Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17a05282-c7fc-4bec-b3db-2b1e5d02f539.roa
File:                     17a05282-c7fc-4bec-b3db-2b1e5d02f539.roa (raw, json)
Hash identifier:          ahvuLB53SC/8hEqp6GCLqjl631Lz7LCk9uMmHnxj/KY=
Subject key identifier:   AF:AD:3B:07:A8:39:72:8B:8F:59:62:98:9C:FF:82:66:6B:75:44:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45F13A44B34E566C83D6DBFBF8BC69FEFD94D3F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17a05282-c7fc-4bec-b3db-2b1e5d02f539.roa
Signing time:             Mon 10 Mar 2025 15:00:14 +0000
ROA not before:           Mon 10 Mar 2025 15:00:14 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        165.113.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:f1:3a:44:b3:4e:56:6c:83:d6:db:fb:f8:bc:69:fe:fd:94:d3:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:00:14 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:14:34:9f:4e:67:5f:ce:06:82:ad:de:91:cc:
                    2e:58:13:3c:05:03:54:cd:31:d6:d5:ab:b7:b2:21:
                    81:2a:57:67:db:cb:af:89:3f:14:e7:d9:a5:29:b6:
                    a7:b7:97:66:34:66:6c:21:d1:43:6c:90:1e:d4:19:
                    09:c2:38:9d:73:9d:36:1c:1a:c8:bf:2c:fb:04:b7:
                    ac:58:e2:f4:28:c8:04:f3:45:66:21:3f:f0:45:c1:
                    75:82:93:cf:a7:3a:de:33:7e:6a:40:d8:c4:14:47:
                    44:28:4f:6d:c7:d0:9e:eb:24:e3:38:d4:58:a8:1d:
                    5d:9d:f4:be:11:07:7e:74:4f:b2:be:2a:04:c4:89:
                    f7:3a:a4:89:ed:64:76:45:f5:41:9d:41:e0:85:cb:
                    75:20:67:72:e7:4a:d4:63:0c:f6:97:a4:c8:ad:fb:
                    7e:dc:08:d9:11:a3:c6:c2:8e:b8:45:a0:1d:02:6e:
                    e4:72:d3:fe:05:6c:81:bf:26:2a:d4:8c:ec:b0:cf:
                    41:e6:32:2d:8e:4f:83:e3:27:c2:e0:8c:0b:44:ed:
                    76:c1:2e:3a:57:17:ff:8c:c2:2a:6a:32:b8:34:ad:
                    15:e7:69:9f:c7:25:f9:90:13:dd:87:5a:7d:b7:07:
                    04:d2:8d:10:1e:47:3f:e5:4c:1b:7b:a8:47:cd:ad:
                    ad:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AD:3B:07:A8:39:72:8B:8F:59:62:98:9C:FF:82:66:6B:75:44:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17a05282-c7fc-4bec-b3db-2b1e5d02f539.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.113.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bc:5f:bb:e4:3a:e3:20:b9:55:51:1d:2a:c6:56:63:59:36:94:
         37:f3:9c:f7:2d:3a:bf:c2:57:1f:c6:79:89:c3:b2:50:cb:d9:
         50:3e:d4:9a:cb:81:b6:d7:db:6b:55:e8:5b:45:1d:3e:d8:27:
         3f:9b:13:89:f9:13:b0:ee:93:22:8e:bd:2c:66:36:9d:30:d0:
         58:36:1b:cd:72:83:3c:97:f3:ce:ff:57:0f:90:2c:b1:ef:2b:
         56:4a:a1:18:4f:8d:31:4d:9c:df:99:02:5a:6f:c3:17:7d:be:
         81:45:8d:8f:83:30:2d:ac:07:57:f7:94:dd:53:95:fb:16:73:
         aa:3e:b2:74:09:2f:9e:54:ff:34:7e:27:2f:e3:bb:9a:94:8e:
         60:0c:a2:04:a7:d7:e5:71:97:34:6a:77:9f:54:d2:a0:cc:ba:
         e6:53:a9:ab:8f:2e:0b:c8:ee:1f:47:16:33:29:1c:06:45:8a:
         27:c1:98:5a:8a:e4:cf:a6:80:68:10:fc:2e:25:42:60:03:30:
         49:aa:d0:00:fb:f9:b2:fb:89:a8:92:98:26:80:5e:54:6d:fe:
         d0:95:a2:44:3f:56:19:c7:a6:22:b3:db:78:17:89:02:47:f7:
         96:4b:67:9b:01:d3:ea:ae:e7:ba:51:46:11:0c:45:fd:01:6c:
         f7:57:ae:35
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURfE6RLNOVmyD1tv7+Lxp/v2U0/QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUwMDE0WhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTAxMmVkZjg4OGQyNmI2NGYwYzQ2MDE5Y2YwNTE0NzQy
MjE4ZmZjMGY5NzJlNjEyNDRlNTQyYzM1MzU4MjVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiFDSfTmdfzgaCrd6RzC5YEzwFA1TNMdbVq7eyIYEqV2fb
y6+JPxTn2aUptqe3l2Y0Zmwh0UNskB7UGQnCOJ1znTYcGsi/LPsEt6xY4vQoyATz
RWYhP/BFwXWCk8+nOt4zfmpA2MQUR0QoT23H0J7rJOM41FioHV2d9L4RB350T7K+
KgTEifc6pIntZHZF9UGdQeCFy3UgZ3LnStRjDPaXpMit+37cCNkRo8bCjrhFoB0C
buRy0/4FbIG/JirUjOywz0HmMi2OT4PjJ8LgjAtE7XbBLjpXF/+MwipqMrg0rRXn
aZ/HJfmQE92HWn23BwTSjRAeRz/lTBt7qEfNra2JAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUr607B6g5couPWWKYnP+CZmt1RBowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE3YTA1MjgyLWM3ZmMtNGJlYy1iM2RiLTJiMWU1ZDAyZjUzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwClcTANBgkqhkiG9w0BAQsFAAOCAQEAvF+75DrjILlVUR0qxlZjWTaUN/Oc
9y06v8JXH8Z5icOyUMvZUD7UmsuBttfba1XoW0UdPtgnP5sTifkTsO6TIo69LGY2
nTDQWDYbzXKDPJfzzv9XD5Asse8rVkqhGE+NMU2c35kCWm/DF32+gUWNj4MwLawH
V/eU3VOV+xZzqj6ydAkvnlT/NH4nL+O7mpSOYAyiBKfX5XGXNGp3n1TSoMy65lOp
q48uC8juH0cWMykcBkWKJ8GYWorkz6aAaBD8LiVCYAMwSarQAPv5svuJqJKYJoBe
VG3+0JWiRD9WGcemIrPbeBeJAkf3lktnmwHT6q7nulFGEQxF/QFs91euNQ==
-----END CERTIFICATE-----