Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43e539df-4a4d-445c-bb2f-bb3a08c52cad.roa
File:                     43e539df-4a4d-445c-bb2f-bb3a08c52cad.roa (raw, json)
Hash identifier:          SOsSkmNOLYnwOf0yrwEsjl2ahheetRURzsxOEDKpnc4=
Subject key identifier:   B8:8F:14:60:D9:C7:B6:47:88:7A:0D:05:1B:C6:5D:DD:05:D6:06:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1AA3D350C17F49EFB9BB9BCD26CA226633B85B9A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43e539df-4a4d-445c-bb2f-bb3a08c52cad.roa
Signing time:             Tue 04 Mar 2025 17:41:16 +0000
ROA not before:           Tue 04 Mar 2025 17:41:16 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.44.32.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:a3:d3:50:c1:7f:49:ef:b9:bb:9b:cd:26:ca:22:66:33:b8:5b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:41:16 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:39:8e:cf:97:88:55:80:ec:f3:16:0f:91:bb:
                    5e:2e:40:63:f1:cd:81:d3:34:75:ec:2d:90:a1:6b:
                    8b:8d:7e:6e:58:19:d7:9c:86:ff:9f:05:33:ca:ff:
                    28:46:70:0f:cb:cc:8e:90:db:17:21:be:8f:89:60:
                    74:d1:9d:97:05:ed:f7:c9:9b:c4:ae:33:09:4a:bc:
                    21:57:a1:3a:e1:ee:99:f6:65:79:b2:e3:78:b8:4f:
                    8c:a2:e1:df:fc:18:55:84:1f:08:03:51:84:fc:ad:
                    74:d5:d2:7b:3a:7b:fd:e6:5a:ac:6c:f1:cd:b6:a6:
                    52:b9:71:7f:84:f1:fd:f3:4c:83:bb:46:1c:0c:08:
                    a9:f5:be:6b:2f:ca:63:fe:ad:2e:23:c7:5f:26:f7:
                    b7:3a:16:53:b6:85:e9:fe:ed:a8:f9:76:c9:68:40:
                    ea:21:eb:68:3d:e4:2b:5a:5f:c9:d8:ff:24:7b:f4:
                    15:ba:f8:db:70:bc:e6:08:e5:da:8d:ac:2a:bd:43:
                    89:b9:2d:91:0b:12:06:1b:5c:51:85:80:a6:22:ba:
                    07:67:f1:bb:cb:78:bb:cd:f4:49:b5:52:6b:30:2f:
                    23:8a:2e:9d:63:5a:50:92:03:16:6b:f8:c4:83:ec:
                    ba:26:84:e7:5c:dc:2c:c9:86:d3:f4:47:67:b9:f7:
                    b2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8F:14:60:D9:C7:B6:47:88:7A:0D:05:1B:C6:5D:DD:05:D6:06:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43e539df-4a4d-445c-bb2f-bb3a08c52cad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.44.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         81:75:ba:44:23:11:63:5d:5b:a7:14:b6:4b:9e:60:df:5a:ad:
         ae:c0:c5:7e:b8:68:98:12:76:df:76:c7:c3:c6:88:ce:90:11:
         04:9c:f2:3e:fc:00:af:64:b1:63:5c:49:17:72:6f:e3:c2:86:
         13:a5:66:3e:4b:5c:af:8c:1b:d4:ad:c4:2e:b0:9f:12:80:15:
         c0:dd:4a:3b:06:07:82:d5:7e:4f:d7:8e:23:41:e8:b0:f4:08:
         c1:35:84:ea:ba:86:3c:e9:d2:3e:3c:90:18:b1:d0:45:8d:f0:
         f8:f1:cf:3b:3e:01:56:49:c8:c5:b0:b3:3f:e3:a4:aa:55:1d:
         ea:30:60:6f:88:10:99:28:a2:3e:37:79:50:07:7e:10:fd:5c:
         01:25:5c:8e:6a:39:63:12:f0:88:ef:2c:b1:7e:7a:3c:fe:14:
         67:cb:9d:fd:48:e3:f3:5b:f0:f3:2f:d9:50:f5:87:c8:00:2e:
         c0:a8:22:65:67:0c:f3:9c:31:36:a7:8d:4c:0b:33:f5:6a:87:
         e8:cb:ba:4f:65:a0:b3:41:fd:f1:3c:fa:a5:8b:3d:33:11:15:
         37:cf:11:ad:39:34:61:96:de:8a:a4:fd:ca:8d:78:3b:6d:7a:
         7f:dc:04:47:8e:a2:13:4b:04:7b:88:54:53:31:25:c7:53:35:
         45:85:08:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGqPTUMF/Se+5u5vNJsoiZjO4W5owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTc0MTE2WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWU1Y2EwMDAwMjU4ZjE0NjAwOTU1YTBlMGE5YzMxYzFj
MWVkYWU2YWNhYzVjNjFiNmVkMDc5ODYyY2M5OTUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcOY7Pl4hVgOzzFg+Ru14uQGPxzYHTNHXsLZCha4uNfm5Y
Gdechv+fBTPK/yhGcA/LzI6Q2xchvo+JYHTRnZcF7ffJm8SuMwlKvCFXoTrh7pn2
ZXmy43i4T4yi4d/8GFWEHwgDUYT8rXTV0ns6e/3mWqxs8c22plK5cX+E8f3zTIO7
RhwMCKn1vmsvymP+rS4jx18m97c6FlO2hen+7aj5dsloQOoh62g95CtaX8nY/yR7
9BW6+NtwvOYI5dqNrCq9Q4m5LZELEgYbXFGFgKYiugdn8bvLeLvN9Em1UmswLyOK
Lp1jWlCSAxZr+MSD7LomhOdc3CzJhtP0R2e597JFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuI8UYNnHtkeIeg0FG8Zd3QXWBuIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzZTUzOWRmLTRhNGQtNDQ1Yy1iYjJmLWJiM2EwOGM1MmNhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVILCAwDQYJKoZIhvcNAQELBQADggEBAIF1ukQjEWNdW6cUtkueYN9ara7A
xX64aJgSdt92x8PGiM6QEQSc8j78AK9ksWNcSRdyb+PChhOlZj5LXK+MG9StxC6w
nxKAFcDdSjsGB4LVfk/XjiNB6LD0CME1hOq6hjzp0j48kBix0EWN8Pjxzzs+AVZJ
yMWwsz/jpKpVHeowYG+IEJkooj43eVAHfhD9XAElXI5qOWMS8IjvLLF+ejz+FGfL
nf1I4/Nb8PMv2VD1h8gALsCoImVnDPOcMTanjUwLM/Vqh+jLuk9loLNB/fE8+qWL
PTMRFTfPEa05NGGW3oqk/cqNeDtten/cBEeOohNLBHuIVFMxJcdTNUWFCF8=
-----END CERTIFICATE-----