Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/346064b3-f3d1-4884-abe1-0e54d6d91914.roa
File:                     346064b3-f3d1-4884-abe1-0e54d6d91914.roa (raw, json)
Hash identifier:          VznxSshOp+/tgcNyM3A2lr5UJHE9ItR6mXzhcqbMKgo=
Subject key identifier:   0F:E6:42:A5:7C:AB:3C:76:36:E2:5E:63:B2:4E:A4:A3:76:F4:00:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A300C5D458BBF0BFC200B1F67FB52497DF5693A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/346064b3-f3d1-4884-abe1-0e54d6d91914.roa
Signing time:             Fri 28 Mar 2025 00:31:20 +0000
ROA not before:           Fri 28 Mar 2025 00:31:20 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:80a0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:30:0c:5d:45:8b:bf:0b:fc:20:0b:1f:67:fb:52:49:7d:f5:69:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:31:20 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:03:c9:2b:a0:be:af:c7:aa:e4:80:d2:46:fb:
                    9a:16:8c:9e:44:c8:6f:7b:a7:ae:d7:c2:d0:60:99:
                    ff:86:f3:d5:ea:41:8e:51:b1:b7:d5:4e:e0:76:bb:
                    c3:d7:02:5e:0a:53:d3:0b:23:24:1f:85:70:de:4a:
                    84:d6:8c:73:1f:86:bb:30:da:85:eb:ee:a2:b5:ab:
                    c8:04:d4:33:ef:38:47:45:2f:02:af:c3:e8:a3:97:
                    70:91:2c:d1:00:1a:31:33:f4:a6:93:5d:9f:89:dd:
                    58:63:94:a1:be:e0:fc:21:07:2d:fa:40:1c:ea:16:
                    25:77:2e:78:2e:f7:ad:60:8b:a1:b4:d3:6f:41:55:
                    f1:d5:8f:ec:37:8d:61:a9:50:fa:4b:b9:75:0c:47:
                    a1:24:83:59:68:c5:a2:61:32:6d:3f:87:43:d6:89:
                    c2:b4:9a:1a:74:d4:1b:a5:97:b5:ed:11:b1:e6:09:
                    0c:68:d6:89:16:b4:d3:a1:f0:cc:7f:ba:c5:6a:4c:
                    63:75:7c:c4:ce:f2:9f:56:70:f1:85:cd:88:bd:3f:
                    df:cc:8f:48:7a:68:5a:74:0a:1f:b6:93:45:2e:96:
                    1b:ef:94:96:86:e1:57:48:9a:c3:3a:88:86:d9:03:
                    0d:80:fa:df:46:ba:aa:db:a0:f0:04:df:d5:39:29:
                    b0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:E6:42:A5:7C:AB:3C:76:36:E2:5E:63:B2:4E:A4:A3:76:F4:00:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/346064b3-f3d1-4884-abe1-0e54d6d91914.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:80a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:f3:3a:7a:ff:78:f0:e2:f4:15:c8:80:71:a0:5f:eb:14:ac:
         9d:b9:cd:65:1b:60:f9:72:e3:d0:03:49:8e:80:21:f7:af:57:
         32:c9:ce:6b:af:7d:c9:b5:d4:3d:91:21:59:e7:de:57:54:44:
         78:e9:86:43:69:8a:c8:d4:dd:08:b8:6b:7e:23:bc:55:4b:f7:
         0e:f4:ad:1e:a4:c2:39:48:40:be:44:cc:17:70:6f:58:1a:51:
         8b:19:e7:14:59:57:7c:61:9f:dc:b6:42:83:7f:b3:61:44:20:
         5a:40:da:6e:83:e5:a0:05:6d:ba:bd:0a:50:71:d5:6e:53:5d:
         12:42:bd:89:ad:2a:de:e5:17:e3:a1:5c:39:bd:57:7a:56:40:
         92:20:d3:b1:39:ba:6d:e8:49:21:3d:60:9f:28:59:7f:87:40:
         ab:d3:67:43:6f:df:e7:23:7e:a3:69:d9:58:c2:2e:23:bd:60:
         f5:3e:1b:d8:e4:85:4d:6d:1a:f9:88:e8:fe:c9:cc:89:4b:f3:
         f5:cf:b2:bb:3b:c7:0c:13:ba:2b:06:6d:18:98:3e:06:99:01:
         21:ce:40:e1:25:f1:38:7b:46:59:3b:47:f3:18:b9:0d:48:de:
         e3:55:e7:5d:6a:ec:bf:6b:76:a1:c1:63:44:5b:8c:3c:f5:44:
         e0:d9:a6:17
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKjAMXUWLvwv8IAsfZ/tSSX31aTowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAzMTIwWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDRmY2Y1NjI0MzVjZThmMjE0ZGZiZjBjZTZiY2RjMmU3
ZDE3ZGQ1ZDE0NWU1MDFhZDBhZWEyNzRmOGQxYWMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcA8kroL6vx6rkgNJG+5oWjJ5EyG97p67XwtBgmf+G89Xq
QY5RsbfVTuB2u8PXAl4KU9MLIyQfhXDeSoTWjHMfhrsw2oXr7qK1q8gE1DPvOEdF
LwKvw+ijl3CRLNEAGjEz9KaTXZ+J3VhjlKG+4PwhBy36QBzqFiV3Lngu961gi6G0
029BVfHVj+w3jWGpUPpLuXUMR6Ekg1loxaJhMm0/h0PWicK0mhp01Bull7XtEbHm
CQxo1okWtNOh8Mx/usVqTGN1fMTO8p9WcPGFzYi9P9/Mj0h6aFp0Ch+2k0Uulhvv
lJaG4VdImsM6iIbZAw2A+t9GuqrboPAE39U5KbAHAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUD+ZCpXyrPHY24l5jsk6ko3b0AO0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NjA2NGIzLWYzZDEtNDg4NC1hYmUxLTBlNTRkNmQ5MTkxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hgKAwDQYJKoZIhvcNAQELBQADggEBAKXzOnr/ePDi9BXIgHGgX+sU
rJ25zWUbYPly49ADSY6AIfevVzLJzmuvfcm11D2RIVnn3ldURHjphkNpisjU3Qi4
a34jvFVL9w70rR6kwjlIQL5EzBdwb1gaUYsZ5xRZV3xhn9y2QoN/s2FEIFpA2m6D
5aAFbbq9ClBx1W5TXRJCvYmtKt7lF+OhXDm9V3pWQJIg07E5um3oSSE9YJ8oWX+H
QKvTZ0Nv3+cjfqNp2VjCLiO9YPU+G9jkhU1tGvmI6P7JzIlL8/XPsrs7xwwTuisG
bRiYPgaZASHOQOEl8Th7Rlk7R/MYuQ1I3uNV511q7L9rdqHBY0RbjDz1RODZphc=
-----END CERTIFICATE-----