Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa
File:                     2651bd32-be0e-47db-b5f3-aa5e30add0da.roa (raw, json)
Hash identifier:          wbCi+0ciHRIwjyPQsV+7kkZzR9kiutpxTzfaqMpwjQA=
Subject key identifier:   98:D7:29:85:20:34:0B:D4:F8:19:12:6D:55:CE:69:A5:25:2C:19:F3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17FE702EF18178695E15D503CCCCB45C9DA447A1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa
Signing time:             Mon 10 Mar 2025 15:01:31 +0000
ROA not before:           Mon 10 Mar 2025 15:01:31 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.143.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:fe:70:2e:f1:81:78:69:5e:15:d5:03:cc:cc:b4:5c:9d:a4:47:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:01:31 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5d:1d:8b:69:9f:87:28:a7:c1:51:2a:ed:36:
                    06:d9:68:0b:1d:84:ac:d0:18:b2:0b:7a:3d:92:bb:
                    35:ec:d4:f4:0b:25:44:67:fe:20:bd:40:f5:da:4c:
                    56:c0:3a:61:ac:3c:dd:0c:98:ef:29:1c:ae:30:75:
                    11:fe:7e:ff:5e:92:08:83:69:63:cb:d5:bf:a5:4b:
                    66:47:7a:63:42:d4:d3:b5:b6:8c:a6:05:74:46:1a:
                    a7:08:0c:15:7a:08:fd:55:72:ed:a5:31:91:65:06:
                    ab:26:3d:fe:17:e0:93:34:eb:c4:c1:73:27:51:bb:
                    3c:98:b5:e8:b6:d7:6a:17:d5:31:57:c5:b9:58:0d:
                    a6:60:a9:35:fc:4d:9f:a0:1c:99:b1:0a:ba:17:c7:
                    d8:30:29:fa:85:91:d1:2d:83:80:fb:05:b2:49:8c:
                    9c:a2:22:6f:0c:6d:7d:94:89:90:3e:78:98:12:31:
                    f4:d7:a3:83:41:61:7b:5c:4e:86:fd:42:77:07:8b:
                    23:b1:9f:db:19:89:8e:3d:35:21:1b:d0:de:e0:9e:
                    30:03:d3:da:fb:a1:0e:36:86:87:7c:ba:76:00:1d:
                    d4:5c:5c:97:b9:06:81:fa:a3:54:31:35:0d:c3:6f:
                    a6:d1:24:7c:1a:b3:4c:97:0e:70:fd:63:43:df:18:
                    9a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D7:29:85:20:34:0B:D4:F8:19:12:6D:55:CE:69:A5:25:2C:19:F3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.143.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         d5:dc:ea:da:ce:a4:47:07:2b:41:82:02:27:80:9e:e5:8a:97:
         23:9a:d8:40:6c:4a:53:91:97:4a:16:b5:21:25:3c:3a:ac:6b:
         90:1c:92:77:d9:e5:6f:f5:30:da:22:d3:e6:d8:7b:cc:31:a0:
         be:99:37:d8:d2:f0:9d:b6:cb:60:8d:0a:47:2c:e6:dd:e7:7d:
         aa:f0:ac:22:7b:82:f8:ed:74:94:f6:e4:4d:96:88:5c:e0:28:
         6f:70:4e:7d:22:fe:86:cb:7d:b9:cf:01:68:62:a7:af:fb:5e:
         9a:9d:cb:50:27:c5:42:54:fc:0d:b9:77:65:33:60:8e:af:43:
         98:09:3a:b4:a5:4a:46:e7:07:3c:e2:27:65:c0:fe:c8:cf:f4:
         a7:d7:01:f9:eb:e3:ae:86:5a:80:2d:52:f5:1c:52:11:87:96:
         ef:aa:89:22:df:19:62:f3:62:76:52:6a:53:be:47:06:23:bf:
         e4:1b:b7:11:08:19:91:95:eb:b8:65:5f:db:39:52:73:7a:94:
         93:b8:92:57:e9:16:50:c9:6c:5d:db:1d:53:3d:ba:65:f8:5c:
         12:5c:7f:0e:0e:b1:7b:06:7b:48:e3:cc:b5:d2:45:8c:40:ff:
         65:26:ba:b7:e2:64:11:5a:77:84:20:ed:d6:fb:14:cc:f2:fe:
         e5:fb:af:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF/5wLvGBeGleFdUDzMy0XJ2kR6EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUwMTMxWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzNkYjFiYmVmNDM4YzM0NzBhODZhZDNmYWQwZTRlYzlk
YWRhZTU4YThkYmM0YWYwYzUwNTAwMWJjMmJmMmY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrXR2LaZ+HKKfBUSrtNgbZaAsdhKzQGLILej2SuzXs1PQL
JURn/iC9QPXaTFbAOmGsPN0MmO8pHK4wdRH+fv9ekgiDaWPL1b+lS2ZHemNC1NO1
toymBXRGGqcIDBV6CP1Vcu2lMZFlBqsmPf4X4JM068TBcydRuzyYtei212oX1TFX
xblYDaZgqTX8TZ+gHJmxCroXx9gwKfqFkdEtg4D7BbJJjJyiIm8MbX2UiZA+eJgS
MfTXo4NBYXtcTob9QncHiyOxn9sZiY49NSEb0N7gnjAD09r7oQ42hod8unYAHdRc
XJe5BoH6o1QxNQ3Db6bRJHwas0yXDnD9Y0PfGJopAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmNcphSA0C9T4GRJtVc5ppSUsGfMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2NTFiZDMyLWJlMGUtNDdkYi1iNWYzLWFhNWUzMGFkZDBkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIjwAwDQYJKoZIhvcNAQELBQADggEBANXc6trOpEcHK0GCAieAnuWKlyOa
2EBsSlORl0oWtSElPDqsa5AcknfZ5W/1MNoi0+bYe8wxoL6ZN9jS8J22y2CNCkcs
5t3nfarwrCJ7gvjtdJT25E2WiFzgKG9wTn0i/obLfbnPAWhip6/7Xpqdy1AnxUJU
/A25d2UzYI6vQ5gJOrSlSkbnBzziJ2XA/sjP9KfXAfnr466GWoAtUvUcUhGHlu+q
iSLfGWLzYnZSalO+RwYjv+QbtxEIGZGV67hlX9s5UnN6lJO4klfpFlDJbF3bHVM9
umX4XBJcfw4OsXsGe0jjzLXSRYxA/2UmurfiZBFad4Qg7db7FMzy/uX7r7k=
-----END CERTIFICATE-----