Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a802275d-709f-4188-a78c-52e40d99a48f.roa
File:                     a802275d-709f-4188-a78c-52e40d99a48f.roa (raw, json)
Hash identifier:          O8rZolF45ZZvuRAIWg3e0vd1hoFj+AiyHaFT9nvN3xc=
Subject key identifier:   B4:87:45:94:EB:30:CD:DC:EB:98:19:3D:F3:61:78:A6:99:9B:B7:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B2BAB233D1229FBA314C0BBF79BD484ACBA4A16
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a802275d-709f-4188-a78c-52e40d99a48f.roa
Signing time:             Mon 24 Mar 2025 15:42:10 +0000
ROA not before:           Mon 24 Mar 2025 15:42:10 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.128.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:2b:ab:23:3d:12:29:fb:a3:14:c0:bb:f7:9b:d4:84:ac:ba:4a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:42:10 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:15:3a:c1:a0:31:a1:49:09:2d:0e:f0:2f:8d:
                    40:a3:64:4c:e7:e6:21:5f:51:8d:91:09:66:b0:c2:
                    79:91:64:80:6b:bb:c5:18:25:f2:c0:e8:20:72:66:
                    88:36:cc:49:b2:1d:4d:f9:79:2b:6e:48:f4:79:ca:
                    d8:2e:10:2e:a4:a1:b0:be:e5:7e:a3:24:40:55:23:
                    d7:25:06:0f:6f:2c:47:9f:97:fc:a4:4e:b0:2b:2c:
                    8e:73:ff:20:2d:56:09:f9:ad:4b:2e:cc:c1:ea:bf:
                    95:15:7b:fc:1a:18:b1:f5:3a:bb:88:f8:5b:62:74:
                    00:bd:5b:de:0b:42:09:91:76:3c:61:98:02:7e:7d:
                    9b:33:13:2d:45:fd:c6:a0:77:cd:69:07:73:0d:2e:
                    ca:08:51:87:35:3d:35:41:5d:11:98:bb:29:dc:77:
                    b9:99:3c:01:b2:eb:23:7f:c5:9f:87:36:9d:b5:07:
                    60:47:0e:3a:59:df:3f:72:1d:38:a2:3c:2d:f9:d2:
                    80:48:e8:2c:8b:af:24:df:5c:7d:ef:5f:6e:23:e3:
                    0d:86:d1:ac:79:f3:95:8f:68:f9:26:a6:49:15:19:
                    1e:bf:27:f1:de:34:1d:ea:cd:20:8c:8f:59:1e:d4:
                    73:e3:3a:58:10:c3:fb:9a:4b:06:da:2d:d0:f4:d0:
                    d9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:87:45:94:EB:30:CD:DC:EB:98:19:3D:F3:61:78:A6:99:9B:B7:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a802275d-709f-4188-a78c-52e40d99a48f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a9:82:e0:7f:07:84:21:49:35:4a:17:b1:1e:f0:79:87:81:e6:
         c4:4c:eb:7f:d8:1e:08:dc:cb:15:f6:85:dc:f2:fe:ba:ce:28:
         21:01:e9:ee:e8:69:6e:a1:15:2b:9b:22:de:69:6a:ff:40:f3:
         ab:e1:71:50:44:7b:46:03:77:0c:99:fd:2e:45:cb:c1:fe:ba:
         40:f0:1c:d2:22:2b:aa:ff:43:33:da:a1:b0:0b:b4:cb:25:20:
         ea:a2:8f:e3:e1:1b:31:5d:fa:02:21:83:cc:91:83:1b:40:f1:
         58:44:1d:ae:24:c1:59:3a:3c:19:62:da:ab:4d:13:a1:82:fe:
         78:3a:02:89:6b:38:0d:40:d0:88:ce:ce:7d:a2:c9:a2:af:16:
         b8:24:db:ec:8d:b9:c9:58:f1:d5:77:66:c7:30:14:7c:74:b7:
         72:0c:97:31:49:dc:1b:0c:71:ec:72:f2:95:3c:5c:8a:59:31:
         21:bd:fd:8c:10:21:ca:c7:d1:c4:b5:eb:ea:bb:b0:dd:16:5f:
         83:2d:f6:51:9a:83:2a:fa:5e:f4:4b:35:73:73:92:28:cf:eb:
         73:0b:69:a1:01:85:7c:9f:c2:09:ee:7e:3b:e2:c5:9d:ef:19:
         e9:61:ad:44:e3:d6:5f:a3:d4:12:81:db:ac:62:85:21:48:98:
         16:a0:c7:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeyurIz0SKfujFMC795vUhKy6ShYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTU0MjEwWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDkwZmM2MGZhNjg2N2JhMzZjOWUxZTU3OGFhOWViZTc1
ZDc2MzI2NjkzOWU2MTI2Nzk5NTQ2OTY0ZTY3MjYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDFTrBoDGhSQktDvAvjUCjZEzn5iFfUY2RCWawwnmRZIBr
u8UYJfLA6CByZog2zEmyHU35eStuSPR5ytguEC6kobC+5X6jJEBVI9clBg9vLEef
l/ykTrArLI5z/yAtVgn5rUsuzMHqv5UVe/waGLH1OruI+FtidAC9W94LQgmRdjxh
mAJ+fZszEy1F/cagd81pB3MNLsoIUYc1PTVBXRGYuyncd7mZPAGy6yN/xZ+HNp21
B2BHDjpZ3z9yHTiiPC350oBI6CyLryTfXH3vX24j4w2G0ax585WPaPkmpkkVGR6/
J/HeNB3qzSCMj1ke1HPjOlgQw/uaSwbaLdD00NmBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtIdFlOswzdzrmBk982F4ppmbt44wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4MDIyNzVkLTcwOWYtNDE4OC1hNzhjLTUyZTQwZDk5YTQ4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANFAIAwDQYJKoZIhvcNAQELBQADggEBAKmC4H8HhCFJNUoXsR7weYeB5sRM
63/YHgjcyxX2hdzy/rrOKCEB6e7oaW6hFSubIt5pav9A86vhcVBEe0YDdwyZ/S5F
y8H+ukDwHNIiK6r/QzPaobALtMslIOqij+PhGzFd+gIhg8yRgxtA8VhEHa4kwVk6
PBli2qtNE6GC/ng6AolrOA1A0IjOzn2iyaKvFrgk2+yNuclY8dV3ZscwFHx0t3IM
lzFJ3BsMcexy8pU8XIpZMSG9/YwQIcrH0cS16+q7sN0WX4Mt9lGagyr6XvRLNXNz
kijP63MLaaEBhXyfwgnufjvixZ3vGelhrUTj1l+j1BKB26xihSFImBagx4A=
-----END CERTIFICATE-----