Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c9c5c08-7b7e-4bf3-815e-35f9962ced9e.roa
File:                     2c9c5c08-7b7e-4bf3-815e-35f9962ced9e.roa (raw, json)
Hash identifier:          kkRK0y2TSj36TyEFawU8Wc+NjqwcRM/PjKVpIQF0VAg=
Subject key identifier:   3E:6E:92:63:77:5C:2F:6D:1A:AF:D9:71:B3:FA:58:88:C6:DB:7C:3A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7204B6AC8EE254274162A8C43753203E2E405882
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c9c5c08-7b7e-4bf3-815e-35f9962ced9e.roa
Signing time:             Sat 08 Mar 2025 00:20:33 +0000
ROA not before:           Sat 08 Mar 2025 00:20:33 +0000
ROA not after:            Sat 12 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        95.69.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:04:b6:ac:8e:e2:54:27:41:62:a8:c4:37:53:20:3e:2e:40:58:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  8 00:20:33 2025 GMT
            Not After : Apr 12 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2c:cd:f6:a2:5a:01:2b:cd:c2:92:c2:f0:72:
                    07:47:20:3b:f4:b9:29:98:02:9f:a0:be:fd:4f:47:
                    17:4b:a5:44:44:04:3f:52:4e:eb:66:73:b3:c1:a6:
                    a9:a1:2f:24:35:57:53:85:9f:45:1a:65:7f:10:49:
                    c7:e8:d9:3a:5b:ed:53:31:a8:d1:fa:24:fd:8e:34:
                    b9:51:88:ea:39:9e:78:77:74:db:1f:12:d9:fe:8c:
                    1d:01:07:04:e7:a3:61:1f:01:0d:0d:4b:0d:76:2d:
                    74:99:b9:7e:85:6e:bf:c7:a0:1c:b8:f4:38:40:2d:
                    56:36:0e:fb:bc:32:89:49:95:78:9e:20:4d:b1:c2:
                    b9:67:eb:6a:b7:ef:3a:88:14:c7:68:7e:2c:ad:6c:
                    14:eb:f3:70:6b:a8:5b:90:25:e2:a8:11:a2:90:dc:
                    95:cb:fb:96:a0:87:70:92:f1:29:9f:1f:55:c6:a2:
                    88:b3:85:2f:5a:7e:fe:ed:13:0f:fb:da:bd:de:45:
                    9f:36:58:30:98:1e:34:d8:45:15:49:72:23:52:26:
                    81:fb:61:28:c4:88:40:19:86:67:b2:64:58:1a:9d:
                    73:c0:a2:58:67:ff:57:47:94:90:7b:a5:99:c5:bc:
                    ca:9e:24:ee:90:cd:39:76:03:64:6f:03:38:d4:8d:
                    f6:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:6E:92:63:77:5C:2F:6D:1A:AF:D9:71:B3:FA:58:88:C6:DB:7C:3A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c9c5c08-7b7e-4bf3-815e-35f9962ced9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.69.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         43:d4:f9:ab:66:af:2c:34:9c:9d:0a:e5:68:de:1f:3d:01:af:
         97:ee:91:c6:c6:c3:04:2e:c4:cd:85:f2:e2:3d:f9:e1:b4:d8:
         7b:e7:91:f0:91:55:bd:d8:e7:76:83:f0:ca:a5:ff:f8:38:4c:
         a8:f1:69:6b:cc:97:57:25:3b:9a:51:39:59:dc:82:37:dc:7f:
         41:87:cc:c7:9d:73:8a:43:a9:c3:93:48:82:61:f4:90:65:3f:
         24:53:f5:f4:e2:f9:92:5c:37:ca:53:da:e9:d4:54:8a:37:72:
         c0:c2:25:80:83:b8:f4:97:79:bf:fd:15:bf:e8:82:32:b3:c4:
         27:c4:10:7f:ec:93:7a:dc:41:3c:1c:7c:ac:56:a9:10:a4:63:
         2d:1e:da:6a:5b:8c:4b:82:0d:bc:c4:d0:22:bf:9d:6e:40:f7:
         b3:6a:39:7f:a0:3e:f3:2d:72:cf:5d:8d:b8:bd:c3:00:a5:77:
         a5:58:4a:95:df:2a:6b:6c:fe:0a:85:15:fb:ae:be:7c:02:80:
         f1:dd:b3:3d:9b:1b:c8:b6:3e:d8:88:6e:d6:e7:e2:38:79:f4:
         1b:95:89:80:57:42:72:06:8b:87:28:08:67:eb:be:9f:56:fc:
         c8:02:65:3c:94:80:2e:00:ee:9b:84:d5:b3:4c:79:8e:7f:90:
         51:07:68:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcgS2rI7iVCdBYqjEN1MgPi5AWIIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA4MDAyMDMzWhcNMjUwNDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzY1NzcyYmZkNWYwYzZkNTdlODE5M2Q5Mzk3N2Q4MGUy
ODljNThjYTRlYTM2NDA0MjQ3MjcwN2Y0MGQ1MGViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXLM32oloBK83CksLwcgdHIDv0uSmYAp+gvv1PRxdLpURE
BD9STutmc7PBpqmhLyQ1V1OFn0UaZX8QScfo2Tpb7VMxqNH6JP2ONLlRiOo5nnh3
dNsfEtn+jB0BBwTno2EfAQ0NSw12LXSZuX6Fbr/HoBy49DhALVY2Dvu8MolJlXie
IE2xwrln62q37zqIFMdofiytbBTr83BrqFuQJeKoEaKQ3JXL+5agh3CS8SmfH1XG
ooizhS9afv7tEw/72r3eRZ82WDCYHjTYRRVJciNSJoH7YSjEiEAZhmeyZFganXPA
olhn/1dHlJB7pZnFvMqeJO6QzTl2A2RvAzjUjfa5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPm6SY3dcL20ar9lxs/pYiMbbfDowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjOWM1YzA4LTdiN2UtNGJmMy04MTVlLTM1Zjk5NjJjZWQ5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdfRYAwDQYJKoZIhvcNAQELBQADggEBAEPU+atmryw0nJ0K5WjeHz0Br5fu
kcbGwwQuxM2F8uI9+eG02HvnkfCRVb3Y53aD8Mql//g4TKjxaWvMl1clO5pROVnc
gjfcf0GHzMedc4pDqcOTSIJh9JBlPyRT9fTi+ZJcN8pT2unUVIo3csDCJYCDuPSX
eb/9Fb/ogjKzxCfEEH/sk3rcQTwcfKxWqRCkYy0e2mpbjEuCDbzE0CK/nW5A97Nq
OX+gPvMtcs9djbi9wwCld6VYSpXfKmts/gqFFfuuvnwCgPHdsz2bG8i2PtiIbtbn
4jh59BuViYBXQnIGi4coCGfrvp9W/MgCZTyUgC4A7puE1bNMeY5/kFEHaJI=
-----END CERTIFICATE-----