Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa
File:                     dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa (raw, json)
Hash identifier:          nN9TrQxIHDKWDAEUUaDyQNPRA3xj1VbvsJIRPFfRbVI=
Subject key identifier:   E1:6F:05:D3:09:AD:1E:A6:76:63:F9:BB:95:74:EA:D4:B4:F7:07:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FA5EA9CD12C38A375943C7ED7EA7F2FE934EDAB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa
Signing time:             Mon 24 Mar 2025 15:31:09 +0000
ROA not before:           Mon 24 Mar 2025 15:31:09 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.196.156.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:a5:ea:9c:d1:2c:38:a3:75:94:3c:7e:d7:ea:7f:2f:e9:34:ed:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:31:09 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:08:51:80:59:f0:29:3b:a7:a3:7e:a4:db:2d:
                    25:59:e7:d2:7c:1d:b2:48:47:43:ca:db:c2:1b:90:
                    ed:4f:4a:12:90:0b:a4:e8:55:80:b9:3c:2c:e9:bd:
                    2e:5a:c6:24:56:21:1f:95:82:f0:57:b3:07:6c:90:
                    42:a0:1a:38:5a:22:fb:f2:11:6c:d2:e9:f2:d0:30:
                    98:4e:17:4b:b3:39:b0:a3:cb:3b:c5:cf:55:30:3a:
                    2d:96:ba:b4:c0:16:16:ea:3a:5c:23:ca:fc:f5:ea:
                    44:ff:d6:f0:b5:52:93:09:b3:ee:e0:ee:5a:b5:7a:
                    de:25:6e:91:aa:8e:03:36:81:8f:32:0a:3f:05:d1:
                    83:33:1c:80:74:6f:78:29:b5:10:3e:a7:13:53:56:
                    44:e0:8e:ff:b6:d6:75:97:56:84:98:92:1c:de:52:
                    67:06:59:ea:2a:b1:bb:8b:d1:54:15:6b:32:8e:a1:
                    d2:ce:14:c4:2d:94:73:34:e5:e6:27:22:89:10:9c:
                    81:3c:f6:d1:d6:51:7e:70:e6:09:fb:b7:35:ec:7a:
                    ff:e3:d6:ad:67:53:4b:d1:79:2d:d0:d9:14:d1:25:
                    d7:25:04:87:1e:5d:ec:50:d2:94:00:b5:22:cf:b1:
                    87:bf:bd:46:cd:98:e4:42:fc:3f:b7:5a:05:c4:af:
                    c3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6F:05:D3:09:AD:1E:A6:76:63:F9:BB:95:74:EA:D4:B4:F7:07:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.196.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:6e:13:f9:bf:06:a1:be:f5:ad:14:81:20:7a:97:9c:21:9d:
         be:58:f5:0c:ad:e0:17:20:11:65:7b:57:11:e4:be:cd:1e:00:
         91:43:f1:2d:00:61:26:f5:ce:94:db:28:fc:ce:13:1b:dc:5c:
         7d:8c:d1:94:39:91:ef:03:a5:9c:75:81:e2:03:64:5f:87:66:
         14:63:a7:dc:12:a8:98:a3:8a:00:65:54:25:47:e5:b1:67:07:
         2c:9b:4c:77:ef:be:f7:e6:94:3c:90:bf:62:9b:88:d9:70:2e:
         00:63:23:aa:59:9c:a3:ed:28:0b:ae:7f:5b:6a:1a:3f:0c:da:
         1a:5d:a9:36:5b:70:cb:f2:12:cc:e1:41:fb:7f:77:8b:24:55:
         e0:43:c9:d8:36:7d:51:c0:54:72:50:13:45:f8:ae:da:9f:b7:
         0c:cd:81:ef:e9:cb:7b:d0:cc:59:17:29:76:e7:5a:05:d9:fe:
         34:93:51:1e:fd:4a:0b:00:4e:96:79:c0:5d:85:d3:5a:e6:5a:
         3d:a6:29:8f:3b:bc:73:3f:52:41:ee:0d:83:2e:3a:9e:ff:7a:
         08:04:9b:ad:c2:9b:86:5f:b1:f8:b4:0d:d8:30:90:14:14:80:
         48:77:80:54:7a:78:04:c6:1b:03:00:e5:ac:95:70:ec:83:d8:
         a7:77:5e:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb6XqnNEsOKN1lDx+1+p/L+k07aswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTUzMTA5WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTA3ZDU0OGYyMGFiOGJiMzNjOTJmNzI2ZWVmNzA2Y2E1
YWQ1YmQ3ZmIxMjA1N2JkMzgzMjBkOGE5NjA0MTE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMCFGAWfApO6ejfqTbLSVZ59J8HbJIR0PK28IbkO1PShKQ
C6ToVYC5PCzpvS5axiRWIR+VgvBXswdskEKgGjhaIvvyEWzS6fLQMJhOF0uzObCj
yzvFz1UwOi2WurTAFhbqOlwjyvz16kT/1vC1UpMJs+7g7lq1et4lbpGqjgM2gY8y
Cj8F0YMzHIB0b3gptRA+pxNTVkTgjv+21nWXVoSYkhzeUmcGWeoqsbuL0VQVazKO
odLOFMQtlHM05eYnIokQnIE89tHWUX5w5gn7tzXsev/j1q1nU0vReS3Q2RTRJdcl
BIceXexQ0pQAtSLPsYe/vUbNmORC/D+3WgXEr8OfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4W8F0wmtHqZ2Y/m7lXTq1LT3B/4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RmYTJmZDAyLTVmMjMtNDc4MC1hMGZjLTdkYjcwNzA5ZWNhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALRxJwwDQYJKoZIhvcNAQELBQADggEBAHtuE/m/BqG+9a0UgSB6l5whnb5Y
9Qyt4BcgEWV7VxHkvs0eAJFD8S0AYSb1zpTbKPzOExvcXH2M0ZQ5ke8DpZx1geID
ZF+HZhRjp9wSqJijigBlVCVH5bFnByybTHfvvvfmlDyQv2KbiNlwLgBjI6pZnKPt
KAuuf1tqGj8M2hpdqTZbcMvyEszhQft/d4skVeBDydg2fVHAVHJQE0X4rtqftwzN
ge/py3vQzFkXKXbnWgXZ/jSTUR79SgsATpZ5wF2F01rmWj2mKY87vHM/UkHuDYMu
Op7/eggEm63Cm4Zfsfi0DdgwkBQUgEh3gFR6eATGGwMA5ayVcOyD2Kd3Xj0=
-----END CERTIFICATE-----