Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/834ff2b2-55b6-4011-9d9b-451a7311335d.roa
File:                     834ff2b2-55b6-4011-9d9b-451a7311335d.roa (raw, json)
Hash identifier:          uz9oQiWk2+oOuX1Cayq6DwUs0qYmdQL4/VT80DRTZTk=
Subject key identifier:   29:B1:B1:2A:7B:43:78:41:6F:5A:7F:75:B3:B4:8E:41:4F:08:FF:68
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1BD3F2B79B7E30EA37495CE6C4BD12E7DF4335CF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/834ff2b2-55b6-4011-9d9b-451a7311335d.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d036:b000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:d3:f2:b7:9b:7e:30:ea:37:49:5c:e6:c4:bd:12:e7:df:43:35:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=9f219caf08489b296480c7ee20af4eca9d16229b7aea1a2f0bdc0565ddd96e72, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:62:eb:75:5f:15:36:e6:43:ef:e6:8a:5f:24:
                    59:df:e5:2b:76:ed:a6:76:98:0b:bd:45:78:64:7c:
                    a6:f5:fd:3c:59:cd:11:ff:49:b6:75:97:b2:c9:29:
                    f4:e9:c5:1c:ea:52:f3:15:6e:40:05:30:72:10:f8:
                    24:b3:99:96:e9:b4:ae:35:4b:58:1f:8d:01:a3:5f:
                    13:85:a4:a9:35:02:42:42:3e:79:46:2b:70:94:80:
                    1e:1a:10:a1:08:b8:af:00:7f:60:fc:f1:6a:4f:7c:
                    1f:ed:69:49:5f:9c:11:ee:76:c8:07:39:d6:4c:71:
                    bf:6a:a6:57:29:f4:79:9f:b9:aa:af:e6:c8:16:f1:
                    b9:6c:73:41:57:0d:1d:d4:56:dc:30:17:4e:e7:59:
                    cb:1d:4d:08:f3:cd:10:a4:b1:2f:bd:95:6c:1f:86:
                    cf:67:23:49:61:51:b1:28:1a:1f:22:29:9c:fe:99:
                    5e:91:d9:12:71:03:f3:1a:44:04:ab:aa:62:ea:65:
                    eb:6a:e2:97:e0:ac:49:04:f0:bf:98:d2:3c:52:17:
                    89:7e:06:cc:69:26:07:4d:40:be:8c:8f:56:98:6f:
                    73:2f:f9:09:53:db:8b:5b:65:17:db:7f:2e:f9:a6:
                    af:b4:9a:29:57:07:54:85:20:73:f3:32:f6:81:5e:
                    06:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B1:B1:2A:7B:43:78:41:6F:5A:7F:75:B3:B4:8E:41:4F:08:FF:68
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/834ff2b2-55b6-4011-9d9b-451a7311335d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d036:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:93:7d:a8:5d:3c:b7:0d:a1:85:c2:05:39:0e:e7:c8:39:c8:
         95:f6:f1:10:c2:b1:36:b0:70:d5:e9:b7:5d:bb:b3:4c:25:e2:
         6f:1c:ce:d9:cf:08:81:75:5c:14:56:e8:5d:85:fe:87:a2:a6:
         9f:c0:97:17:21:63:78:69:3c:9d:1b:7d:03:61:26:1f:fb:8c:
         44:2e:38:c7:f5:24:60:53:43:7d:71:1d:db:d3:06:28:da:d0:
         9c:e7:64:ab:c0:ee:ef:d4:6d:5a:cd:f8:19:59:91:63:a0:47:
         af:b3:35:f8:62:86:09:3b:7c:28:0e:c6:29:75:50:31:33:08:
         05:fc:43:2b:80:4b:52:a6:94:79:42:64:10:69:5b:dd:a9:17:
         96:fc:fc:95:2a:01:25:4d:cf:26:47:56:46:8d:45:38:78:aa:
         f7:ec:7d:e6:4a:24:fa:fd:ee:b6:1d:fe:f0:1b:33:5f:78:90:
         14:e4:91:a5:7f:ca:a1:72:35:30:f4:20:93:51:02:ad:15:86:
         bc:5a:d2:b1:63:5f:2b:5f:1a:59:c9:35:f8:37:31:d8:a5:ee:
         e1:45:ac:1a:d1:1b:1c:f9:4f:4c:4a:1f:f5:6e:4d:0d:bd:45:
         d9:85:96:e5:5a:11:98:54:5a:c1:c5:be:71:33:42:e8:35:8a:
         c0:3b:56:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUG9Pyt5t+MOo3SVzmxL0S599DNc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAxMDgwMDAwMDBaFw0yNTAyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmMjE5Y2FmMDg0ODliMjk2NDgwYzdlZTIwYWY0ZWNhOWQxNjIyOWI3YWVh
MWEyZjBiZGMwNTY1ZGRkOTZlNzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOFi63VfFTbmQ+/mil8kWd/lK3btpnaYC71FeGR8pvX9PFnNEf9JtnWXsskp
9OnFHOpS8xVuQAUwchD4JLOZlum0rjVLWB+NAaNfE4WkqTUCQkI+eUYrcJSAHhoQ
oQi4rwB/YPzxak98H+1pSV+cEe52yAc51kxxv2qmVyn0eZ+5qq/myBbxuWxzQVcN
HdRW3DAXTudZyx1NCPPNEKSxL72VbB+Gz2cjSWFRsSgaHyIpnP6ZXpHZEnED8xpE
BKuqYupl62ril+CsSQTwv5jSPFIXiX4GzGkmB01AvoyPVphvcy/5CVPbi1tlF9t/
Lvmmr7SaKVcHVIUgc/My9oFeBiUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQpsbEq
e0N4QW9af3WztI5BTwj/aDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODM0ZmYyYjItNTViNi00MDExLTlkOWItNDUxYTczMTEzMzVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Daw
MA0GCSqGSIb3DQEBCwUAA4IBAQCRk32oXTy3DaGFwgU5DufIOciV9vEQwrE2sHDV
6bddu7NMJeJvHM7ZzwiBdVwUVuhdhf6HoqafwJcXIWN4aTydG30DYSYf+4xELjjH
9SRgU0N9cR3b0wYo2tCc52SrwO7v1G1azfgZWZFjoEevszX4YoYJO3woDsYpdVAx
MwgF/EMrgEtSppR5QmQQaVvdqReW/PyVKgElTc8mR1ZGjUU4eKr37H3mSiT6/e62
Hf7wGzNfeJAU5JGlf8qhcjUw9CCTUQKtFYa8WtKxY18rXxpZyTX4NzHYpe7hRawa
0Rsc+U9MSh/1bk0NvUXZhZblWhGYVFrBxb5xM0LoNYrAO1Zq
-----END CERTIFICATE-----
Generated at Sat May 3 03:42:45 2025 by rpki-client