Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9e8f4f-538b-40a7-8959-829f09f79955.roa
File:                     2f9e8f4f-538b-40a7-8959-829f09f79955.roa (raw, json)
Hash identifier:          pN0mUN2CJV5vfdD+9y+MCCnLIOPI3RTfZn46qVDl7Ik=
Subject key identifier:   87:F7:C0:33:81:A5:C4:FE:26:E4:95:FF:D9:8B:67:4F:24:67:4E:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CA286B0D13A6E726046957A7347F888A1AD687A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9e8f4f-538b-40a7-8959-829f09f79955.roa
Signing time:             Wed 26 Mar 2025 00:11:04 +0000
ROA not before:           Wed 26 Mar 2025 00:11:04 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.52.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:a2:86:b0:d1:3a:6e:72:60:46:95:7a:73:47:f8:88:a1:ad:68:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 26 00:11:04 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5e:fa:6c:e4:80:a3:d4:0f:11:ae:dc:ac:57:
                    10:cd:b5:c4:4c:1a:54:4b:8b:18:d3:37:79:88:17:
                    6e:af:ea:3d:a8:7c:81:2c:f1:01:96:f9:97:66:12:
                    55:42:5e:50:1a:6c:7f:8b:36:fc:13:35:60:c3:a7:
                    8d:e9:ac:29:17:43:4b:74:1f:36:bf:5d:66:f1:cd:
                    c1:38:09:d1:6c:1c:7f:a8:89:32:40:1e:3c:44:ff:
                    4e:3b:c6:d0:e2:da:20:eb:a9:0a:1f:59:67:31:69:
                    cf:59:2c:90:59:ee:dc:38:84:c7:a8:c8:6b:27:39:
                    23:ba:7c:b0:1b:bd:07:6d:23:fe:66:a2:26:c0:37:
                    32:44:72:ab:dd:17:90:41:04:34:28:3d:ce:53:44:
                    cb:58:a5:d0:3c:31:1c:50:07:70:d0:7f:d3:7a:90:
                    2e:88:a7:62:f6:db:e2:c3:dc:76:63:10:27:68:31:
                    28:7b:95:b3:2b:bf:cc:61:1b:82:c5:3b:0f:7b:36:
                    74:f9:65:a3:72:0c:7e:d2:a3:69:65:c7:66:ac:5e:
                    93:c1:bd:fd:e5:74:77:03:bb:6f:da:38:74:a8:ea:
                    2d:35:ea:42:36:3f:df:f0:14:4b:e3:b2:72:c3:d0:
                    46:2b:ba:30:36:a5:fb:e0:de:9f:b4:8a:0a:f4:fc:
                    7e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F7:C0:33:81:A5:C4:FE:26:E4:95:FF:D9:8B:67:4F:24:67:4E:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9e8f4f-538b-40a7-8959-829f09f79955.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.52.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9d:25:6f:75:71:44:08:78:ef:7b:45:b4:ed:ae:57:fb:d2:89:
         7b:8b:e3:5e:9c:28:b0:22:0b:9d:1e:be:11:a5:8f:81:20:30:
         45:16:7f:60:c5:63:2b:5b:ab:02:a6:86:c3:01:e5:08:d5:78:
         05:a3:63:1c:53:a7:d6:73:28:df:eb:18:81:15:d8:5f:69:01:
         a1:be:be:2c:3c:5c:50:81:d7:4c:c0:77:65:56:00:a6:f3:a5:
         f4:08:3f:2c:4e:ee:4e:7c:a3:8e:82:0b:6f:5d:f0:75:28:12:
         56:f5:9f:34:fe:a8:b9:1b:64:c3:8f:0a:9e:12:67:02:df:12:
         d6:ab:e9:86:1f:f5:e4:97:61:55:70:41:ba:bf:b7:f1:45:67:
         bf:80:3a:43:06:fb:aa:7e:de:8f:24:e9:92:1a:41:b2:f0:b5:
         43:0b:05:7b:1d:1d:3c:5d:0a:42:c4:9b:36:59:da:8f:80:45:
         6f:c3:0c:5a:70:8a:a8:53:98:26:2f:47:01:6b:d1:5f:5f:05:
         c8:3e:85:65:a3:b7:15:cc:0c:fe:d8:52:be:24:98:ab:ad:c0:
         9e:3a:c9:00:6b:af:a4:aa:fb:cf:b1:81:d6:90:79:38:e2:3e:
         bc:dd:a1:5b:79:67:55:25:5f:05:8d:1b:dd:e3:10:16:c1:89:
         6f:77:fc:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXKKGsNE6bnJgRpV6c0f4iKGtaHowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI2MDAxMTA0WhcNMjUwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDM2MmEzZDM4ZTAwNTU1ZTdmMzBkMWEyOGE4YmU1OGNh
MDRmNTczZGQ5YjFhMmI3MmEwNmRiNzQyODg2NGM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcXvps5ICj1A8RrtysVxDNtcRMGlRLixjTN3mIF26v6j2o
fIEs8QGW+ZdmElVCXlAabH+LNvwTNWDDp43prCkXQ0t0Hza/XWbxzcE4CdFsHH+o
iTJAHjxE/047xtDi2iDrqQofWWcxac9ZLJBZ7tw4hMeoyGsnOSO6fLAbvQdtI/5m
oibANzJEcqvdF5BBBDQoPc5TRMtYpdA8MRxQB3DQf9N6kC6Ip2L22+LD3HZjECdo
MSh7lbMrv8xhG4LFOw97NnT5ZaNyDH7So2llx2asXpPBvf3ldHcDu2/aOHSo6i01
6kI2P9/wFEvjsnLD0EYrujA2pfvg3p+0igr0/H55AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUh/fAM4GlxP4m5JX/2YtnTyRnToowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmOWU4ZjRmLTUzOGItNDBhNy04OTU5LTgyOWYwOWY3OTk1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNDANBgkqhkiG9w0BAQsFAAOCAQEAnSVvdXFECHjve0W07a5X+9KJe4vj
XpwosCILnR6+EaWPgSAwRRZ/YMVjK1urAqaGwwHlCNV4BaNjHFOn1nMo3+sYgRXY
X2kBob6+LDxcUIHXTMB3ZVYApvOl9Ag/LE7uTnyjjoILb13wdSgSVvWfNP6ouRtk
w48KnhJnAt8S1qvphh/15JdhVXBBur+38UVnv4A6Qwb7qn7ejyTpkhpBsvC1QwsF
ex0dPF0KQsSbNlnaj4BFb8MMWnCKqFOYJi9HAWvRX18FyD6FZaO3FcwM/thSviSY
q63AnjrJAGuvpKr7z7GB1pB5OOI+vN2hW3lnVSVfBY0b3eMQFsGJb3f8Lw==
-----END CERTIFICATE-----