Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00b2d563-9558-42a3-af91-c49abf2fc92c.roa
File:                     00b2d563-9558-42a3-af91-c49abf2fc92c.roa (raw, json)
Hash identifier:          Mvugh4JP6BCKjUnCR/vNxn7oZv4QfFhmzJhU1E4JcRc=
Subject key identifier:   F8:D8:72:AF:10:2C:6A:99:5E:4E:B8:5E:6B:C9:F1:74:5D:99:DB:47
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B3F734572FDFB93342D1FD1636740D8C077FEB7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00b2d563-9558-42a3-af91-c49abf2fc92c.roa
Signing time:             Tue 11 Mar 2025 00:01:02 +0000
ROA not before:           Tue 11 Mar 2025 00:01:02 +0000
ROA not after:            Tue 15 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        67.35.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:3f:73:45:72:fd:fb:93:34:2d:1f:d1:63:67:40:d8:c0:77:fe:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 11 00:01:02 2025 GMT
            Not After : Apr 15 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1f:f0:1a:63:c0:89:fa:1c:02:98:bb:2b:dd:
                    ba:db:83:df:55:42:4b:d7:1b:25:51:d0:7a:0f:4e:
                    95:e9:f4:16:75:8e:52:38:87:4d:88:45:fa:4f:13:
                    cc:95:0d:23:bb:fa:65:f7:16:9f:54:eb:93:9f:6b:
                    22:63:04:2b:78:ad:fc:a6:21:b1:ed:8b:0d:52:87:
                    21:f1:34:ea:72:a5:37:45:76:39:15:31:16:5c:3b:
                    fb:35:a6:bc:71:62:e9:7b:c3:cd:06:5f:9f:cd:f3:
                    a0:cb:d2:5f:d8:79:c0:43:32:80:7c:c8:dc:a5:32:
                    02:77:a8:83:ed:ea:84:d8:7c:f2:e2:25:c7:92:f8:
                    ba:3f:db:4d:e7:51:38:18:6b:d7:dd:44:ef:1b:fb:
                    66:02:8f:0c:dd:a3:3a:f5:77:6a:23:73:00:96:67:
                    f6:1a:47:c6:8d:b5:11:1b:22:73:dd:6b:63:e3:6c:
                    8e:7e:1b:93:ce:15:f2:4e:ba:9d:b9:72:17:ce:32:
                    6f:75:05:73:83:d3:06:ea:2d:17:89:71:ea:58:b7:
                    9a:71:b5:10:67:eb:d9:b4:ed:9c:8e:d4:47:a8:d9:
                    32:ff:69:19:23:d1:c3:46:0e:12:64:d2:6a:c6:05:
                    85:5d:2d:4d:13:81:d2:85:fa:8f:62:88:22:cc:d4:
                    11:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D8:72:AF:10:2C:6A:99:5E:4E:B8:5E:6B:C9:F1:74:5D:99:DB:47
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00b2d563-9558-42a3-af91-c49abf2fc92c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:91:f9:37:4e:14:3c:8d:91:bd:a3:f0:7d:ba:de:7c:ef:89:
         1c:01:cb:27:23:5f:eb:27:45:21:77:44:a7:17:fe:6d:40:a6:
         e1:e8:7b:ad:b5:ff:d1:31:84:96:39:09:5c:41:51:3d:30:22:
         3d:05:53:aa:be:78:ab:55:eb:46:b6:2f:14:2a:67:69:ad:3a:
         5d:a1:8b:dc:6f:2c:33:27:57:53:83:62:12:15:c8:56:0d:68:
         1f:e6:c0:eb:40:2a:ee:11:fc:8a:64:c9:bc:83:34:3a:b2:3d:
         fa:8d:2d:e6:15:a1:5a:78:14:49:62:7b:d5:a2:8b:4b:ac:e7:
         6c:62:80:0c:8a:9f:cf:69:fd:35:21:0e:be:0a:9e:45:ef:d7:
         93:48:7e:aa:8d:8d:58:6e:57:69:33:ff:eb:4c:7a:d2:de:99:
         ee:8a:f8:40:da:93:fd:f0:10:aa:2b:cf:8b:ec:9e:63:90:d4:
         8d:e4:16:34:ec:db:1c:64:25:cd:a6:19:84:5c:8a:08:60:89:
         11:7b:bf:9e:15:b1:09:62:a2:09:00:5a:d7:23:ed:43:0b:f9:
         f2:ad:60:f4:c9:86:ce:01:a3:83:0e:8c:7b:b0:c5:ff:b5:af:
         9d:05:36:be:a2:02:66:6d:a8:28:f8:d6:2c:1c:f0:a7:1f:8f:
         03:ff:6b:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWz9zRXL9+5M0LR/RY2dA2MB3/rcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzExMDAwMTAyWhcNMjUwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYTY4YzIyOTFhZGRiMWMzYTk1NzA5ZGJkZGE0NDViNTA4
OWY0ZTU4N2YwZmRjY2QyOGJiY2JiM2VmNmJhNjJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAH/AaY8CJ+hwCmLsr3brbg99VQkvXGyVR0HoPTpXp9BZ1
jlI4h02IRfpPE8yVDSO7+mX3Fp9U65OfayJjBCt4rfymIbHtiw1ShyHxNOpypTdF
djkVMRZcO/s1prxxYul7w80GX5/N86DL0l/YecBDMoB8yNylMgJ3qIPt6oTYfPLi
JceS+Lo/203nUTgYa9fdRO8b+2YCjwzdozr1d2ojcwCWZ/YaR8aNtREbInPda2Pj
bI5+G5POFfJOup25chfOMm91BXOD0wbqLReJcepYt5pxtRBn69m07ZyO1Eeo2TL/
aRkj0cNGDhJk0mrGBYVdLU0TgdKF+o9iiCLM1BFlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+NhyrxAsapleTrhea8nxdF2Z20cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAwYjJkNTYzLTk1NTgtNDJhMy1hZjkxLWM0OWFiZjJmYzkyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBDIzANBgkqhkiG9w0BAQsFAAOCAQEAWJH5N04UPI2RvaPwfbrefO+JHAHL
JyNf6ydFIXdEpxf+bUCm4eh7rbX/0TGEljkJXEFRPTAiPQVTqr54q1XrRrYvFCpn
aa06XaGL3G8sMydXU4NiEhXIVg1oH+bA60Aq7hH8imTJvIM0OrI9+o0t5hWhWngU
SWJ71aKLS6znbGKADIqfz2n9NSEOvgqeRe/Xk0h+qo2NWG5XaTP/60x60t6Z7or4
QNqT/fAQqivPi+yeY5DUjeQWNOzbHGQlzaYZhFyKCGCJEXu/nhWxCWKiCQBa1yPt
Qwv58q1g9MmGzgGjgw6Me7DF/7WvnQU2vqICZm2oKPjWLBzwpx+PA/9r6w==
-----END CERTIFICATE-----