Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61c5552e-f911-4049-840d-5f76ab2a6dd0.roa
File:                     61c5552e-f911-4049-840d-5f76ab2a6dd0.roa (raw, json)
Hash identifier:          89LBK+jJ7iLxKbuAoYaT6LTIyJLc/I/7YhHW0dn6OYk=
Subject key identifier:   BC:FD:83:FB:2A:76:35:10:5F:E6:C2:FE:9F:86:4F:FD:9B:50:38:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FE2D1CEAE79594411432640AE85744DFAFF8915
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61c5552e-f911-4049-840d-5f76ab2a6dd0.roa
Signing time:             Mon 20 Jan 2025 00:00:00 +0000
ROA not before:           Mon 20 Jan 2025 00:00:00 +0000
ROA not after:            Mon 24 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        149.187.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e2:d1:ce:ae:79:59:44:11:43:26:40:ae:85:74:4d:fa:ff:89:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 20 00:00:00 2025 GMT
            Not After : Feb 24 23:59:59 2025 GMT
        Subject: serialNumber=710cb4930528deb98562d37047aca8b96610cc24bbef48cf894fc3f329a7ba20, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:fb:7d:6f:2b:e9:57:83:db:ec:1b:ce:d4:a0:
                    ac:a0:fa:03:dd:ad:08:f2:b8:ce:66:35:bd:95:66:
                    74:39:90:1b:0d:ee:5d:ed:83:9a:c6:a5:8a:f5:62:
                    b8:a9:64:19:3a:e5:cf:01:9a:82:df:3f:b9:31:b5:
                    4b:5f:8b:4f:cc:43:6f:e9:16:fa:23:18:eb:2c:35:
                    c5:d3:cd:b7:8a:2b:4c:6f:4a:a4:3c:bc:ad:4a:54:
                    06:1b:51:75:ea:20:f7:fd:25:00:60:83:7a:5c:aa:
                    9d:7f:b4:34:04:35:54:28:5b:b6:a0:d7:f3:cf:3b:
                    20:98:0e:d0:96:38:9e:2a:5a:74:f0:af:aa:56:4b:
                    8e:6b:aa:cf:a0:11:47:00:c7:e7:65:9e:f5:33:89:
                    b0:2c:8b:86:01:4f:82:53:df:70:cd:79:68:bd:be:
                    46:27:b6:47:51:40:f6:5d:9c:11:35:4e:59:f6:4c:
                    13:92:80:22:43:30:81:17:e0:e4:a8:a5:5c:ea:4c:
                    17:d3:dc:e3:d4:01:c9:31:c0:4d:15:fe:27:e1:3f:
                    f1:ed:ba:aa:62:39:5a:0e:47:33:4c:cb:9f:9b:c7:
                    43:e0:d6:85:c2:9c:28:62:86:f0:69:43:9b:4b:84:
                    8d:04:a9:cb:f3:4d:3c:51:88:94:7e:9c:9b:d6:63:
                    5c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:FD:83:FB:2A:76:35:10:5F:E6:C2:FE:9F:86:4F:FD:9B:50:38:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61c5552e-f911-4049-840d-5f76ab2a6dd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.187.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         1b:47:4d:c1:df:99:fc:15:e3:09:a9:d4:c6:88:41:3d:7f:bd:
         4b:89:2a:41:ed:68:8f:5f:f9:7c:10:aa:70:e6:d1:4b:2f:98:
         89:91:75:05:a3:2c:87:d3:d5:9e:cd:99:0b:de:b1:19:6d:c3:
         ae:07:d2:b6:e8:c3:bf:d9:0b:a2:b2:d3:7b:4c:db:57:d9:83:
         8a:21:83:e3:81:79:75:46:bb:90:ca:e4:61:7c:d4:7a:85:1e:
         d0:72:eb:71:b5:83:53:6b:d7:ab:b5:1c:ce:77:10:41:c7:a8:
         59:e9:f6:c8:1f:8f:05:4e:79:30:3d:82:47:f2:2c:5f:47:c0:
         45:1e:3a:18:7d:6d:ca:ef:4f:b7:7c:b4:9b:f0:35:d7:3e:11:
         48:9b:07:17:71:3f:e1:e8:e6:b7:26:3e:8d:0a:9a:fa:8f:61:
         a5:0f:a2:95:7a:eb:09:f7:2d:b7:bf:55:2f:ab:ed:c9:a6:e6:
         25:88:f3:98:82:f0:ee:85:9b:27:fb:fd:1c:59:a9:e0:96:d2:
         ef:4b:f2:05:1a:19:53:8b:bb:68:de:e3:28:f7:16:95:4d:de:
         df:b5:ed:a8:31:16:f3:bb:69:0d:f8:55:d5:5c:21:e5:d7:1d:
         02:8a:05:7c:55:ce:a8:15:64:7f:89:4b:21:43:9b:e9:81:aa:
         87:99:05:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD+LRzq55WUQRQyZAroV0Tfr/iRUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIwMDAwMDAwWhcNMjUwMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTBjYjQ5MzA1MjhkZWI5ODU2MmQzNzA0N2FjYThiOTY2
MTBjYzI0YmJlZjQ4Y2Y4OTRmYzNmMzI5YTdiYTIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe+31vK+lXg9vsG87UoKyg+gPdrQjyuM5mNb2VZnQ5kBsN
7l3tg5rGpYr1YripZBk65c8BmoLfP7kxtUtfi0/MQ2/pFvojGOssNcXTzbeKK0xv
SqQ8vK1KVAYbUXXqIPf9JQBgg3pcqp1/tDQENVQoW7ag1/PPOyCYDtCWOJ4qWnTw
r6pWS45rqs+gEUcAx+dlnvUzibAsi4YBT4JT33DNeWi9vkYntkdRQPZdnBE1Tln2
TBOSgCJDMIEX4OSopVzqTBfT3OPUAckxwE0V/ifhP/HtuqpiOVoORzNMy5+bx0Pg
1oXCnChihvBpQ5tLhI0EqcvzTTxRiJR+nJvWY1wlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvP2D+yp2NRBf5sL+n4ZP/ZtQODAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxYzU1NTJlLWY5MTEtNDA0OS04NDBkLTVmNzZhYjJhNmRkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeVu4AwDQYJKoZIhvcNAQELBQADggEBABtHTcHfmfwV4wmp1MaIQT1/vUuJ
KkHtaI9f+XwQqnDm0UsvmImRdQWjLIfT1Z7NmQvesRltw64H0rbow7/ZC6Ky03tM
21fZg4ohg+OBeXVGu5DK5GF81HqFHtBy63G1g1Nr16u1HM53EEHHqFnp9sgfjwVO
eTA9gkfyLF9HwEUeOhh9bcrvT7d8tJvwNdc+EUibBxdxP+Ho5rcmPo0KmvqPYaUP
opV66wn3Lbe/VS+r7cmm5iWI85iC8O6Fmyf7/RxZqeCW0u9L8gUaGVOLu2je4yj3
FpVN3t+17agxFvO7aQ34VdVcIeXXHQKKBXxVzqgVZH+JSyFDm+mBqoeZBTI=
-----END CERTIFICATE-----