Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc7acccf-d352-4baa-891a-aa5bf4515372.roa
File:                     dc7acccf-d352-4baa-891a-aa5bf4515372.roa (raw, json)
Hash identifier:          bZKrQbRSnGAFKYBXqrNfaXjCaaoFmNtQ1SA2/Sng1Bk=
Subject key identifier:   52:1E:1D:95:60:11:A7:A8:DB:2D:3C:3A:5B:8C:F3:23:98:86:9E:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68C4DEADB8AE292D4B5ACE01BAECBC9CFB6305AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc7acccf-d352-4baa-891a-aa5bf4515372.roa
Signing time:             Fri 28 Mar 2025 15:51:01 +0000
ROA not before:           Fri 28 Mar 2025 15:51:01 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        156.66.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:c4:de:ad:b8:ae:29:2d:4b:5a:ce:01:ba:ec:bc:9c:fb:63:05:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:51:01 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:77:fa:d8:5b:96:8f:0c:a6:e8:11:95:a9:96:
                    6a:3c:d0:9e:ee:23:6e:db:22:5f:37:86:fe:50:e6:
                    7a:dc:2c:c3:c6:7d:a0:f6:0f:33:96:3f:3d:39:c0:
                    e6:08:d4:12:db:ad:a7:20:9c:b2:61:ce:4d:9a:b3:
                    56:b0:3e:6a:0a:b8:96:19:41:38:28:a3:db:47:9e:
                    be:13:06:08:8f:48:82:36:26:50:43:8e:ec:e8:0f:
                    e3:d6:ad:cf:08:2b:a5:e8:28:22:c2:76:48:4f:08:
                    a2:30:ad:4d:30:12:35:0c:ac:b8:a3:e5:38:34:5e:
                    4d:41:b4:19:83:61:8b:8c:05:e7:61:ca:9a:a2:59:
                    ac:b3:6f:70:f8:bc:c5:17:d9:4a:13:96:e8:40:49:
                    6c:12:f4:f0:b6:ef:7d:95:5a:23:be:f1:58:83:ff:
                    cf:07:16:bd:d6:c2:fc:2f:4d:8d:45:f1:48:77:3e:
                    5f:e2:27:ae:09:b4:9b:be:9f:3e:ed:d4:e3:6c:61:
                    87:87:98:4f:16:af:e0:63:d2:f4:61:a0:bd:27:3e:
                    41:40:fd:b8:fd:a6:43:c1:ed:0c:02:a7:47:47:9f:
                    45:d7:ea:e5:50:65:22:61:b6:3f:39:de:28:7f:58:
                    55:30:d3:83:55:68:85:80:9c:d8:63:93:89:8b:cd:
                    5a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1E:1D:95:60:11:A7:A8:DB:2D:3C:3A:5B:8C:F3:23:98:86:9E:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc7acccf-d352-4baa-891a-aa5bf4515372.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.66.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b4:ad:b7:76:d9:b4:b5:db:d0:75:a3:de:51:ed:e1:ce:4f:a1:
         f7:64:b3:26:05:97:31:12:ac:83:ad:38:6b:69:e2:9a:21:39:
         05:97:a0:e0:01:c9:45:c1:74:14:8e:a8:29:6e:fc:e1:aa:96:
         7d:b1:e9:ba:db:1e:33:0b:8f:16:e0:a8:18:63:fb:3a:e0:77:
         e9:22:90:1f:ad:14:fd:44:79:84:96:42:7b:c8:5a:2b:88:55:
         94:b9:09:d6:16:b9:27:ea:78:9e:b1:2f:6d:4d:59:29:78:f2:
         4b:7c:43:f3:48:b7:76:73:16:12:2c:83:ff:17:99:1b:41:28:
         f7:b9:12:78:04:29:39:44:e2:f7:72:74:44:a5:ac:bb:20:03:
         68:2f:0c:a2:1f:b9:ca:6d:78:30:fb:3e:cd:4a:2b:ee:e8:f6:
         b4:c5:bb:16:73:1c:2f:3a:a9:84:3f:84:92:4f:13:68:b8:e2:
         c2:a9:64:3e:66:77:62:c4:81:e5:42:25:d9:60:a7:56:00:bb:
         cc:95:eb:7c:b1:aa:2e:62:1a:0a:c8:b9:8a:b1:0f:23:3e:54:
         82:78:fe:d6:5a:41:7c:8a:02:a7:6c:1a:a3:43:cc:c4:33:c4:
         7e:c5:46:72:d0:82:54:2c:99:56:ed:28:89:0b:80:06:18:85:
         eb:65:97:ce
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaMTerbiuKS1LWs4Buuy8nPtjBaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTU1MTAxWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGUwMWFjNGM1ZGJlODZiY2RjMzQzNzdhMDdmN2M3YmUz
NGJiMGVhMDVkMzQ2NmMyNTBjNGE1NWRjOWZjZjFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzd/rYW5aPDKboEZWplmo80J7uI27bIl83hv5Q5nrcLMPG
faD2DzOWPz05wOYI1BLbracgnLJhzk2as1awPmoKuJYZQTgoo9tHnr4TBgiPSII2
JlBDjuzoD+PWrc8IK6XoKCLCdkhPCKIwrU0wEjUMrLij5Tg0Xk1BtBmDYYuMBedh
ypqiWayzb3D4vMUX2UoTluhASWwS9PC2732VWiO+8ViD/88HFr3WwvwvTY1F8Uh3
Pl/iJ64JtJu+nz7t1ONsYYeHmE8Wr+Bj0vRhoL0nPkFA/bj9pkPB7QwCp0dHn0XX
6uVQZSJhtj853ih/WFUw04NVaIWAnNhjk4mLzVrLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUh4dlWARp6jbLTw6W4zzI5iGnncwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RjN2FjY2NmLWQzNTItNGJhYS04OTFhLWFhNWJmNDUxNTM3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcQjANBgkqhkiG9w0BAQsFAAOCAQEAtK23dtm0tdvQdaPeUe3hzk+h92Sz
JgWXMRKsg604a2nimiE5BZeg4AHJRcF0FI6oKW784aqWfbHputseMwuPFuCoGGP7
OuB36SKQH60U/UR5hJZCe8haK4hVlLkJ1ha5J+p4nrEvbU1ZKXjyS3xD80i3dnMW
EiyD/xeZG0Eo97kSeAQpOUTi93J0RKWsuyADaC8Moh+5ym14MPs+zUor7uj2tMW7
FnMcLzqphD+Ekk8TaLjiwqlkPmZ3YsSB5UIl2WCnVgC7zJXrfLGqLmIaCsi5irEP
Iz5Ugnj+1lpBfIoCp2wao0PMxDPEfsVGctCCVCyZVu0oiQuABhiF62WXzg==
-----END CERTIFICATE-----