Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04458f53-1b58-4ea6-b808-1d18094e2918.roa
File:                     04458f53-1b58-4ea6-b808-1d18094e2918.roa (raw, json)
Hash identifier:          TP4ll6LtRGTReJAamCZnU6AZfeVETd17uEJnE3WfOiE=
Subject key identifier:   76:2A:85:93:2F:A8:96:97:2A:A7:DE:DF:52:52:C5:7B:21:AD:D9:D6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1368FFEB33F84F153C8C1BAA917CDFF6B3F592A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04458f53-1b58-4ea6-b808-1d18094e2918.roa
Signing time:             Tue 04 Mar 2025 16:11:37 +0000
ROA not before:           Tue 04 Mar 2025 16:11:37 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.182.224.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:68:ff:eb:33:f8:4f:15:3c:8c:1b:aa:91:7c:df:f6:b3:f5:92:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 16:11:37 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:88:d8:58:b3:94:1e:ca:33:fb:ee:32:c9:33:
                    ca:6f:96:2d:ed:65:4b:7d:32:5d:92:f6:90:2d:b9:
                    9f:df:06:b8:13:f8:60:6e:1c:d2:13:34:d9:27:42:
                    d7:97:3f:3a:b0:23:95:b0:64:2b:ba:46:bf:63:04:
                    fe:b9:75:24:ad:99:bd:74:ff:5e:b6:71:2a:22:65:
                    ba:fe:0a:dc:c8:c4:e4:07:04:52:de:34:2e:0a:0e:
                    89:08:e4:3e:73:c3:81:a8:a6:96:ea:09:92:02:a7:
                    58:4e:8c:0e:c7:5d:41:87:d5:82:ad:f6:b0:52:63:
                    76:53:25:1b:02:66:0a:f1:2f:2a:bd:3a:e2:cc:61:
                    eb:f0:2b:d5:73:d2:01:5b:87:37:19:8c:db:70:7c:
                    5d:a4:19:90:d5:fe:b0:32:d9:52:1b:cd:d8:5d:0b:
                    a7:7b:9a:2c:07:a0:19:fa:8a:ff:33:8a:dd:19:0c:
                    1c:f7:02:fc:04:06:3f:be:32:2b:b4:8e:96:e9:03:
                    53:d6:b0:33:f1:14:37:58:95:68:97:0d:ce:29:41:
                    ad:42:2b:59:0b:18:66:9e:42:c2:c1:ac:22:85:31:
                    94:db:2f:00:99:4e:c3:c8:af:af:19:c2:55:e2:73:
                    99:65:de:fc:0e:95:2b:86:5e:1a:3b:33:56:0f:da:
                    3c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:2A:85:93:2F:A8:96:97:2A:A7:DE:DF:52:52:C5:7B:21:AD:D9:D6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04458f53-1b58-4ea6-b808-1d18094e2918.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         aa:f0:7f:95:24:e9:62:ba:6e:4a:ab:b3:19:7d:61:e9:a2:19:
         10:d5:c0:cd:56:6c:c6:df:06:d2:1c:64:46:b8:e1:7c:6d:c4:
         bf:37:0a:41:bd:84:61:25:2a:b6:41:75:bf:eb:db:5e:7a:2a:
         e9:1d:07:4a:b6:65:22:3a:e6:5c:e9:3d:d9:40:86:d5:ec:bd:
         c9:10:5e:51:ef:bd:75:06:a0:f9:00:02:07:fa:51:26:99:34:
         44:96:eb:44:8c:6a:8a:c5:0f:12:e0:2a:61:68:6d:50:9a:64:
         3d:c7:3d:f3:8b:f4:38:9c:0a:bb:2b:56:95:03:f1:c8:e1:fd:
         f9:80:8c:a2:a6:d9:05:ca:d5:1a:47:6c:8e:95:90:64:1e:ce:
         31:c9:a3:b7:05:38:ad:59:38:2d:51:b8:6e:7f:61:11:43:69:
         97:97:28:2a:99:73:ab:f3:77:a2:7b:be:3b:19:8a:18:29:e8:
         6f:f8:b6:ac:6b:28:04:3c:90:2e:94:90:8f:8e:e7:14:30:4c:
         00:73:bf:c6:64:9c:e5:ce:b5:b9:4f:42:12:a4:1a:87:37:c0:
         71:bb:d7:76:e3:a9:fa:d2:47:06:c1:10:15:02:e4:f7:85:6b:
         b2:71:53:7d:6e:01:8f:c8:d7:d6:8b:90:5e:b6:27:cf:5f:c7:
         b3:c2:17:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE2j/6zP4TxU8jBuqkXzf9rP1kqIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTYxMTM3WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODc1ODZiYWMxYzQ3ZDQ5NDgyYmU1OTYxODhhY2UzODU3
MmE1N2NjYjk4NDJjY2YwNDFhNTllZGQ1NjZlMmFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjiNhYs5QeyjP77jLJM8pvli3tZUt9Ml2S9pAtuZ/fBrgT
+GBuHNITNNknQteXPzqwI5WwZCu6Rr9jBP65dSStmb10/162cSoiZbr+CtzIxOQH
BFLeNC4KDokI5D5zw4GoppbqCZICp1hOjA7HXUGH1YKt9rBSY3ZTJRsCZgrxLyq9
OuLMYevwK9Vz0gFbhzcZjNtwfF2kGZDV/rAy2VIbzdhdC6d7miwHoBn6iv8zit0Z
DBz3AvwEBj++Miu0jpbpA1PWsDPxFDdYlWiXDc4pQa1CK1kLGGaeQsLBrCKFMZTb
LwCZTsPIr68ZwlXic5ll3vwOlSuGXho7M1YP2jz1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdiqFky+olpcqp97fUlLFeyGt2dYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0NDU4ZjUzLTFiNTgtNGVhNi1iODA4LTFkMTgwOTRlMjkxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYtuAwDQYJKoZIhvcNAQELBQADggEBAKrwf5Uk6WK6bkqrsxl9YemiGRDV
wM1WbMbfBtIcZEa44XxtxL83CkG9hGElKrZBdb/r2156KukdB0q2ZSI65lzpPdlA
htXsvckQXlHvvXUGoPkAAgf6USaZNESW60SMaorFDxLgKmFobVCaZD3HPfOL9Dic
CrsrVpUD8cjh/fmAjKKm2QXK1RpHbI6VkGQezjHJo7cFOK1ZOC1RuG5/YRFDaZeX
KCqZc6vzd6J7vjsZihgp6G/4tqxrKAQ8kC6UkI+O5xQwTABzv8ZknOXOtblPQhKk
Goc3wHG713bjqfrSRwbBEBUC5PeFa7JxU31uAY/I19aLkF62J89fx7PCF4U=
-----END CERTIFICATE-----