Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
File:                     258e6f29-ec78-4849-a049-84a7edb4a611.roa (raw, json)
Hash identifier:          Kpf5w/p+ISaQHUsxLcJWQVylRZvH0imWV8VBOSAJE2k=
Subject key identifier:   74:2F:66:DF:BF:53:69:6F:8A:30:3A:5C:D1:A0:70:5E:06:D7:2B:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7237AF6EDAF4E90367D99975013205C10BD33AF6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
Signing time:             Wed 05 Mar 2025 00:30:44 +0000
ROA not before:           Wed 05 Mar 2025 00:30:44 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        74.190.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:37:af:6e:da:f4:e9:03:67:d9:99:75:01:32:05:c1:0b:d3:3a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  5 00:30:44 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e4:6c:4e:80:67:85:ac:96:57:7f:1f:2f:d3:
                    a3:02:af:b4:34:07:f1:a3:48:29:7f:04:46:91:60:
                    13:df:15:9a:4f:39:fb:5e:6f:a2:dc:ef:06:e7:31:
                    9d:25:d7:a6:aa:24:7a:33:87:95:82:0a:f4:a8:7d:
                    86:55:cb:be:1e:2e:ac:f7:ec:86:ad:a4:11:16:cf:
                    32:fc:63:08:01:c8:b4:f6:86:5a:b4:bb:68:d9:fa:
                    f2:a8:36:7a:c3:93:b8:ae:db:fd:b7:39:d2:28:b5:
                    4c:b2:1e:49:cb:fc:3b:9c:d8:1d:7a:0f:41:b2:98:
                    3d:d6:b0:b9:e0:e4:bb:07:44:25:8f:1b:23:9b:90:
                    70:0b:7b:a1:ee:01:d3:eb:dd:42:0d:67:a5:9e:e1:
                    0a:34:59:41:f8:02:cf:14:0f:3c:83:07:b8:c0:95:
                    1a:26:36:fe:e1:4f:16:bc:90:62:4f:06:7c:a2:55:
                    b7:7a:6c:65:33:b1:fe:86:7b:2d:83:31:9a:2a:cf:
                    40:b7:25:cf:d0:5a:29:a1:61:49:cd:a6:b4:4f:fb:
                    95:f1:47:16:c6:62:76:0a:08:b3:63:96:23:ca:f1:
                    d6:e1:d2:ad:56:e1:e4:1d:12:6b:3b:71:f3:e7:6f:
                    ff:98:5b:72:a6:cc:d1:3d:f1:12:b3:23:2e:c8:f8:
                    30:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:2F:66:DF:BF:53:69:6F:8A:30:3A:5C:D1:A0:70:5E:06:D7:2B:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:31:4d:e7:26:a6:bc:12:b2:61:8e:8c:e2:85:33:7a:c0:2f:
         95:bb:28:64:2e:4c:cd:35:9c:5d:23:ad:ff:c5:46:6b:d8:0c:
         8a:b5:0d:40:e0:3c:1a:51:e6:1e:4b:11:1f:ea:a5:2c:ec:65:
         07:ab:ce:df:06:dc:3d:fb:88:1d:61:f3:38:be:5a:c9:30:88:
         9e:6b:ec:12:d5:11:da:13:6e:72:ff:1f:b5:dc:e8:79:b0:0a:
         e9:35:16:a4:e9:66:68:fe:da:d4:52:12:16:c9:53:8f:ff:bc:
         93:37:38:bc:8b:fa:a3:1c:44:43:8b:87:97:11:61:37:19:c3:
         f4:ed:71:15:93:ad:4f:ab:83:ac:d0:43:2a:fd:95:48:cd:ae:
         c5:c8:3f:09:05:20:2e:f0:2b:9a:3e:8a:4e:00:11:3d:a9:9b:
         28:7a:20:a5:91:ff:25:d2:89:28:b9:b3:99:95:9a:a3:e7:32:
         9e:ad:41:83:0d:5d:c1:b9:f2:4d:e6:31:a8:70:8f:74:37:7b:
         57:0f:90:6f:56:08:3c:29:ac:db:f7:bd:a9:80:40:c3:93:91:
         d6:2a:9a:36:9e:cc:c8:28:83:05:c7:a3:b5:0a:eb:7f:81:27:
         ad:e7:9d:d7:59:fb:ac:ae:a4:05:20:ee:f0:61:db:09:38:73:
         b8:84:7c:71
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcjevbtr06QNn2Zl1ATIFwQvTOvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA1MDAzMDQ0WhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzZjZGY5OWZkMzFhMGNlNDA0YWI1MmRjNWI2YzkzMDcy
NTkyZDU3MWZjMGJkNmQ3ODNmZjExYTJhMGM5YmMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP5GxOgGeFrJZXfx8v06MCr7Q0B/GjSCl/BEaRYBPfFZpP
Ofteb6Lc7wbnMZ0l16aqJHozh5WCCvSofYZVy74eLqz37IatpBEWzzL8YwgByLT2
hlq0u2jZ+vKoNnrDk7iu2/23OdIotUyyHknL/Duc2B16D0GymD3WsLng5LsHRCWP
GyObkHALe6HuAdPr3UINZ6We4Qo0WUH4As8UDzyDB7jAlRomNv7hTxa8kGJPBnyi
Vbd6bGUzsf6Gey2DMZoqz0C3Jc/QWimhYUnNprRP+5XxRxbGYnYKCLNjliPK8dbh
0q1W4eQdEms7cfPnb/+YW3KmzNE98RKzIy7I+DAzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdC9m379TaW+KMDpc0aBwXgbXK6QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1OGU2ZjI5LWVjNzgtNDg0OS1hMDQ5LTg0YTdlZGI0YTYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBKvjANBgkqhkiG9w0BAQsFAAOCAQEAMzFN5yamvBKyYY6M4oUzesAvlbso
ZC5MzTWcXSOt/8VGa9gMirUNQOA8GlHmHksRH+qlLOxlB6vO3wbcPfuIHWHzOL5a
yTCInmvsEtUR2hNucv8ftdzoebAK6TUWpOlmaP7a1FISFslTj/+8kzc4vIv6oxxE
Q4uHlxFhNxnD9O1xFZOtT6uDrNBDKv2VSM2uxcg/CQUgLvArmj6KTgARPambKHog
pZH/JdKJKLmzmZWao+cynq1Bgw1dwbnyTeYxqHCPdDd7Vw+Qb1YIPCms2/e9qYBA
w5OR1iqaNp7MyCiDBcejtQrrf4Enreed11n7rK6kBSDu8GHbCThzuIR8cQ==
-----END CERTIFICATE-----