Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/25155f0e-306e-4adb-8e5e-8f1ee87796e1.roa
File:                     25155f0e-306e-4adb-8e5e-8f1ee87796e1.roa (raw, json)
Hash identifier:          h31UsKVgCr9tkOJNvk30a1ovUA40oAqcHumI+drgYZw=
Subject key identifier:   DC:40:DD:23:5E:C2:A6:A5:1B:C3:5C:79:7A:67:77:35:8F:39:F8:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6EAFC5FB1847DCDB14819376B013778F7F140D4D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/25155f0e-306e-4adb-8e5e-8f1ee87796e1.roa
Signing time:             Tue 04 Mar 2025 17:10:39 +0000
ROA not before:           Tue 04 Mar 2025 17:10:39 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.68.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:af:c5:fb:18:47:dc:db:14:81:93:76:b0:13:77:8f:7f:14:0d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:10:39 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4f:09:c9:14:a6:3a:c7:3d:31:17:7f:c9:b6:
                    b9:cf:49:3f:56:d3:26:41:92:2b:29:56:67:85:07:
                    24:89:73:73:8e:4b:3a:34:f3:91:d9:59:c4:c0:15:
                    70:28:cd:38:c9:c3:84:91:8e:59:b6:d0:77:3f:ce:
                    d6:95:a5:ca:57:95:47:6e:74:2a:33:db:9e:03:d1:
                    44:c3:27:99:fd:65:64:53:77:55:76:17:8c:a5:86:
                    a7:50:82:a7:ad:46:81:58:d0:e2:2c:17:a3:64:fd:
                    47:f4:c3:86:d2:70:00:c5:b4:21:5c:f4:56:e2:06:
                    d6:d2:6b:82:de:cb:d2:05:d9:93:2e:68:e9:ef:9a:
                    e6:d9:17:51:2c:87:3f:c7:f8:93:20:f6:32:c9:c5:
                    4b:c7:94:91:05:fb:19:85:11:fc:e3:df:5f:0b:ac:
                    cc:6f:9e:29:5f:18:c4:11:3a:68:e5:55:c3:1b:92:
                    d1:21:f8:d4:08:c0:bd:b7:c7:cd:3b:ca:86:94:a5:
                    7e:32:bf:21:de:d2:63:05:96:6b:e7:8c:68:ad:b1:
                    70:47:bf:6e:62:b2:e3:1b:fb:ec:4b:d3:c4:f3:86:
                    b9:37:0b:40:75:a7:9f:47:84:86:f9:fe:5a:34:f2:
                    1b:cd:8b:22:45:af:f4:f2:a0:33:f2:a2:40:50:6d:
                    53:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:40:DD:23:5E:C2:A6:A5:1B:C3:5C:79:7A:67:77:35:8F:39:F8:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/25155f0e-306e-4adb-8e5e-8f1ee87796e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:b9:ee:d6:5f:1f:68:cd:08:e0:9f:f9:fd:2f:10:e4:e2:30:
         47:d2:6a:8d:7a:97:64:e7:df:ef:32:bc:0b:2e:7a:4c:31:e1:
         77:93:89:50:e0:6c:07:d7:67:51:5b:b7:62:ad:30:30:5b:60:
         ab:ae:26:a2:b9:30:ff:6d:e8:55:40:bc:7a:87:fb:eb:f7:48:
         1a:91:d1:2e:59:cf:fc:af:24:8a:f1:43:bf:56:9a:94:88:a9:
         b9:63:f4:81:d3:2d:de:4d:65:67:28:88:f8:36:5f:8c:30:b8:
         69:29:77:30:6f:96:ae:f8:2e:29:e2:a3:52:9a:f9:98:26:b8:
         13:0c:0b:bd:75:96:9c:bc:16:75:bc:08:de:73:26:5a:cc:11:
         31:b5:e6:f5:95:6c:1c:bc:db:ca:f9:09:f2:c3:fc:47:bc:a6:
         b8:1f:f2:57:3a:a8:b3:0f:53:4d:f4:2b:0b:1c:6b:84:9a:c4:
         33:1c:94:1a:0a:9e:62:a6:97:f6:77:5f:5e:1b:f9:73:bb:1a:
         30:20:a7:67:19:da:63:32:ed:6e:1c:8a:ca:76:9b:44:a0:22:
         f6:38:24:35:38:91:ab:1f:0d:3f:22:b5:13:a2:51:b7:ad:55:
         2d:99:77:e8:5c:0a:17:db:c9:43:43:a6:0f:69:f8:ba:57:79:
         56:26:f7:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbq/F+xhH3NsUgZN2sBN3j38UDU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTcxMDM5WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2I0OWNmNDdhZjA1NDY0ZmRmNmJkZDlhZDI4MTZhNWIz
YjgxM2JhYmY1OWRiYjliY2U3MDBlYzI1Y2U1YjhkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTTwnJFKY6xz0xF3/JtrnPST9W0yZBkispVmeFBySJc3OO
Szo085HZWcTAFXAozTjJw4SRjlm20Hc/ztaVpcpXlUdudCoz254D0UTDJ5n9ZWRT
d1V2F4ylhqdQgqetRoFY0OIsF6Nk/Uf0w4bScADFtCFc9FbiBtbSa4Ley9IF2ZMu
aOnvmubZF1Eshz/H+JMg9jLJxUvHlJEF+xmFEfzj318LrMxvnilfGMQROmjlVcMb
ktEh+NQIwL23x807yoaUpX4yvyHe0mMFlmvnjGitsXBHv25isuMb++xL08Tzhrk3
C0B1p59HhIb5/lo08hvNiyJFr/TyoDPyokBQbVP/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3EDdI17CpqUbw1x5emd3NY85+PUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1MTU1ZjBlLTMwNmUtNGFkYi04ZTVlLThmMWVlODc3OTZlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUQwDQYJKoZIhvcNAQELBQADggEBAGK57tZfH2jNCOCf+f0vEOTiMEfS
ao16l2Tn3+8yvAsuekwx4XeTiVDgbAfXZ1Fbt2KtMDBbYKuuJqK5MP9t6FVAvHqH
++v3SBqR0S5Zz/yvJIrxQ79WmpSIqblj9IHTLd5NZWcoiPg2X4wwuGkpdzBvlq74
Linio1Ka+ZgmuBMMC711lpy8FnW8CN5zJlrMETG15vWVbBy828r5CfLD/Ee8prgf
8lc6qLMPU030Kwsca4SaxDMclBoKnmKml/Z3X14b+XO7GjAgp2cZ2mMy7W4cisp2
m0SgIvY4JDU4kasfDT8itROiUbetVS2Zd+hcChfbyUNDpg9p+LpXeVYm98w=
-----END CERTIFICATE-----