Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c90bc2f-3486-456a-9d24-2194e5e63b08.roa
File:                     1c90bc2f-3486-456a-9d24-2194e5e63b08.roa (raw, json)
Hash identifier:          RJrGgwk/oDLj9N8siRhbaLJBm7TnbEeVViud1biviUo=
Subject key identifier:   36:58:4D:51:3A:68:28:21:9C:B2:3A:B8:5D:6C:B2:A0:9E:27:BB:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       296EF50A03BFFD18A0D611A935F91D01D3496234
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c90bc2f-3486-456a-9d24-2194e5e63b08.roa
Signing time:             Fri 14 Mar 2025 00:02:00 +0000
ROA not before:           Fri 14 Mar 2025 00:02:00 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        165.81.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:6e:f5:0a:03:bf:fd:18:a0:d6:11:a9:35:f9:1d:01:d3:49:62:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:02:00 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8e:04:25:05:75:6b:44:c0:51:01:68:9d:d9:
                    75:9a:89:6c:7c:38:45:b5:f9:e8:d4:70:8c:b6:01:
                    4b:ec:8a:63:7b:71:6c:6b:7f:bf:7b:09:97:8f:35:
                    a1:45:e8:8d:31:be:81:92:92:06:b6:be:c7:48:d3:
                    25:1f:c7:1e:8d:52:a9:73:11:46:21:81:10:56:22:
                    bd:c8:65:36:92:99:98:63:ab:d6:3f:26:9e:93:e9:
                    3f:2a:07:de:de:d5:82:e1:d0:7c:af:32:42:5e:c0:
                    5a:5d:ee:1e:11:c8:28:b3:e3:8c:d1:6b:71:49:27:
                    7d:0c:10:96:61:3c:44:1c:95:63:69:0e:5a:94:8b:
                    7b:51:32:89:f2:22:54:b6:32:c7:c8:ea:9c:59:fd:
                    24:70:fb:34:c3:77:ff:3a:a4:e8:03:b6:00:c8:94:
                    cc:34:c1:82:c0:22:df:d8:f3:6e:d3:55:a1:f5:a8:
                    fd:5c:c9:07:ed:d8:90:df:5f:e3:72:b3:8d:31:e5:
                    b3:46:68:48:82:fe:9d:83:01:8c:50:f6:56:e9:b8:
                    8c:c6:b8:4c:19:a4:46:6d:3f:d0:fa:b3:e9:a3:35:
                    95:4f:1f:60:96:2a:64:2c:11:2d:3d:64:3d:88:d9:
                    e7:e9:4d:9e:62:c1:b7:d7:2a:db:29:43:27:8c:4c:
                    b7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:58:4D:51:3A:68:28:21:9C:B2:3A:B8:5D:6C:B2:A0:9E:27:BB:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c90bc2f-3486-456a-9d24-2194e5e63b08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4a:52:35:82:57:88:11:75:c9:90:1e:6c:09:69:fc:b9:db:90:
         59:1b:7f:45:53:37:c9:dd:cd:80:e9:01:52:8f:08:78:ec:61:
         4a:df:4d:27:54:1e:47:27:b5:57:dc:63:70:d9:a8:30:89:49:
         9f:ee:2f:05:ad:fa:63:44:68:61:09:2f:d0:7c:94:30:e5:49:
         ea:6d:24:ad:03:96:df:fc:f8:1b:a1:09:2f:b0:7c:f1:85:47:
         eb:8c:fb:62:e8:a1:c7:67:e8:9e:24:bc:5f:cc:b0:f2:f0:d1:
         18:0b:49:65:c6:34:bb:fb:b7:30:db:5d:c6:9f:10:fe:4f:bb:
         f6:25:31:95:5f:3d:67:1d:de:92:fa:3a:f2:c8:62:47:27:9a:
         38:69:ae:08:ce:e3:27:5d:34:b3:1d:82:a0:0d:ca:4a:b2:a5:
         5b:1f:9e:54:53:1b:4f:0e:96:92:f1:45:ca:df:b6:25:5f:b2:
         e2:55:83:d5:b3:e8:3f:7a:3a:15:76:e7:41:c3:38:90:f1:d0:
         c8:cb:f1:71:d7:9e:d8:49:8d:39:7f:75:ec:41:11:bd:50:c4:
         fa:f0:12:17:66:57:ee:52:36:47:36:ce:df:f9:35:9e:ee:a3:
         a4:ad:24:a0:ae:85:c3:40:41:42:f7:6c:26:53:75:db:be:6f:
         79:1d:a6:5c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKW71CgO//Rig1hGpNfkdAdNJYjQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAwMjAwWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWM3MWFmYzIxNGE1YzUzMGNhM2MzYjgzOWVkN2UwOWJm
ZjYxYzMwMjc4MjMxMGIzNThhMDAzYmU2MzkyNDQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmjgQlBXVrRMBRAWid2XWaiWx8OEW1+ejUcIy2AUvsimN7
cWxrf797CZePNaFF6I0xvoGSkga2vsdI0yUfxx6NUqlzEUYhgRBWIr3IZTaSmZhj
q9Y/Jp6T6T8qB97e1YLh0HyvMkJewFpd7h4RyCiz44zRa3FJJ30MEJZhPEQclWNp
DlqUi3tRMonyIlS2MsfI6pxZ/SRw+zTDd/86pOgDtgDIlMw0wYLAIt/Y827TVaH1
qP1cyQft2JDfX+Nys40x5bNGaEiC/p2DAYxQ9lbpuIzGuEwZpEZtP9D6s+mjNZVP
H2CWKmQsES09ZD2I2efpTZ5iwbfXKtspQyeMTLfPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNlhNUTpoKCGcsjq4XWyyoJ4nuyMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFjOTBiYzJmLTM0ODYtNDU2YS05ZDI0LTIxOTRlNWU2M2IwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwClUTANBgkqhkiG9w0BAQsFAAOCAQEASlI1gleIEXXJkB5sCWn8uduQWRt/
RVM3yd3NgOkBUo8IeOxhSt9NJ1QeRye1V9xjcNmoMIlJn+4vBa36Y0RoYQkv0HyU
MOVJ6m0krQOW3/z4G6EJL7B88YVH64z7Yuihx2foniS8X8yw8vDRGAtJZcY0u/u3
MNtdxp8Q/k+79iUxlV89Zx3ekvo68shiRyeaOGmuCM7jJ100sx2CoA3KSrKlWx+e
VFMbTw6WkvFFyt+2JV+y4lWD1bPoP3o6FXbnQcM4kPHQyMvxcdee2EmNOX917EER
vVDE+vASF2ZX7lI2RzbO3/k1nu6jpK0koK6Fw0BBQvdsJlN1275veR2mXA==
-----END CERTIFICATE-----