Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/829833e2-4bd5-44b5-ae26-554c86468938.roa
File:                     829833e2-4bd5-44b5-ae26-554c86468938.roa (raw, json)
Hash identifier:          Mpu6XtyRARlOcJTg9i8D+f/HOa9D3s9EdvH+NJMnpew=
Subject key identifier:   25:A7:93:AB:CC:9D:A0:BD:C6:A1:34:C4:68:54:E8:AD:C8:CD:A4:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E9EB4B5DBCA8B072C37951E923C41706BD5E54E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/829833e2-4bd5-44b5-ae26-554c86468938.roa
Signing time:             Tue 18 Mar 2025 00:50:19 +0000
ROA not before:           Tue 18 Mar 2025 00:50:19 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.17.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:9e:b4:b5:db:ca:8b:07:2c:37:95:1e:92:3c:41:70:6b:d5:e5:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:50:19 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:49:13:38:fa:83:9d:c6:26:c3:1e:58:b6:44:
                    c5:59:a1:70:51:67:21:85:ff:8d:a0:aa:86:16:a5:
                    2b:9f:5a:a6:06:c3:73:2e:58:95:b7:6f:ee:19:c0:
                    e9:f3:11:69:d7:40:25:9b:53:d2:11:37:c3:fe:d3:
                    07:79:01:16:9d:c8:72:33:6f:5a:51:4d:08:d6:7d:
                    ac:8e:bb:5f:0c:cc:36:ec:bf:df:a0:fe:c5:4b:2d:
                    c9:1f:6c:66:6f:1e:ae:18:8a:5e:2a:dc:85:af:f5:
                    2e:d4:91:6a:08:57:8c:99:c2:be:11:7c:ea:9f:ec:
                    4f:d9:2c:b2:50:51:51:25:b2:45:74:ef:74:ad:37:
                    2f:10:7b:2d:db:44:34:b0:20:4c:84:5b:b4:85:77:
                    9a:ad:2d:97:62:c3:d4:d1:14:dc:32:1a:6f:50:76:
                    b0:aa:7d:ef:68:df:e7:fa:ff:49:21:f6:46:5f:34:
                    cd:26:54:f6:e6:96:65:53:bc:36:68:fc:6a:2b:d7:
                    79:c5:61:56:e9:66:f4:0e:08:ef:a0:de:29:7c:6c:
                    95:69:25:7c:0e:77:ae:39:2d:74:71:08:56:eb:40:
                    a1:f4:ad:0c:8a:95:cb:2f:3c:ea:0b:2c:e0:f0:ee:
                    1d:3b:e5:d2:94:b1:66:56:9d:3d:d1:79:ca:64:f2:
                    7c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A7:93:AB:CC:9D:A0:BD:C6:A1:34:C4:68:54:E8:AD:C8:CD:A4:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/829833e2-4bd5-44b5-ae26-554c86468938.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.17.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         b6:1a:7a:b7:b9:c9:fb:09:67:39:dd:be:c6:94:17:02:3e:7a:
         aa:d3:b2:52:fe:21:fa:8c:01:6c:67:17:1b:a3:3f:a3:37:aa:
         7f:68:30:2a:41:49:2b:54:e2:14:09:2a:2e:17:55:12:0f:fe:
         12:80:95:6e:47:75:3d:9f:b0:91:11:03:6e:8b:51:1d:12:37:
         fa:35:50:de:1b:88:69:5d:63:46:4c:21:43:5e:11:f1:17:83:
         b6:42:f6:78:3f:55:60:9d:d6:3b:ee:c0:d4:58:57:51:74:19:
         9e:c2:b1:85:b9:36:ff:9e:3a:b1:9f:02:16:d6:88:a0:b6:27:
         5f:2c:1d:d3:d0:0a:32:15:18:9a:9a:a2:f1:c3:8c:c2:6e:62:
         7e:b4:02:88:c6:f7:d1:4a:43:a1:69:5d:eb:be:90:92:12:58:
         0a:65:db:07:c3:cc:a1:92:ea:c7:b2:2a:dd:f2:0c:6c:12:17:
         47:d5:0c:3c:7f:eb:e7:12:b1:a6:14:7f:c6:9c:6f:01:52:f7:
         c3:2f:03:5c:9d:3b:89:e3:c3:b7:1d:31:17:2a:66:27:0b:bc:
         96:1c:a8:8d:f4:31:91:8f:21:43:7c:59:c8:ce:b1:00:bc:52:
         43:93:d1:e8:e6:c7:64:93:91:71:13:22:8c:b5:99:5f:2b:31:
         20:b3:ce:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbp60tdvKiwcsN5UekjxBcGvV5U4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDA1MDE5WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDg3ZDk4MzBjZDJmZDIyODU2OTU2Y2UxOWVjMGUzZjM1
YjJjMGM0OGRkY2QzNjZjNmJkMWI0ZGU1Y2NjMjVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaSRM4+oOdxibDHli2RMVZoXBRZyGF/42gqoYWpSufWqYG
w3MuWJW3b+4ZwOnzEWnXQCWbU9IRN8P+0wd5ARadyHIzb1pRTQjWfayOu18MzDbs
v9+g/sVLLckfbGZvHq4Yil4q3IWv9S7UkWoIV4yZwr4RfOqf7E/ZLLJQUVElskV0
73StNy8Qey3bRDSwIEyEW7SFd5qtLZdiw9TRFNwyGm9QdrCqfe9o3+f6/0kh9kZf
NM0mVPbmlmVTvDZo/Gor13nFYVbpZvQOCO+g3il8bJVpJXwOd645LXRxCFbrQKH0
rQyKlcsvPOoLLODw7h075dKUsWZWnT3Recpk8nyFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJaeTq8ydoL3GoTTEaFTorcjNpMowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyOTgzM2UyLTRiZDUtNDRiNS1hZTI2LTU1NGM4NjQ2ODkzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdBEQAwDQYJKoZIhvcNAQELBQADggEBALYaere5yfsJZzndvsaUFwI+eqrT
slL+IfqMAWxnFxujP6M3qn9oMCpBSStU4hQJKi4XVRIP/hKAlW5HdT2fsJERA26L
UR0SN/o1UN4biGldY0ZMIUNeEfEXg7ZC9ng/VWCd1jvuwNRYV1F0GZ7CsYW5Nv+e
OrGfAhbWiKC2J18sHdPQCjIVGJqaovHDjMJuYn60AojG99FKQ6FpXeu+kJISWApl
2wfDzKGS6seyKt3yDGwSF0fVDDx/6+cSsaYUf8acbwFS98MvA1ydO4njw7cdMRcq
ZicLvJYcqI30MZGPIUN8WcjOsQC8UkOT0ejmx2STkXETIoy1mV8rMSCzziE=
-----END CERTIFICATE-----