Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/15bb3a95-996e-4ced-b889-69ac9faeacfa.roa
File:                     15bb3a95-996e-4ced-b889-69ac9faeacfa.roa (raw, json)
Hash identifier:          IfXoe2zA4/OOCVtBT6rIdxBl7ZfPXDopO+4htcejrPA=
Subject key identifier:   C8:0B:9B:17:E0:0A:27:8F:25:FE:E8:05:A0:4D:0D:5D:80:83:DE:14
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F929CFB288F8A39F6B71FCE43BC26E4AFF641E0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/15bb3a95-996e-4ced-b889-69ac9faeacfa.roa
Signing time:             Fri 21 Mar 2025 00:11:00 +0000
ROA not before:           Fri 21 Mar 2025 00:11:00 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.49.64.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:92:9c:fb:28:8f:8a:39:f6:b7:1f:ce:43:bc:26:e4:af:f6:41:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:11:00 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7e:7a:ac:32:b4:b8:62:8a:98:b8:e3:be:44:
                    f1:62:72:9b:2c:b1:64:b4:69:05:d9:a6:8f:61:67:
                    5a:1b:f6:07:c9:29:a6:80:89:2b:2a:a2:9a:05:cd:
                    1a:3a:16:b3:5b:cd:f6:53:42:55:99:bc:eb:9f:08:
                    07:d0:da:ee:16:d0:4a:5d:cc:e2:c4:43:02:28:ca:
                    f9:06:bc:f7:52:eb:eb:96:b3:73:b0:34:b5:47:07:
                    9a:f1:ef:11:a7:c6:52:c8:06:aa:c6:1a:95:30:b0:
                    c8:e1:33:46:c7:59:6d:56:14:5d:ae:7e:7b:6d:08:
                    5d:44:b2:45:80:d5:2e:d2:4a:dc:a4:60:0e:45:24:
                    c5:d8:ca:98:26:9d:9e:0f:7e:88:14:d8:5e:62:c6:
                    b3:ea:ba:ba:96:5b:f3:16:96:0b:a0:7d:ea:60:bd:
                    b0:89:fa:e7:0c:e4:25:a7:49:91:bf:99:c1:c0:ec:
                    51:84:06:70:90:60:e8:51:99:67:e1:24:81:cc:4c:
                    24:b7:5d:d7:0a:57:bd:dd:fe:b0:53:11:71:43:df:
                    4d:00:00:63:10:07:d5:cf:d2:3b:c0:d9:6d:54:36:
                    4c:ca:6e:93:d6:b9:88:0d:aa:ac:2b:62:90:e5:b3:
                    ef:e9:2b:5e:cd:ed:fd:ea:57:97:e9:0a:94:aa:43:
                    3b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0B:9B:17:E0:0A:27:8F:25:FE:E8:05:A0:4D:0D:5D:80:83:DE:14
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/15bb3a95-996e-4ced-b889-69ac9faeacfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.49.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1d:be:86:16:9a:0d:21:38:30:34:fe:44:fc:ec:26:e3:82:20:
         d5:78:98:67:8b:41:c6:62:cf:a6:eb:7b:6a:b6:05:56:bd:a6:
         0a:88:9b:07:4d:ef:30:ff:d9:79:99:50:53:46:60:a2:d5:83:
         89:54:71:1b:71:95:18:a1:f2:15:d4:69:3f:63:ae:52:25:25:
         c2:03:46:1e:c4:1b:9a:47:9d:c0:53:13:bf:6c:bf:38:f4:e8:
         6f:4d:8e:d5:bc:3b:2e:e1:fd:49:21:68:f4:fa:d2:03:71:bb:
         ce:50:21:27:97:a8:e9:09:b8:ab:d4:88:35:38:6e:17:66:c4:
         4f:32:04:da:75:bf:b6:3d:97:c4:8b:bb:16:ee:23:20:f0:43:
         d9:85:ab:82:52:1d:2f:05:aa:67:75:26:ee:23:7a:d9:5a:10:
         be:8a:0f:e6:71:be:ba:4f:6b:b0:3b:96:fe:45:80:3e:d9:3c:
         e1:b4:a3:74:e6:d5:f6:73:3a:40:88:e1:b7:25:39:ac:f6:85:
         08:21:66:d6:7c:5b:5a:66:f8:76:c0:59:a5:5a:bb:1a:2e:f9:
         78:fb:27:91:3f:12:f6:be:f7:fd:bd:b5:a3:7e:3f:8f:41:b0:
         b9:21:76:ec:ad:5e:5d:4e:65:70:88:7a:1b:bf:dc:c5:d2:ea:
         95:12:00:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb5Kc+yiPijn2tx/OQ7wm5K/2QeAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAxMTAwWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODc4ZGMzN2MxNzkxZTYzNzUzZTU5OTQ5NjEyYTkxZjlj
NWY1Y2M1NTkyMmFjOTc1NDg0NTBkMTg5NTM3YThkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBfnqsMrS4YoqYuOO+RPFicpsssWS0aQXZpo9hZ1ob9gfJ
KaaAiSsqopoFzRo6FrNbzfZTQlWZvOufCAfQ2u4W0EpdzOLEQwIoyvkGvPdS6+uW
s3OwNLVHB5rx7xGnxlLIBqrGGpUwsMjhM0bHWW1WFF2ufnttCF1EskWA1S7SStyk
YA5FJMXYypgmnZ4PfogU2F5ixrPqurqWW/MWlgugfepgvbCJ+ucM5CWnSZG/mcHA
7FGEBnCQYOhRmWfhJIHMTCS3XdcKV73d/rBTEXFD300AAGMQB9XP0jvA2W1UNkzK
bpPWuYgNqqwrYpDls+/pK17N7f3qV5fpCpSqQzufAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyAubF+AKJ48l/ugFoE0NXYCD3hQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1YmIzYTk1LTk5NmUtNGNlZC1iODg5LTY5YWM5ZmFlYWNmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYMUAwDQYJKoZIhvcNAQELBQADggEBAB2+hhaaDSE4MDT+RPzsJuOCINV4
mGeLQcZiz6bre2q2BVa9pgqImwdN7zD/2XmZUFNGYKLVg4lUcRtxlRih8hXUaT9j
rlIlJcIDRh7EG5pHncBTE79svzj06G9NjtW8Oy7h/UkhaPT60gNxu85QISeXqOkJ
uKvUiDU4bhdmxE8yBNp1v7Y9l8SLuxbuIyDwQ9mFq4JSHS8Fqmd1Ju4jetlaEL6K
D+ZxvrpPa7A7lv5FgD7ZPOG0o3Tm1fZzOkCI4bclOaz2hQghZtZ8W1pm+HbAWaVa
uxou+Xj7J5E/Eva+9/29taN+P49BsLkhduytXl1OZXCIehu/3MXS6pUSAOk=
-----END CERTIFICATE-----