Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/646c43c0-5fb0-40e1-9466-05bdc0cdc3f1.roa
File:                     646c43c0-5fb0-40e1-9466-05bdc0cdc3f1.roa (raw, json)
Hash identifier:          q2AJLtmFM1I/XdSiq5EvNjAzlYvuf8u/q06ck0rbdaU=
Subject key identifier:   40:49:BE:E3:6E:F9:25:3C:9B:C2:41:14:A1:2D:34:80:4A:86:BC:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4FFBFE2152074612C97F38455476C0105F7716BE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/646c43c0-5fb0-40e1-9466-05bdc0cdc3f1.roa
Signing time:             Sat 29 Mar 2025 00:51:58 +0000
ROA not before:           Sat 29 Mar 2025 00:51:58 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        174.129.192.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:fb:fe:21:52:07:46:12:c9:7f:38:45:54:76:c0:10:5f:77:16:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:51:58 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:24:6d:fa:3c:92:76:8e:e6:81:3c:f0:c3:26:
                    ca:33:8c:34:7f:3e:2c:a7:b6:f1:3a:e8:99:7c:0f:
                    77:04:0e:4e:c2:e9:8d:ee:36:4c:5f:31:84:0f:fd:
                    38:1c:65:53:09:6a:5e:bd:82:d1:49:db:cb:74:48:
                    18:89:16:63:a6:a4:e3:93:92:ea:bf:20:ac:93:14:
                    8f:61:7e:0e:21:25:a2:65:88:d8:90:c7:f8:80:6b:
                    45:49:12:02:01:12:b8:c9:63:87:c2:a1:cf:13:d7:
                    ad:e1:0a:cd:7e:88:74:40:45:56:da:7f:20:74:89:
                    2a:1c:22:d7:b9:b3:a0:5d:5f:dd:7c:78:ad:e4:fd:
                    16:78:d9:05:84:f0:59:f1:37:97:84:79:c7:58:bf:
                    79:5e:3f:bc:b6:d7:5b:b2:9a:1b:08:ab:84:2a:5c:
                    8e:88:0d:73:33:e0:11:21:00:ef:14:6d:c6:6f:10:
                    f6:4d:7d:b2:03:f1:57:db:5c:9e:8c:db:a2:b8:01:
                    92:8d:7d:b2:22:74:ce:90:57:da:3b:c2:27:5a:9f:
                    0c:7c:9e:7e:a1:8f:ce:88:b6:bb:34:a6:80:1a:0d:
                    16:02:a9:b7:48:90:78:42:d9:61:7d:fe:85:e2:08:
                    cb:9d:30:c1:f1:33:01:84:02:c0:eb:00:57:4b:78:
                    2b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:49:BE:E3:6E:F9:25:3C:9B:C2:41:14:A1:2D:34:80:4A:86:BC:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/646c43c0-5fb0-40e1-9466-05bdc0cdc3f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         13:d9:35:7f:4b:82:9e:ee:df:48:26:69:47:12:8f:0b:3c:3f:
         84:64:7b:15:ad:2b:f3:44:d0:78:a9:76:f5:3f:9b:19:f0:be:
         ea:68:70:c5:a3:b7:c1:46:f8:fe:60:38:98:1c:ff:fe:20:be:
         33:03:71:a5:5f:fb:91:4a:70:11:0c:3a:dc:77:5c:dd:83:5f:
         8b:b3:4f:34:0b:6f:71:f6:ad:0e:d3:2a:42:9d:00:f1:da:71:
         df:e7:34:0d:5e:69:ff:4c:35:64:4e:38:45:f6:bb:de:28:16:
         4f:46:51:9e:75:cb:96:7a:fd:30:22:77:52:71:ff:7e:16:1c:
         38:88:b6:ff:7a:10:5b:20:65:1a:80:d3:98:97:92:da:99:cf:
         a0:3e:a1:6e:56:53:61:42:00:28:bf:3f:8a:fc:70:96:96:f7:
         81:38:44:6c:45:95:ab:54:74:43:1d:fd:7f:53:0e:e3:bd:4c:
         43:cf:71:7c:b6:46:c0:18:1c:fc:72:5f:1d:e5:5c:49:3c:99:
         6a:25:ec:68:30:bf:59:f6:b3:bc:ef:2d:0f:21:81:6b:88:1c:
         42:82:0d:7c:07:9b:c4:b3:78:90:94:00:3e:ec:c9:c4:c6:9f:
         ef:1a:5d:46:83:41:37:a1:fe:01:3c:07:6b:9b:c5:38:c4:9a:
         70:ae:4a:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT/v+IVIHRhLJfzhFVHbAEF93Fr4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDA1MTU4WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzU4NmZhMmQ5MWE0MTk0M2FhYzMxOTE5YzQ0MGExNDc5
YTkxZTZmNzUwNDFmYjU5NTUwZDQ3ZjZjYzI3M2IxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbJG36PJJ2juaBPPDDJsozjDR/PiyntvE66Jl8D3cEDk7C
6Y3uNkxfMYQP/TgcZVMJal69gtFJ28t0SBiJFmOmpOOTkuq/IKyTFI9hfg4hJaJl
iNiQx/iAa0VJEgIBErjJY4fCoc8T163hCs1+iHRARVbafyB0iSocIte5s6BdX918
eK3k/RZ42QWE8FnxN5eEecdYv3leP7y211uymhsIq4QqXI6IDXMz4BEhAO8UbcZv
EPZNfbID8VfbXJ6M26K4AZKNfbIidM6QV9o7widanwx8nn6hj86Itrs0poAaDRYC
qbdIkHhC2WF9/oXiCMudMMHxMwGEAsDrAFdLeCsBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQEm+4275JTybwkEUoS00gEqGvMowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0NmM0M2MwLTVmYjAtNDBlMS05NDY2LTA1YmRjMGNkYzNmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaugcAwDQYJKoZIhvcNAQELBQADggEBABPZNX9Lgp7u30gmaUcSjws8P4Rk
exWtK/NE0HipdvU/mxnwvupocMWjt8FG+P5gOJgc//4gvjMDcaVf+5FKcBEMOtx3
XN2DX4uzTzQLb3H2rQ7TKkKdAPHacd/nNA1eaf9MNWROOEX2u94oFk9GUZ51y5Z6
/TAid1Jx/34WHDiItv96EFsgZRqA05iXktqZz6A+oW5WU2FCACi/P4r8cJaW94E4
RGxFlatUdEMd/X9TDuO9TEPPcXy2RsAYHPxyXx3lXEk8mWol7Ggwv1n2s7zvLQ8h
gWuIHEKCDXwHm8SzeJCUAD7sycTGn+8aXUaDQTeh/gE8B2ubxTjEmnCuSqI=
-----END CERTIFICATE-----