Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/154c39ec-28ce-41bb-ad0d-c48503198277.roa
File:                     154c39ec-28ce-41bb-ad0d-c48503198277.roa (raw, json)
Hash identifier:          ua6pOWJAGo37sAZ5QtJmqllMQSWX5cE/hdIZIrJRETg=
Subject key identifier:   45:5A:41:A6:02:54:6F:7C:CD:32:B7:D0:13:AD:C8:EF:C0:CE:B2:02
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       65CD13236F148A128D8D3318690FB55CEFEF8D65
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/154c39ec-28ce-41bb-ad0d-c48503198277.roa
Signing time:             Fri 28 Mar 2025 16:31:07 +0000
ROA not before:           Fri 28 Mar 2025 16:31:07 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:7400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:cd:13:23:6f:14:8a:12:8d:8d:33:18:69:0f:b5:5c:ef:ef:8d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:31:07 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ff:73:d7:06:a5:eb:46:02:ae:ad:5b:30:51:
                    dc:7f:df:a5:57:38:8d:59:fb:2f:11:09:d2:1b:4e:
                    4f:49:43:ac:31:69:74:d2:3c:73:f5:5d:56:d5:cd:
                    53:75:48:63:0c:7f:40:70:90:e5:2c:e6:f0:7a:e9:
                    b1:06:ce:cd:b8:f3:5c:29:99:2f:48:44:e9:e8:bf:
                    7c:5e:4f:32:db:5c:bd:a8:64:4d:70:74:69:d3:2a:
                    57:f8:04:de:98:1b:f4:de:da:be:60:bb:cc:30:f0:
                    b2:b2:54:10:0e:d5:25:4c:87:df:9f:3b:75:c9:8d:
                    ef:42:58:c2:3c:62:fd:fa:54:1d:9f:a3:1c:f0:3e:
                    d6:a3:c9:bd:bd:4f:ab:56:0c:ad:09:23:24:2a:d1:
                    f4:15:d2:9a:71:af:52:9f:92:0a:6a:a9:75:dc:04:
                    68:a9:77:3d:7c:2b:ba:79:f5:ee:b8:15:23:f6:60:
                    61:e3:ab:e9:79:47:7d:fc:49:d0:8a:12:68:41:87:
                    95:2f:93:37:04:20:1a:b1:c0:5f:c3:13:ec:27:24:
                    cf:6a:9d:9d:33:6b:6e:9c:8b:b3:a4:ed:2b:47:96:
                    b1:71:eb:94:fb:8f:3a:a4:81:81:58:9a:7e:ff:e2:
                    3e:15:78:28:b4:06:b3:53:ba:b4:43:df:dc:04:42:
                    54:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5A:41:A6:02:54:6F:7C:CD:32:B7:D0:13:AD:C8:EF:C0:CE:B2:02
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/154c39ec-28ce-41bb-ad0d-c48503198277.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:c7:e3:a5:03:1d:fc:86:cc:29:5e:e3:e2:00:85:c5:98:fa:
         05:e7:8d:70:9b:25:74:72:c3:2f:cc:ed:88:d0:51:1b:2f:c1:
         00:3e:62:0a:a3:e3:56:a2:79:e8:57:d0:5c:80:9f:61:47:30:
         ae:ee:e8:06:13:98:8b:f6:a0:4a:80:80:bf:50:4a:1e:7d:1e:
         bc:52:3c:22:2d:8c:34:8d:1e:e0:eb:61:fe:62:6f:1c:ae:2f:
         89:00:fc:96:96:75:04:2e:e9:4d:f0:e0:aa:49:2e:bc:db:a9:
         7a:aa:3d:62:f2:20:7c:e0:59:47:54:e1:38:7c:79:b7:ce:f0:
         84:c3:54:5e:7a:5c:6b:c6:0f:47:db:6e:6c:46:0a:7e:71:1f:
         5e:27:13:9b:0f:73:cb:4f:04:13:57:81:26:0a:4d:4a:a4:34:
         80:7e:04:0d:31:59:ef:8d:12:a0:9c:b4:89:a9:8b:bb:48:19:
         c0:d6:89:d3:10:30:c4:2e:bc:71:c4:e3:6f:83:79:bb:da:5e:
         7c:aa:63:4d:9d:2f:eb:77:fa:87:39:4b:f2:74:c7:52:36:31:
         1b:9a:7b:4b:83:9c:26:7a:ec:a2:20:d7:d5:09:b0:a6:e3:7f:
         9b:31:80:e1:d2:9d:da:3c:5d:c7:be:b4:17:ac:a4:13:2e:a8:
         0e:75:e5:3f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZc0TI28UihKNjTMYaQ+1XO/vjWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYzMTA3WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2JiMmEyYmYyN2I4ZmMzOGU4ZmZkNDg5MzdhMjJkY2Rh
NGMyNDBmNmQxYmFlN2QwZmY3ZjJlYjI4NDM0MmIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ/3PXBqXrRgKurVswUdx/36VXOI1Z+y8RCdIbTk9JQ6wx
aXTSPHP1XVbVzVN1SGMMf0BwkOUs5vB66bEGzs2481wpmS9IROnov3xeTzLbXL2o
ZE1wdGnTKlf4BN6YG/Te2r5gu8ww8LKyVBAO1SVMh9+fO3XJje9CWMI8Yv36VB2f
oxzwPtajyb29T6tWDK0JIyQq0fQV0ppxr1KfkgpqqXXcBGipdz18K7p59e64FSP2
YGHjq+l5R338SdCKEmhBh5UvkzcEIBqxwF/DE+wnJM9qnZ0za26ci7Ok7StHlrFx
65T7jzqkgYFYmn7/4j4VeCi0BrNTurRD39wEQlQZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQURVpBpgJUb3zNMrfQE63I78DOsgIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1NGMzOWVjLTI4Y2UtNDFiYi1hZDBkLWM0ODUwMzE5ODI3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wdDANBgkqhkiG9w0BAQsFAAOCAQEAjMfjpQMd/IbMKV7j4gCFxZj6
BeeNcJsldHLDL8ztiNBRGy/BAD5iCqPjVqJ56FfQXICfYUcwru7oBhOYi/agSoCA
v1BKHn0evFI8Ii2MNI0e4Oth/mJvHK4viQD8lpZ1BC7pTfDgqkkuvNupeqo9YvIg
fOBZR1ThOHx5t87whMNUXnpca8YPR9tubEYKfnEfXicTmw9zy08EE1eBJgpNSqQ0
gH4EDTFZ740SoJy0iamLu0gZwNaJ0xAwxC68ccTjb4N5u9pefKpjTZ0v63f6hzlL
8nTHUjYxG5p7S4OcJnrsoiDX1QmwpuN/mzGA4dKd2jxdx760F6ykEy6oDnXlPw==
-----END CERTIFICATE-----