Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8874e635-d9df-43c1-b44b-b12c7fe93bde.roa
File:                     8874e635-d9df-43c1-b44b-b12c7fe93bde.roa (raw, json)
Hash identifier:          xlNU1YLbiXaF0C5eaV/dj18cRp6fSw8H4BSKUZP3nAk=
Subject key identifier:   6B:BC:C0:7C:E1:CE:E7:D9:02:05:8C:DE:FF:04:D9:AE:C2:B1:29:E7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01B0C181826C0FC042339F051202C2D670EC337C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8874e635-d9df-43c1-b44b-b12c7fe93bde.roa
Signing time:             Sat 29 Mar 2025 00:52:02 +0000
ROA not before:           Sat 29 Mar 2025 00:52:02 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        174.129.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b0:c1:81:82:6c:0f:c0:42:33:9f:05:12:02:c2:d6:70:ec:33:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:52:02 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f2:3f:3e:f2:75:43:a9:49:fc:34:cf:33:aa:
                    dd:d7:3f:e7:84:d5:11:29:c9:b0:a5:49:43:bf:cf:
                    29:33:1e:69:35:dd:85:5e:2a:65:d4:16:ae:b8:ee:
                    f6:18:cd:a0:f2:df:0c:b2:17:9a:bc:52:28:be:c4:
                    fc:74:99:10:9f:a1:4f:6a:d4:d9:c6:92:f0:92:98:
                    97:3c:d2:b2:7f:96:dd:7e:ed:29:6c:a5:08:34:42:
                    16:d5:be:94:3f:9c:b6:a6:c4:1b:fa:90:91:ed:9b:
                    5c:9c:78:75:96:61:43:e6:a1:4a:16:c0:7c:a0:1b:
                    a0:50:e1:0c:c4:d2:08:c9:a0:cc:d7:59:91:3f:bc:
                    38:12:34:56:2e:4b:f2:94:9b:da:ca:5f:db:58:0c:
                    6d:b5:42:28:2e:66:cb:31:f7:b2:b0:f2:bd:7e:69:
                    1b:0d:f9:ca:71:76:46:1a:b4:d7:96:11:47:74:49:
                    cb:c7:bf:b9:63:83:d3:8e:53:40:26:a1:7a:b5:c7:
                    39:ee:ab:68:8f:c1:d1:ae:6a:2d:47:55:c2:e2:b5:
                    b5:01:73:ab:af:1f:f4:de:00:98:d6:a8:15:3b:99:
                    73:8f:7a:53:0b:b8:fa:70:82:00:a2:22:04:f5:c0:
                    57:1f:b5:58:99:cb:83:f1:de:47:ce:a9:c3:7e:21:
                    8d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:BC:C0:7C:E1:CE:E7:D9:02:05:8C:DE:FF:04:D9:AE:C2:B1:29:E7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8874e635-d9df-43c1-b44b-b12c7fe93bde.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ab:90:3c:16:06:a6:65:3a:be:a5:06:13:85:ef:bd:39:86:31:
         a2:be:a6:7c:37:91:56:b5:90:40:f2:4a:85:e3:70:99:ba:ac:
         fc:ea:39:81:4f:f0:5e:de:e2:c3:44:bb:9a:89:72:ae:8d:df:
         ca:df:3f:87:c5:3c:3d:81:93:61:df:c7:d8:61:dd:3a:4f:d8:
         16:1e:4d:9f:d2:04:9a:82:9e:38:9a:c1:ae:be:5f:40:9c:a1:
         0a:44:14:54:6b:d0:14:e6:22:c0:9a:49:0f:ff:64:9f:46:5f:
         3e:d2:5c:27:17:98:c0:0f:5b:92:e9:63:aa:f7:f0:92:f6:52:
         dd:ac:b6:74:db:d9:7f:0e:57:88:b2:29:b7:d3:d5:98:50:de:
         7d:8a:d0:a0:1a:a9:45:4e:c1:b9:68:35:be:82:81:5c:e0:f6:
         65:8c:cc:e5:49:fc:b1:d8:74:fd:45:e0:8d:63:23:fa:0b:9c:
         69:64:89:7b:80:26:9d:01:78:41:58:3d:b8:7c:af:ae:5e:9f:
         67:4b:10:6a:bc:dd:e1:0c:02:d5:3f:0b:50:5a:47:88:b1:15:
         70:6c:d2:4e:0e:d0:28:2f:a1:32:28:0b:ea:f5:03:47:0e:09:
         df:48:ab:8c:f7:a8:ea:9c:79:47:ca:e5:b5:ed:75:37:d9:e1:
         fc:4f:c0:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAbDBgYJsD8BCM58FEgLC1nDsM3wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDA1MjAyWhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYWQyYTM0MjEzNzYwOTRhMzkyMWJjZTk0N2U0YzhlOWQ0
MWFkMGYwMzcwNDc3ZjgzNWU5NGVmZTNhNTY4Y2MxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC88j8+8nVDqUn8NM8zqt3XP+eE1REpybClSUO/zykzHmk1
3YVeKmXUFq647vYYzaDy3wyyF5q8Uii+xPx0mRCfoU9q1NnGkvCSmJc80rJ/lt1+
7SlspQg0QhbVvpQ/nLamxBv6kJHtm1yceHWWYUPmoUoWwHygG6BQ4QzE0gjJoMzX
WZE/vDgSNFYuS/KUm9rKX9tYDG21QiguZssx97Kw8r1+aRsN+cpxdkYatNeWEUd0
ScvHv7ljg9OOU0AmoXq1xznuq2iPwdGuai1HVcLitbUBc6uvH/TeAJjWqBU7mXOP
elMLuPpwggCiIgT1wFcftViZy4Px3kfOqcN+IY37AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUa7zAfOHO59kCBYze/wTZrsKxKecwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4NzRlNjM1LWQ5ZGYtNDNjMS1iNDRiLWIxMmM3ZmU5M2JkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaugUAwDQYJKoZIhvcNAQELBQADggEBAKuQPBYGpmU6vqUGE4XvvTmGMaK+
pnw3kVa1kEDySoXjcJm6rPzqOYFP8F7e4sNEu5qJcq6N38rfP4fFPD2Bk2Hfx9hh
3TpP2BYeTZ/SBJqCnjiawa6+X0CcoQpEFFRr0BTmIsCaSQ//ZJ9GXz7SXCcXmMAP
W5LpY6r38JL2Ut2stnTb2X8OV4iyKbfT1ZhQ3n2K0KAaqUVOwbloNb6CgVzg9mWM
zOVJ/LHYdP1F4I1jI/oLnGlkiXuAJp0BeEFYPbh8r65en2dLEGq83eEMAtU/C1Ba
R4ixFXBs0k4O0CgvoTIoC+r1A0cOCd9Iq4z3qOqceUfK5bXtdTfZ4fxPwG0=
-----END CERTIFICATE-----