Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/946e4b4c-a91a-42ac-b2df-efffb32fe9fb.roa
File:                     946e4b4c-a91a-42ac-b2df-efffb32fe9fb.roa (raw, json)
Hash identifier:          XLRCZvZe1wid2XiQtJ/dUPNedzrc9tGLNa6smSfZqWk=
Subject key identifier:   B5:E5:FA:8A:95:52:9A:5E:F9:44:F6:D3:87:58:91:F3:E8:D1:B3:09
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76D45E3EC91A9E11F73CCF0EC7430273F0965B88
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/946e4b4c-a91a-42ac-b2df-efffb32fe9fb.roa
Signing time:             Fri 28 Mar 2025 00:40:22 +0000
ROA not before:           Fri 28 Mar 2025 00:40:22 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:a400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d4:5e:3e:c9:1a:9e:11:f7:3c:cf:0e:c7:43:02:73:f0:96:5b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:40:22 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cc:a3:b3:34:8d:c6:85:25:4e:d9:e7:d5:fd:
                    e1:0d:3f:f5:04:14:47:95:b8:3c:fd:56:04:dd:d6:
                    ab:98:fa:11:dc:19:90:5b:c9:49:3f:b2:92:8f:4c:
                    c0:46:c8:f6:4e:d6:f0:a7:a4:e6:96:90:cc:d9:ed:
                    de:b6:32:70:80:7a:3e:00:90:43:52:65:42:2e:e1:
                    9b:28:47:4a:e6:84:e3:50:9e:1a:8b:d8:d9:0e:06:
                    71:3d:f3:58:d4:f4:6e:89:8d:ba:04:45:45:fb:b8:
                    ca:76:06:76:93:8f:9e:24:25:f3:63:52:de:f7:c1:
                    5c:16:67:c1:76:3d:0e:55:07:64:5c:d8:2a:5e:fc:
                    9d:8d:d2:7a:90:89:8e:77:91:20:ab:54:b0:fd:61:
                    9f:b0:e9:79:3a:f4:ac:a3:b8:5e:e6:1e:c0:df:cb:
                    0a:09:80:87:c1:37:56:ac:35:02:d8:4a:21:06:08:
                    9b:2e:29:3f:2c:72:08:2c:8b:25:22:cf:e3:95:e3:
                    98:2e:3b:1c:6f:29:4c:25:49:c6:91:38:42:34:fc:
                    2a:56:7b:9b:4c:ac:b1:c1:7a:31:31:17:86:10:f7:
                    dc:9e:c2:bb:34:fd:22:4a:81:51:70:9e:50:31:6a:
                    73:1a:97:93:5a:e0:88:6d:10:b2:bb:4d:53:76:9d:
                    e8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:E5:FA:8A:95:52:9A:5E:F9:44:F6:D3:87:58:91:F3:E8:D1:B3:09
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/946e4b4c-a91a-42ac-b2df-efffb32fe9fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:cc:b5:a0:ab:4c:6a:36:ae:7c:60:e4:a0:1e:ac:3a:05:e6:
         de:a7:f0:9a:62:db:92:4d:5e:9f:69:56:64:c8:f5:29:e9:50:
         b7:0c:2e:87:07:d3:68:0b:cd:fc:72:db:f8:da:95:2e:d7:94:
         7e:4a:a9:95:eb:a2:68:bc:1d:36:3a:07:43:af:4e:33:18:6f:
         c2:e8:cc:3b:3a:92:7f:36:ab:f2:88:59:6e:fa:bc:94:d3:d6:
         92:6b:aa:5a:cb:d9:7b:b4:ff:e0:6a:c6:a3:9d:fc:d0:32:7c:
         ea:76:cb:3a:3e:4c:61:ea:8a:1f:f7:45:ff:42:5e:17:70:62:
         bb:cd:4b:7b:4d:89:4d:1d:2e:dc:91:1b:ab:4c:c1:2d:39:9d:
         b9:a9:4f:f6:4a:e0:a2:cd:e5:19:28:9b:0d:13:1f:4d:12:c2:
         f5:a3:63:05:c0:6d:4d:65:11:9a:2f:4a:95:68:9f:38:7e:d6:
         cf:21:58:c0:94:40:b4:4d:b5:fe:d8:6c:74:3e:7f:89:ab:37:
         7e:17:91:1f:10:51:8f:4c:c9:44:f4:f5:a2:11:42:49:1f:2a:
         9f:bc:c6:95:9d:bf:88:49:fe:94:16:27:a8:e8:1d:1a:64:3f:
         f8:0a:7c:ef:cc:02:bb:cc:74:2b:95:d0:a7:85:ed:d7:ef:22:
         2c:56:85:30
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUdtRePskanhH3PM8Ox0MCc/CWW4gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDA0MDIyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NmIwNDNlZTNlZDUzYTYzY2VmMTQ4NWZmNzFjMmQyZGFl
MTBjNTM2YTYwOGIzMGI1M2YwNGU1OTg2NGU5NWMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpzKOzNI3GhSVO2efV/eENP/UEFEeVuDz9VgTd1quY+hHc
GZBbyUk/spKPTMBGyPZO1vCnpOaWkMzZ7d62MnCAej4AkENSZUIu4ZsoR0rmhONQ
nhqL2NkOBnE981jU9G6JjboERUX7uMp2BnaTj54kJfNjUt73wVwWZ8F2PQ5VB2Rc
2Cpe/J2N0nqQiY53kSCrVLD9YZ+w6Xk69KyjuF7mHsDfywoJgIfBN1asNQLYSiEG
CJsuKT8scggsiyUiz+OV45guOxxvKUwlScaROEI0/CpWe5tMrLHBejExF4YQ99ye
wrs0/SJKgVFwnlAxanMal5Na4IhtELK7TVN2nehjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUteX6ipVSml75RPbTh1iR8+jRswkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0NmU0YjRjLWE5MWEtNDJhYy1iMmRmLWVmZmZiMzJmZTlmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/ypDANBgkqhkiG9w0BAQsFAAOCAQEAMcy1oKtMajaufGDkoB6sOgXm
3qfwmmLbkk1en2lWZMj1KelQtwwuhwfTaAvN/HLb+NqVLteUfkqpleuiaLwdNjoH
Q69OMxhvwujMOzqSfzar8ohZbvq8lNPWkmuqWsvZe7T/4GrGo5380DJ86nbLOj5M
YeqKH/dF/0JeF3Biu81Le02JTR0u3JEbq0zBLTmdualP9krgos3lGSibDRMfTRLC
9aNjBcBtTWURmi9KlWifOH7WzyFYwJRAtE21/thsdD5/ias3fheRHxBRj0zJRPT1
ohFCSR8qn7zGlZ2/iEn+lBYnqOgdGmQ/+Ap878wCu8x0K5XQp4Xt1+8iLFaFMA==
-----END CERTIFICATE-----