-----END CERTIFICATE-----