Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee6644d9-3367-43f8-ae7b-f2e48733177c.roa
File:                     ee6644d9-3367-43f8-ae7b-f2e48733177c.roa (raw, json)
Hash identifier:          Y8JKEX2YJxzSdzF1DLCV7uBSuR5Gu6Wm3HMWtB/Tff8=
Subject key identifier:   64:D1:AA:C1:61:49:80:C9:AF:3C:A9:97:B0:35:33:57:60:24:EC:0B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       181275AD58BC715B559797EDC7246747A6ECE199
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee6644d9-3367-43f8-ae7b-f2e48733177c.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.220.72.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:12:75:ad:58:bc:71:5b:55:97:97:ed:c7:24:67:47:a6:ec:e1:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=ab649b25fe6354e14f76b51caf5c9211864f66219ab30d25bc76f5442c5fce3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:14:8c:9c:a9:ed:74:94:c5:19:9f:08:8c:b2:
                    a8:2d:f1:5d:e5:3f:55:20:a7:ae:39:ac:5c:10:c0:
                    29:f6:fd:f9:ca:90:cb:f3:3b:fe:55:d5:3a:e6:74:
                    06:5e:f7:fc:4a:34:11:c6:1b:ae:4e:66:5a:3d:78:
                    6c:58:21:c2:f5:65:53:96:cc:36:13:75:50:81:24:
                    ad:31:97:ff:38:60:13:1d:14:ba:7c:5d:7f:f0:af:
                    a6:9e:e0:82:d5:dc:93:b1:90:d6:d0:71:6e:8d:fb:
                    bd:70:41:ed:9b:14:e5:28:3a:b3:9d:29:12:c8:3d:
                    f1:47:6c:d7:16:19:da:9b:db:94:e6:82:ed:4e:f8:
                    e0:91:a9:b2:1e:89:19:2a:dd:2e:1f:42:48:12:61:
                    59:cc:53:f1:04:71:a5:3c:dc:5c:a7:d6:ef:54:5f:
                    80:90:ac:58:72:a5:0b:96:30:bf:b6:73:1b:95:92:
                    81:b4:b2:6b:5a:89:5e:99:da:ad:3d:52:86:8e:30:
                    d4:21:29:e4:d3:16:2c:ac:06:d9:53:84:15:b0:dd:
                    de:18:0b:8b:59:08:be:a1:0a:e9:0c:5b:4f:6b:ff:
                    c0:bc:f7:d3:61:fb:65:86:9e:9f:e2:af:fc:63:57:
                    9a:d8:9c:6f:e5:f3:ea:89:08:d8:ac:74:be:60:1c:
                    5e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:D1:AA:C1:61:49:80:C9:AF:3C:A9:97:B0:35:33:57:60:24:EC:0B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee6644d9-3367-43f8-ae7b-f2e48733177c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.220.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:ac:70:2e:a2:5f:b1:3f:45:c0:de:30:9c:47:40:53:f9:0e:
         c5:c7:87:21:2d:8e:02:18:9b:30:88:8b:53:7a:9d:cf:f2:9f:
         b0:67:e2:84:59:60:04:43:d2:14:d8:15:10:a0:be:7f:f1:be:
         81:d3:d5:d6:da:03:cb:13:28:3e:07:22:53:2b:ab:58:a3:2c:
         db:89:04:d4:d2:fb:68:5b:eb:65:9e:d9:c8:d2:72:52:f6:12:
         be:4c:1e:74:51:ae:df:e4:da:b3:10:d4:1e:62:92:89:37:79:
         7c:78:fc:8f:76:c4:83:0c:28:11:ea:79:16:ca:34:8f:a7:84:
         5c:83:fa:38:82:b3:ea:78:d1:1e:cc:c0:5a:2c:ff:ed:a4:be:
         37:e7:9b:53:50:b6:1c:cd:5d:04:35:1e:be:6d:b3:db:32:34:
         eb:f6:d6:e0:e9:ab:4f:fc:82:a6:0c:c5:75:25:9c:f4:87:97:
         5d:be:5a:f8:4e:15:41:08:9b:17:09:cd:b2:f7:93:99:a9:77:
         73:cf:e1:b3:aa:cc:69:e8:2a:4c:79:89:cb:9f:2c:46:03:29:
         40:dc:bd:38:58:a4:89:62:0b:03:4c:35:63:8e:cb:05:7d:ba:
         aa:1f:e1:61:6b:53:e5:f7:a8:a6:7c:7c:1d:4a:29:cd:de:4f:
         bf:75:36:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGBJ1rVi8cVtVl5ftxyRnR6bs4ZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjY0OWIyNWZlNjM1NGUxNGY3NmI1MWNhZjVjOTIxMTg2
NGY2NjIxOWFiMzBkMjViYzc2ZjU0NDJjNWZjZTNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+FIycqe10lMUZnwiMsqgt8V3lP1Ugp645rFwQwCn2/fnK
kMvzO/5V1TrmdAZe9/xKNBHGG65OZlo9eGxYIcL1ZVOWzDYTdVCBJK0xl/84YBMd
FLp8XX/wr6ae4ILV3JOxkNbQcW6N+71wQe2bFOUoOrOdKRLIPfFHbNcWGdqb25Tm
gu1O+OCRqbIeiRkq3S4fQkgSYVnMU/EEcaU83Fyn1u9UX4CQrFhypQuWML+2cxuV
koG0smtaiV6Z2q09UoaOMNQhKeTTFiysBtlThBWw3d4YC4tZCL6hCukMW09r/8C8
99Nh+2WGnp/ir/xjV5rYnG/l8+qJCNisdL5gHF6XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZNGqwWFJgMmvPKmXsDUzV2Ak7AswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VlNjY0NGQ5LTMzNjctNDNmOC1hZTdiLWYyZTQ4NzMzMTc3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIs3EgwDQYJKoZIhvcNAQELBQADggEBAAmscC6iX7E/RcDeMJxHQFP5DsXH
hyEtjgIYmzCIi1N6nc/yn7Bn4oRZYARD0hTYFRCgvn/xvoHT1dbaA8sTKD4HIlMr
q1ijLNuJBNTS+2hb62We2cjSclL2Er5MHnRRrt/k2rMQ1B5ikok3eXx4/I92xIMM
KBHqeRbKNI+nhFyD+jiCs+p40R7MwFos/+2kvjfnm1NQthzNXQQ1Hr5ts9syNOv2
1uDpq0/8gqYMxXUlnPSHl12+WvhOFUEImxcJzbL3k5mpd3PP4bOqzGnoKkx5icuf
LEYDKUDcvThYpIliCwNMNWOOywV9uqof4WFrU+X3qKZ8fB1KKc3eT791NsM=
-----END CERTIFICATE-----