Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2fcfdeea-70f8-42a9-a49e-446a3af72d8c.roa
File:                     2fcfdeea-70f8-42a9-a49e-446a3af72d8c.roa (raw, json)
Hash identifier:          S254BVSS5OqGHY1uAAW9BlE2tQsK9kUwm/z5g800FKM=
Subject key identifier:   A0:08:75:F8:BF:72:07:F4:3E:F8:8B:B4:3F:28:5C:7A:02:05:32:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C92F90B710633B7CAD73AA14819C817DF1F2A6F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2fcfdeea-70f8-42a9-a49e-446a3af72d8c.roa
Signing time:             Wed 05 Mar 2025 00:21:24 +0000
ROA not before:           Wed 05 Mar 2025 00:21:24 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.13.0.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:92:f9:0b:71:06:33:b7:ca:d7:3a:a1:48:19:c8:17:df:1f:2a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  5 00:21:24 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:19:dd:b3:af:bb:fa:02:24:34:4e:59:d0:7f:
                    c3:cd:32:20:d7:7d:16:4b:e9:82:c2:a7:6f:9e:c7:
                    98:46:d7:dc:87:fb:94:d3:36:15:84:84:dd:83:f9:
                    83:76:1a:35:da:02:06:92:f6:db:c5:76:67:6f:c6:
                    63:68:a8:d2:d4:6e:41:4f:82:c8:d4:e4:44:d9:7e:
                    6b:86:25:b3:f8:e3:d4:d2:f1:8e:62:11:48:f6:da:
                    82:e7:34:53:ca:f9:dd:c9:d3:64:a9:0f:1b:8a:72:
                    31:de:75:f5:54:1e:97:27:6d:c6:d6:ee:9c:f3:1c:
                    bd:b1:a3:f4:45:a7:91:95:e5:2f:b8:5c:1b:6d:6a:
                    48:c3:69:32:16:47:14:4b:6b:4c:b1:83:9c:4f:1e:
                    e8:97:83:35:86:01:5e:ca:a1:35:68:89:18:ed:94:
                    76:8a:7e:d7:35:fa:82:f0:b5:55:7e:bd:45:75:92:
                    30:c2:c8:d3:02:83:76:2c:d2:1d:39:03:15:05:ec:
                    56:f6:c3:8c:c0:d1:8a:09:10:86:96:2b:86:60:15:
                    42:c2:ef:17:c3:24:0a:eb:59:fa:54:5f:85:39:fe:
                    30:fe:a0:24:19:59:94:2e:09:1b:48:a8:3d:bb:0f:
                    ed:aa:a6:71:b5:b9:b6:9d:16:39:6e:5b:3c:a0:b3:
                    55:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:08:75:F8:BF:72:07:F4:3E:F8:8B:B4:3F:28:5C:7A:02:05:32:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2fcfdeea-70f8-42a9-a49e-446a3af72d8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.13.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d3:ef:95:c8:35:b7:0b:00:cb:e0:92:05:8e:ac:bf:e3:51:61:
         94:b1:c9:55:bb:f1:f7:db:7f:7b:c5:e9:3f:4b:4a:6f:dc:92:
         a7:06:89:a4:7e:9d:c1:ea:7a:4b:8c:44:8e:90:d3:13:36:21:
         f5:84:6f:c7:58:4f:10:73:0d:60:33:17:31:af:89:6f:70:b5:
         e8:b4:e9:a5:94:81:92:12:40:a0:53:93:82:53:32:b6:66:65:
         41:e6:64:14:98:21:76:7d:7e:96:62:c8:27:c6:c9:da:fa:74:
         1b:3a:f0:30:4d:19:ff:09:99:f8:bf:62:41:54:c5:16:e6:88:
         dd:02:fe:14:56:2a:f4:c2:e5:06:35:cb:30:c5:76:56:58:9d:
         8c:7f:95:50:70:7d:8d:c0:42:c8:81:a1:78:fc:44:56:87:85:
         08:e2:29:d5:b6:89:ec:97:66:47:17:a5:c9:9a:5c:6b:e6:65:
         57:c2:a7:69:c3:42:62:d8:86:df:73:7b:f2:3c:e4:b5:d2:63:
         35:58:4b:34:cb:c1:56:37:17:9f:06:77:76:0a:d6:e5:30:75:
         e6:44:29:13:78:06:ec:fd:6c:aa:b7:76:06:08:1e:1c:63:8b:
         64:e1:7c:e0:4b:89:9a:16:b6:7f:e0:28:67:a3:64:fc:30:b3:
         0c:37:d1:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPJL5C3EGM7fK1zqhSBnIF98fKm8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA1MDAyMTI0WhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGIyYTllZTJjOTAzZGNiZWI4YWM2ZDdlODM2NGI4OTE2
OTJkZGNkODgzOGFlMDNlMjliMmNkZDViZTQ3ZmIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmGd2zr7v6AiQ0TlnQf8PNMiDXfRZL6YLCp2+ex5hG19yH
+5TTNhWEhN2D+YN2GjXaAgaS9tvFdmdvxmNoqNLUbkFPgsjU5ETZfmuGJbP449TS
8Y5iEUj22oLnNFPK+d3J02SpDxuKcjHedfVUHpcnbcbW7pzzHL2xo/RFp5GV5S+4
XBttakjDaTIWRxRLa0yxg5xPHuiXgzWGAV7KoTVoiRjtlHaKftc1+oLwtVV+vUV1
kjDCyNMCg3Ys0h05AxUF7Fb2w4zA0YoJEIaWK4ZgFULC7xfDJArrWfpUX4U5/jD+
oCQZWZQuCRtIqD27D+2qpnG1ubadFjluWzygs1VpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoAh1+L9yB/Q++Iu0PyhcegIFMuIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmY2ZkZWVhLTcwZjgtNDJhOS1hNDllLTQ0NmEzYWY3MmQ4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATGDQAwDQYJKoZIhvcNAQELBQADggEBANPvlcg1twsAy+CSBY6sv+NRYZSx
yVW78ffbf3vF6T9LSm/ckqcGiaR+ncHqekuMRI6Q0xM2IfWEb8dYTxBzDWAzFzGv
iW9wtei06aWUgZISQKBTk4JTMrZmZUHmZBSYIXZ9fpZiyCfGydr6dBs68DBNGf8J
mfi/YkFUxRbmiN0C/hRWKvTC5QY1yzDFdlZYnYx/lVBwfY3AQsiBoXj8RFaHhQji
KdW2ieyXZkcXpcmaXGvmZVfCp2nDQmLYht9ze/I85LXSYzVYSzTLwVY3F58Gd3YK
1uUwdeZEKRN4Buz9bKq3dgYIHhxji2ThfOBLiZoWtn/gKGejZPwwsww30Uo=
-----END CERTIFICATE-----