Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6177c01a-062c-4ee0-a13a-c6306967b6d0.roa
File:                     6177c01a-062c-4ee0-a13a-c6306967b6d0.roa (raw, json)
Hash identifier:          yWgjVHdCOxSmb1utrCqHJC6mUxN92F1IYMa0wWNZzSI=
Subject key identifier:   89:A7:A7:D6:AA:90:69:E8:E6:A0:47:88:05:C6:BB:EF:97:A7:17:5C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40A7F486BFE2C08930A4F14B87290DB2803B13C6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6177c01a-062c-4ee0-a13a-c6306967b6d0.roa
Signing time:             Sat 29 Mar 2025 00:51:59 +0000
ROA not before:           Sat 29 Mar 2025 00:51:59 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        174.129.0.0/16 maxlen: 16

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:a7:f4:86:bf:e2:c0:89:30:a4:f1:4b:87:29:0d:b2:80:3b:13:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:51:59 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: serialNumber=c2d344d25d6cf212abced99060c3dbcb08ee2a6f7f54b5d1fbb8417ba4c21fe1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:c3:29:74:3a:02:73:4b:a9:1d:1c:cf:de:
                    16:4b:90:95:28:7f:07:44:c0:15:57:19:cc:a5:70:
                    5d:a1:79:50:f0:c8:73:50:e2:7b:7f:82:c9:1f:e8:
                    05:9d:e3:61:a9:dc:95:20:bc:a9:23:83:fa:29:f0:
                    15:6f:d7:03:68:32:56:2f:96:10:1a:71:4c:d6:0d:
                    98:e7:d1:6e:bf:d2:96:af:23:a7:95:e1:ce:32:f4:
                    b4:7b:0c:72:00:63:de:4b:00:23:c2:3b:cd:38:19:
                    0a:4b:0b:ef:08:18:e5:37:bc:ab:11:38:f7:ab:73:
                    99:15:61:b2:9e:d6:8e:a2:9d:5b:11:93:c5:47:ce:
                    14:e8:1d:eb:54:10:64:28:e0:f3:39:0a:8d:75:71:
                    b9:98:23:50:e1:d9:b9:bf:3e:04:24:ec:43:ac:6d:
                    29:92:b0:e4:2b:e0:4d:e4:06:ed:23:dc:0f:01:6c:
                    1a:7b:ff:70:d2:00:2b:2a:18:66:37:08:2c:b0:0c:
                    ce:32:6b:c8:1f:2e:e9:f4:aa:b3:f3:f3:06:15:da:
                    10:15:a2:54:50:f8:1e:ec:e1:33:ea:1b:4a:f7:1b:
                    c9:60:95:88:41:96:1b:b2:9f:31:71:a8:c7:3b:16:
                    90:64:fe:60:a4:20:1a:84:65:55:09:41:5a:1f:2d:
                    05:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A7:A7:D6:AA:90:69:E8:E6:A0:47:88:05:C6:BB:EF:97:A7:17:5C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6177c01a-062c-4ee0-a13a-c6306967b6d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:fb:d9:b0:82:3f:2c:16:6b:86:0a:06:da:93:13:b5:3a:06:
         a1:b5:da:0f:a3:00:b4:e9:0b:98:74:2b:58:9c:70:17:a2:d0:
         dd:db:9f:e4:d7:e7:ee:a2:77:e9:82:fa:b3:2b:95:88:52:70:
         25:2b:79:34:17:30:eb:32:d8:3b:69:b8:e5:20:fc:55:a3:b6:
         11:ec:5f:e2:54:2a:1d:6c:26:8b:13:f2:3b:89:17:c3:56:05:
         b5:ac:5f:18:2e:c9:cc:3a:45:f9:29:d9:e4:23:f4:b5:6a:f4:
         c5:7d:cf:2c:14:df:26:dd:16:ca:cf:45:48:5e:e1:dd:8d:6a:
         ab:c7:c9:4c:53:90:38:6f:dd:2b:b0:a2:d1:b3:ce:c5:71:dc:
         51:b8:df:83:73:46:e9:7e:1d:81:16:6e:32:4b:f3:33:d6:7d:
         19:ec:e2:50:68:99:df:cb:57:b4:8a:52:74:c0:f0:5d:db:9e:
         79:6c:4a:2a:47:b0:81:3f:6c:33:88:2b:ef:81:8c:5f:41:27:
         b8:45:06:a0:1f:62:7b:56:98:60:a9:4a:90:cb:51:13:82:5e:
         a2:06:ad:09:1c:70:56:a4:c2:84:75:6e:6c:6e:0d:b1:2d:fd:
         46:ec:2b:bd:9a:aa:14:bf:7b:d6:9a:7f:1f:c5:aa:09:87:b1:
         7b:97:72:83
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQKf0hr/iwIkwpPFLhykNsoA7E8YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDA1MTU5WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMmQzNDRkMjVkNmNmMjEyYWJjZWQ5OTA2MGMzZGJjYjA4
ZWUyYTZmN2Y1NGI1ZDFmYmI4NDE3YmE0YzIxZmUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqB8MpdDoCc0upHRzP3hZLkJUofwdEwBVXGcylcF2heVDw
yHNQ4nt/gskf6AWd42Gp3JUgvKkjg/op8BVv1wNoMlYvlhAacUzWDZjn0W6/0pav
I6eV4c4y9LR7DHIAY95LACPCO804GQpLC+8IGOU3vKsROPerc5kVYbKe1o6inVsR
k8VHzhToHetUEGQo4PM5Co11cbmYI1Dh2bm/PgQk7EOsbSmSsOQr4E3kBu0j3A8B
bBp7/3DSACsqGGY3CCywDM4ya8gfLun0qrPz8wYV2hAVolRQ+B7s4TPqG0r3G8lg
lYhBlhuynzFxqMc7FpBk/mCkIBqEZVUJQVofLQWtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiaen1qqQaejmoEeIBca775enF1wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxNzdjMDFhLTA2MmMtNGVlMC1hMTNhLWM2MzA2OTY3YjZkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCugTANBgkqhkiG9w0BAQsFAAOCAQEAffvZsII/LBZrhgoG2pMTtToGobXa
D6MAtOkLmHQrWJxwF6LQ3duf5Nfn7qJ36YL6syuViFJwJSt5NBcw6zLYO2m45SD8
VaO2Eexf4lQqHWwmixPyO4kXw1YFtaxfGC7JzDpF+SnZ5CP0tWr0xX3PLBTfJt0W
ys9FSF7h3Y1qq8fJTFOQOG/dK7Ci0bPOxXHcUbjfg3NG6X4dgRZuMkvzM9Z9Gezi
UGiZ38tXtIpSdMDwXdueeWxKKkewgT9sM4gr74GMX0EnuEUGoB9ie1aYYKlKkMtR
E4JeogatCRxwVqTChHVubG4NsS39RuwrvZqqFL971pp/H8WqCYexe5dygw==
-----END CERTIFICATE-----