Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/bda33800-108d-4eb7-bbc8-f1f3a5a088e0.roa
File:                     bda33800-108d-4eb7-bbc8-f1f3a5a088e0.roa (raw, json)
Hash identifier:          VpxiywWWN0DlAxsJEQ7i4i3+QzU4rPe0KwuYT105Vis=
Subject key identifier:   57:63:33:7B:C7:BF:C4:E6:94:9F:06:F0:E1:0E:A1:EE:A9:A0:15:72
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1B25DF09E0A311B81A416C0C528084AEA05B306C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/bda33800-108d-4eb7-bbc8-f1f3a5a088e0.roa
Signing time:             Mon 31 Mar 2025 18:40:19 +0000
ROA not before:           Mon 31 Mar 2025 18:40:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:5519::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:25:df:09:e0:a3:11:b8:1a:41:6c:0c:52:80:84:ae:a0:5b:30:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:40:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=747681354187822778c8a377f370a979ab7ee58c341c90910560e43007f4c0a5, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b4:62:8a:9b:3c:55:bb:e9:50:0f:90:a8:bf:
                    c5:df:2b:9e:d0:d0:f3:ed:59:7a:3a:fa:8c:42:a2:
                    47:4b:2d:66:ca:87:e1:1d:9d:28:3d:3b:25:00:dc:
                    7f:d9:8f:ab:de:99:75:9e:e5:e7:2a:8f:11:cf:dd:
                    f7:21:8b:59:97:db:3f:65:da:b6:53:4c:ee:c5:63:
                    93:62:8a:c1:81:63:ee:80:b8:42:46:8d:8e:20:ee:
                    20:35:90:55:aa:d6:14:d9:80:e1:bb:d9:77:6b:7f:
                    90:1f:2d:a5:e8:fe:2a:6e:68:40:26:d6:22:ec:32:
                    22:bf:1c:ed:b2:e4:9b:dc:80:ef:11:43:0d:95:54:
                    ce:10:54:64:95:46:63:9f:26:d9:a0:96:f2:68:de:
                    a6:df:04:0a:7d:b7:f9:6c:1a:87:59:02:02:dc:51:
                    3b:58:9f:1f:0b:96:60:25:44:9e:9c:f7:f9:86:7b:
                    b2:63:a7:28:51:93:5d:7e:a1:50:7d:e8:e6:e8:a8:
                    54:3e:8a:eb:2f:5d:25:a0:07:84:7b:52:fb:43:f2:
                    d0:e5:a0:01:5c:c5:d0:26:d8:ab:7d:6e:9b:36:df:
                    38:e1:21:51:71:7b:22:9c:70:ca:a4:83:3b:dd:ab:
                    d9:db:a6:a0:1d:9e:b2:34:35:7e:db:47:41:72:0a:
                    b1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:63:33:7B:C7:BF:C4:E6:94:9F:06:F0:E1:0E:A1:EE:A9:A0:15:72
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/bda33800-108d-4eb7-bbc8-f1f3a5a088e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5519::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:f7:46:5d:f1:9f:31:64:0c:57:82:a1:6b:b6:6d:b6:bb:da:
         d8:61:a4:20:61:ac:97:69:f0:af:4d:b5:1c:83:8e:ce:0d:d1:
         99:66:f3:1c:63:4f:85:56:a5:2e:f8:02:26:0b:a4:29:2d:bc:
         0c:0c:bb:09:0f:84:62:77:14:d2:d8:bb:5c:fd:8e:8d:ac:c5:
         9b:65:e8:33:15:1d:d5:c5:89:cf:82:a3:48:5e:a6:21:1c:35:
         d3:8b:55:d9:1d:36:02:c5:dc:9f:fb:04:2f:20:c3:e6:80:f2:
         e3:86:9f:6a:02:55:05:41:30:cb:91:2a:23:78:ac:b9:12:d9:
         f3:f1:b4:b3:d0:cb:35:4d:3e:2b:4f:e0:89:50:76:f4:44:b8:
         3d:a2:13:a2:7f:c9:09:18:58:68:04:fc:77:fa:49:2d:86:da:
         a4:76:b5:7a:53:83:11:7c:e6:c7:13:52:92:9b:a1:8d:62:79:
         34:18:97:f9:47:32:be:b9:70:98:b0:e8:e9:93:0a:09:12:94:
         4a:d8:ca:a3:39:80:e9:c3:fb:b2:0b:cd:66:71:0a:1f:31:6c:
         d1:e3:7c:3c:6e:73:19:ff:db:71:44:0a:5a:bd:7f:66:f3:03:
         8a:68:a3:4d:fc:09:6a:5d:2c:bf:d0:26:38:6c:6d:fb:69:17:
         c1:ff:d0:54
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUGyXfCeCjEbgaQWwMUoCErqBbMGwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg0MDE5WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDc2ODEzNTQxODc4MjI3NzhjOGEzNzdmMzcwYTk3OWFi
N2VlNThjMzQxYzkwOTEwNTYwZTQzMDA3ZjRjMGE1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDtGKKmzxVu+lQD5Cov8XfK57Q0PPtWXo6+oxCokdLLWbK
h+EdnSg9OyUA3H/Zj6vemXWe5ecqjxHP3fchi1mX2z9l2rZTTO7FY5NiisGBY+6A
uEJGjY4g7iA1kFWq1hTZgOG72Xdrf5AfLaXo/ipuaEAm1iLsMiK/HO2y5JvcgO8R
Qw2VVM4QVGSVRmOfJtmglvJo3qbfBAp9t/lsGodZAgLcUTtYnx8LlmAlRJ6c9/mG
e7JjpyhRk11+oVB96OboqFQ+iusvXSWgB4R7UvtD8tDloAFcxdAm2Kt9bps23zjh
IVFxeyKccMqkgzvdq9nbpqAdnrI0NX7bR0FyCrHHAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUV2Mze8e/xOaUnwbw4Q6h7qmgFXIwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2JkYTMzODAwLTEwOGQtNGViNy1iYmM4LWYxZjNhNWEwODhlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRkwDQYJKoZIhvcNAQELBQADggEBAAv3Rl3xnzFkDFeCoWu2bba7
2thhpCBhrJdp8K9NtRyDjs4N0Zlm8xxjT4VWpS74AiYLpCktvAwMuwkPhGJ3FNLY
u1z9jo2sxZtl6DMVHdXFic+Co0hepiEcNdOLVdkdNgLF3J/7BC8gw+aA8uOGn2oC
VQVBMMuRKiN4rLkS2fPxtLPQyzVNPitP4IlQdvREuD2iE6J/yQkYWGgE/Hf6SS2G
2qR2tXpTgxF85scTUpKboY1ieTQYl/lHMr65cJiw6OmTCgkSlErYyqM5gOnD+7IL
zWZxCh8xbNHjfDxucxn/23FEClq9f2bzA4poo038CWpdLL/QJjhsbftpF8H/0FQ=
-----END CERTIFICATE-----