Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34ca87d7-ed62-4445-a114-bd33a654a75d.roa
File:                     34ca87d7-ed62-4445-a114-bd33a654a75d.roa (raw, json)
Hash identifier:          7ISW2ww+EQEcTQ3FByfCuNFFnMwUdXBZy0WeoYfb1bY=
Subject key identifier:   C8:3F:62:21:2A:33:4E:BF:D2:63:7C:62:18:90:5B:61:49:EE:C4:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       08155DF6F7EA019AC23ED4AF935AD17395EBF92A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34ca87d7-ed62-4445-a114-bd33a654a75d.roa
Signing time:             Fri 14 Mar 2025 00:31:24 +0000
ROA not before:           Fri 14 Mar 2025 00:31:24 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.229.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:15:5d:f6:f7:ea:01:9a:c2:3e:d4:af:93:5a:d1:73:95:eb:f9:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:31:24 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:12:87:c1:02:6f:2a:f1:ad:e1:8e:64:c2:ae:
                    34:3c:22:85:1c:95:c2:54:00:93:ad:9d:0a:48:30:
                    15:8e:66:69:43:95:0d:63:6b:78:57:9f:8d:d4:77:
                    18:e7:ab:ce:36:6d:bc:c6:89:b3:d3:03:0e:db:f2:
                    8f:12:3a:51:ca:93:51:0f:b9:dc:4d:06:cf:52:15:
                    c9:07:82:8e:a3:3d:fe:19:5c:2f:b5:60:d3:f5:05:
                    68:a9:93:21:34:69:33:28:61:5f:2b:77:c2:2e:6c:
                    ba:7b:ab:68:c6:49:dc:6a:6c:79:58:03:27:3d:9e:
                    8a:ab:9a:fb:ba:05:93:02:8f:85:c1:75:b2:d9:09:
                    b8:01:25:f8:ea:7c:8d:e3:6f:52:43:f3:ca:a1:26:
                    60:0f:33:be:e2:4e:be:84:43:7e:a7:e9:e4:0d:ae:
                    0d:cd:77:76:76:a2:9e:d4:56:2c:c6:e9:e9:28:7a:
                    84:db:17:0f:4b:19:96:49:f2:b2:b3:2e:11:48:00:
                    f6:e1:29:ce:6c:d1:5e:c4:fd:a3:f3:0b:a1:b8:2a:
                    7c:f9:6a:a4:c7:68:c0:3a:d9:2d:85:59:58:7f:dd:
                    cc:62:f2:aa:f5:42:cc:fb:c2:ce:43:5f:60:11:13:
                    05:7e:15:72:89:63:bb:83:ce:6d:5d:8d:68:c4:ba:
                    c6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3F:62:21:2A:33:4E:BF:D2:63:7C:62:18:90:5B:61:49:EE:C4:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34ca87d7-ed62-4445-a114-bd33a654a75d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ad:de:55:4c:d6:8a:15:f0:69:d0:5c:24:aa:53:08:a8:c1:3b:
         a3:ec:be:54:21:76:42:7d:a9:ad:23:01:c7:16:ec:ac:07:50:
         f3:42:2e:11:71:2e:cd:30:f3:b7:e7:d0:6b:dd:d5:10:9d:53:
         21:fe:d6:9a:db:55:82:af:9f:28:13:26:d8:db:75:83:bf:83:
         ad:5d:36:67:cc:4f:36:a3:e9:b1:31:bb:5d:cc:0a:bc:72:c8:
         02:61:6b:67:2d:a6:c5:a2:b9:16:6f:5e:a2:ab:03:b0:18:f8:
         c4:1e:7b:52:e9:d1:b4:58:2f:ca:0f:eb:ed:e6:d3:1e:68:03:
         79:88:0f:a3:fa:3b:f1:99:a5:be:f4:72:44:1b:75:e1:8f:0d:
         d7:77:74:be:85:13:2c:84:8e:84:33:be:68:ec:dc:00:3f:6c:
         24:98:43:c2:8a:75:34:ba:52:22:07:ac:aa:91:9c:28:5b:be:
         11:74:1d:a6:e8:21:95:90:b9:ae:df:c1:70:5a:54:2b:9a:ad:
         b7:fe:fe:55:78:48:ad:7b:fa:46:e6:72:ae:a7:d7:db:82:60:
         5f:15:06:17:01:2b:56:97:7a:3f:71:85:e9:26:c6:b1:45:b0:
         35:1f:43:f0:0d:36:22:dd:bb:ce:6e:5b:f2:43:90:98:fd:cb:
         5e:76:cb:39
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCBVd9vfqAZrCPtSvk1rRc5Xr+SowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAzMTI0WhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOThmM2E4YTVjZjY4M2FjMTc3MjhmNDE4MzdiNjQ1YzM3
OThmN2U5MzY5NjAxYzM5YmQ4NTgyOGY0NGNjZmNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoEofBAm8q8a3hjmTCrjQ8IoUclcJUAJOtnQpIMBWOZmlD
lQ1ja3hXn43Udxjnq842bbzGibPTAw7b8o8SOlHKk1EPudxNBs9SFckHgo6jPf4Z
XC+1YNP1BWipkyE0aTMoYV8rd8IubLp7q2jGSdxqbHlYAyc9noqrmvu6BZMCj4XB
dbLZCbgBJfjqfI3jb1JD88qhJmAPM77iTr6EQ36n6eQNrg3Nd3Z2op7UVizG6eko
eoTbFw9LGZZJ8rKzLhFIAPbhKc5s0V7E/aPzC6G4Knz5aqTHaMA62S2FWVh/3cxi
8qr1Qsz7ws5DX2AREwV+FXKJY7uDzm1djWjEusYpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyD9iISozTr/SY3xiGJBbYUnuxJYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0Y2E4N2Q3LWVkNjItNDQ0NS1hMTE0LWJkMzNhNjU0YTc1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA45TANBgkqhkiG9w0BAQsFAAOCAQEArd5VTNaKFfBp0FwkqlMIqME7o+y+
VCF2Qn2prSMBxxbsrAdQ80IuEXEuzTDzt+fQa93VEJ1TIf7WmttVgq+fKBMm2Nt1
g7+DrV02Z8xPNqPpsTG7XcwKvHLIAmFrZy2mxaK5Fm9eoqsDsBj4xB57UunRtFgv
yg/r7ebTHmgDeYgPo/o78ZmlvvRyRBt14Y8N13d0voUTLISOhDO+aOzcAD9sJJhD
wop1NLpSIgesqpGcKFu+EXQdpughlZC5rt/BcFpUK5qtt/7+VXhIrXv6RuZyrqfX
24JgXxUGFwErVpd6P3GF6SbGsUWwNR9D8A02It27zm5b8kOQmP3LXnbLOQ==
-----END CERTIFICATE-----