Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf9d8dd0-e7aa-4698-be38-aecd8be5af6b.roa
File:                     bf9d8dd0-e7aa-4698-be38-aecd8be5af6b.roa (raw, json)
Hash identifier:          QQziTwAokYLdgSqw/uA3Y+Tmk8F9dIFmxqNxjk3cZj8=
Subject key identifier:   D1:49:22:D9:79:EC:2A:90:6B:BD:8A:B2:6B:CA:9F:06:43:F5:78:16
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E581128C839C90FF7BE51C42EE70048CC6CCBFC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf9d8dd0-e7aa-4698-be38-aecd8be5af6b.roa
Signing time:             Mon 14 Apr 2025 15:21:21 +0000
ROA not before:           Mon 14 Apr 2025 15:21:21 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        184.72.128.0/17 maxlen: 17

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:58:11:28:c8:39:c9:0f:f7:be:51:c4:2e:e7:00:48:cc:6c:cb:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 14 15:21:21 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=7d780e98aeb0bf57015fe3197866b909da19b03c252086956e221996020647e0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1e:a0:5c:b4:8d:32:c5:e4:b0:b0:61:75:a6:
                    5a:53:19:e8:23:f6:73:e6:69:03:2e:3d:85:c4:1d:
                    12:51:99:25:d9:18:b7:c5:d2:ba:2a:44:1c:43:23:
                    a8:9d:3e:b5:38:60:aa:2c:ae:0a:c2:da:cc:c2:9d:
                    d3:67:01:27:a5:68:2f:66:b6:e4:90:7c:83:70:55:
                    bc:cc:62:21:bc:f2:5e:e8:cc:29:57:5b:52:9c:b0:
                    50:2f:37:67:37:7d:7e:07:43:dd:b2:51:04:bf:ec:
                    cd:91:c9:b3:68:9c:2a:e6:d4:19:9d:2d:94:cd:d0:
                    2c:94:d3:ed:0d:6a:ff:48:9b:9d:38:6b:a0:54:90:
                    99:77:96:bb:8d:1e:4d:f9:03:56:43:28:e1:c1:42:
                    dc:13:a0:bd:10:2b:40:7f:81:54:0d:7b:4f:b5:db:
                    a3:73:1d:48:68:90:7f:6c:d4:63:97:92:59:4a:7e:
                    a4:eb:33:8b:cc:4a:e4:23:fe:ed:94:08:10:02:d6:
                    dd:55:e4:9a:2a:af:f9:f8:a3:61:90:64:81:b5:7e:
                    23:c0:cf:c8:88:a8:28:3b:83:30:b6:80:c5:06:30:
                    58:e7:3c:47:97:58:0f:b5:a2:ef:27:d7:d0:c7:24:
                    44:d7:29:d9:d9:0a:aa:52:a1:fa:33:f6:6a:6b:8c:
                    ec:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:49:22:D9:79:EC:2A:90:6B:BD:8A:B2:6B:CA:9F:06:43:F5:78:16
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf9d8dd0-e7aa-4698-be38-aecd8be5af6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  184.72.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         60:c6:07:d8:79:b5:56:4b:4f:b9:7a:19:3a:09:41:d7:e5:f7:
         be:7a:7a:14:19:57:2c:23:43:7a:96:e5:d0:60:93:af:f7:54:
         e0:3b:e5:45:fa:bd:37:12:6e:8f:e0:a2:b3:68:6e:a7:2d:5b:
         64:2f:ae:f2:a8:4e:1e:a4:9a:29:f9:ee:a5:e9:e8:17:75:cf:
         7e:a4:6c:a3:c1:c5:1f:9a:00:a1:eb:90:51:65:a8:3a:3e:e3:
         54:68:a3:92:02:c6:a6:01:4d:f9:99:2c:52:bd:67:ba:57:36:
         e2:16:f0:70:5f:f5:69:05:d7:50:b4:76:40:c0:4c:44:ce:32:
         46:31:aa:f2:f8:ac:49:12:ff:53:d3:ef:48:89:ea:40:ae:37:
         6b:46:56:3d:65:a3:e8:22:a4:25:17:04:07:a0:1e:8e:06:f3:
         8a:18:85:88:a4:b9:00:7a:65:96:c9:2b:95:fd:db:55:4c:6a:
         ba:ef:5c:1e:89:70:c0:01:b4:2e:cb:6b:cc:86:c1:b0:49:f2:
         60:6c:83:91:10:93:83:f1:7c:38:0e:42:20:64:af:99:f0:c4:
         a0:5b:a9:10:91:46:95:a3:66:c5:ec:13:dd:3e:be:17:ab:38:
         b7:cd:f2:fa:37:b2:23:48:56:7e:03:6f:a2:c8:a9:33:cb:ff:
         e1:70:65:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUblgRKMg5yQ/3vlHELucASMxsy/wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE0MTUyMTIxWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDc4MGU5OGFlYjBiZjU3MDE1ZmUzMTk3ODY2YjkwOWRh
MTliMDNjMjUyMDg2OTU2ZTIyMTk5NjAyMDY0N2UwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUHqBctI0yxeSwsGF1plpTGegj9nPmaQMuPYXEHRJRmSXZ
GLfF0roqRBxDI6idPrU4YKosrgrC2szCndNnASelaC9mtuSQfINwVbzMYiG88l7o
zClXW1KcsFAvN2c3fX4HQ92yUQS/7M2RybNonCrm1BmdLZTN0CyU0+0Nav9Im504
a6BUkJl3lruNHk35A1ZDKOHBQtwToL0QK0B/gVQNe0+126NzHUhokH9s1GOXkllK
fqTrM4vMSuQj/u2UCBAC1t1V5Joqr/n4o2GQZIG1fiPAz8iIqCg7gzC2gMUGMFjn
PEeXWA+1ou8n19DHJETXKdnZCqpSofoz9mprjOwfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0Uki2XnsKpBrvYqya8qfBkP1eBYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmOWQ4ZGQwLWU3YWEtNDY5OC1iZTM4LWFlY2Q4YmU1YWY2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAe4SIAwDQYJKoZIhvcNAQELBQADggEBAGDGB9h5tVZLT7l6GToJQdfl9756
ehQZVywjQ3qW5dBgk6/3VOA75UX6vTcSbo/gorNobqctW2QvrvKoTh6kmin57qXp
6Bd1z36kbKPBxR+aAKHrkFFlqDo+41Roo5ICxqYBTfmZLFK9Z7pXNuIW8HBf9WkF
11C0dkDATETOMkYxqvL4rEkS/1PT70iJ6kCuN2tGVj1lo+gipCUXBAegHo4G84oY
hYikuQB6ZZbJK5X921VMarrvXB6JcMABtC7La8yGwbBJ8mBsg5EQk4PxfDgOQiBk
r5nwxKBbqRCRRpWjZsXsE90+vherOLfN8vo3siNIVn4Db6LIqTPL/+FwZfk=
-----END CERTIFICATE-----