Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa
File:                     38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa (raw, json)
Hash identifier:          tVzQ+CviOi4qdqELKEM74vJM736eGn/kdiMIqOtPoLU=
Subject key identifier:   43:E1:DE:4D:17:6E:1D:1A:15:88:49:28:31:78:36:26:0A:BB:6E:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21B0DADBDF201C7F769E2E2E44A060948675168E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa
Signing time:             Tue 04 Mar 2025 17:51:09 +0000
ROA not before:           Tue 04 Mar 2025 17:51:09 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        86.112.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b0:da:db:df:20:1c:7f:76:9e:2e:2e:44:a0:60:94:86:75:16:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:51:09 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7a:cb:9e:c6:6c:b6:c8:60:6f:c3:df:92:98:
                    99:30:ae:e0:27:3c:26:8d:e2:c1:a4:fd:e1:80:1e:
                    55:df:3b:1b:81:86:aa:1f:76:28:38:d7:ae:8a:2c:
                    c3:b6:35:ef:bf:08:a6:e4:b8:22:ea:d3:18:a7:06:
                    25:73:a2:d2:97:11:d8:ce:c0:1b:8c:51:ba:e4:05:
                    3d:df:3c:4d:ed:4a:21:3c:17:cb:12:27:00:0c:6c:
                    62:3f:68:72:0a:a5:e2:3f:c3:e0:6a:30:b3:91:9f:
                    f9:4f:40:ea:c3:21:28:e6:eb:eb:a4:7a:c6:5c:a6:
                    22:b9:2b:d3:c2:b0:b8:80:da:86:6f:44:4c:33:db:
                    75:d3:ae:66:42:33:6d:4d:ec:d6:9f:79:24:21:45:
                    36:e9:fa:68:93:fd:35:9b:40:13:34:32:c0:4a:1b:
                    fe:0a:c7:fb:48:43:f4:89:de:d8:fc:5c:2b:29:31:
                    64:5f:50:69:c3:0d:b5:5c:2c:59:a4:db:c8:9e:9b:
                    50:9f:1e:b7:8c:9e:27:d2:98:5e:c7:09:ff:d2:6a:
                    8b:ec:3f:f0:17:18:86:a7:83:b4:c2:cb:ee:6a:84:
                    09:48:4a:6b:26:e5:6b:15:c0:29:9e:21:89:78:90:
                    e8:ca:c9:fd:e6:83:40:f3:40:a9:a4:22:59:94:a8:
                    06:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E1:DE:4D:17:6E:1D:1A:15:88:49:28:31:78:36:26:0A:BB:6E:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.112.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         6a:cb:cb:ca:30:36:9d:b4:0b:c0:ac:81:cc:1b:19:44:1c:88:
         79:ed:e1:7c:7e:fa:be:6f:d1:ae:ed:b3:a7:0a:bc:98:33:90:
         3d:90:4a:72:5d:0a:49:5f:49:5d:7b:c9:01:4b:8a:f4:ba:39:
         5e:35:91:85:c4:14:72:41:22:b7:3a:9d:e3:e9:b7:76:11:41:
         c2:9b:26:82:a2:3f:f3:83:d3:51:ed:f3:6c:6a:9d:f8:57:18:
         52:92:4c:e7:f4:8a:79:63:d3:8a:b0:41:d8:c3:92:52:20:26:
         a5:5a:6e:c5:81:b9:7a:c6:67:eb:d2:76:42:64:5e:a3:d5:1a:
         cc:0f:92:3f:cc:0d:95:6f:ac:47:6a:24:4a:03:8b:45:6d:d4:
         de:f0:25:de:61:85:e9:47:d5:49:ba:d9:ae:a0:a7:ae:bf:c5:
         32:ae:f3:bf:15:de:71:2a:fc:e7:b7:aa:f5:88:e4:e1:cc:3c:
         e6:3e:f9:11:2d:52:57:a1:25:47:14:f1:d6:c4:bd:0d:31:07:
         83:cd:01:3d:c1:eb:81:1c:94:92:c2:2e:7d:16:93:aa:9a:39:
         c9:b7:2d:ce:38:12:d4:b0:cc:60:42:2d:f5:c2:29:7b:7c:f3:
         ae:51:7a:67:4f:4d:71:da:8f:bd:34:a8:c6:9e:6c:6a:94:ce:
         e5:b0:59:4e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIbDa298gHH92ni4uRKBglIZ1Fo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTc1MTA5WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMDU2MDY3ZmUzMjVjOTY1NGJjMmNjNDEzOGIzMWMwZjBi
YjQ2NjY3NjU0N2MzZTdhMDI4YWU5Y2VlZjU3MDY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKesuexmy2yGBvw9+SmJkwruAnPCaN4sGk/eGAHlXfOxuB
hqofdig4166KLMO2Ne+/CKbkuCLq0xinBiVzotKXEdjOwBuMUbrkBT3fPE3tSiE8
F8sSJwAMbGI/aHIKpeI/w+BqMLORn/lPQOrDISjm6+ukesZcpiK5K9PCsLiA2oZv
REwz23XTrmZCM21N7NafeSQhRTbp+miT/TWbQBM0MsBKG/4Kx/tIQ/SJ3tj8XCsp
MWRfUGnDDbVcLFmk28iem1CfHreMnifSmF7HCf/SaovsP/AXGIang7TCy+5qhAlI
Smsm5WsVwCmeIYl4kOjKyf3mg0DzQKmkIlmUqAbZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQ+HeTRduHRoViEkoMXg2Jgq7bgwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4YmMxZDlhLWRjMGEtNDU1Ny04ZjBjLTQ1ZGYwYzM5MjUxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFWcDANBgkqhkiG9w0BAQsFAAOCAQEAasvLyjA2nbQLwKyBzBsZRByIee3h
fH76vm/Rru2zpwq8mDOQPZBKcl0KSV9JXXvJAUuK9Lo5XjWRhcQUckEitzqd4+m3
dhFBwpsmgqI/84PTUe3zbGqd+FcYUpJM5/SKeWPTirBB2MOSUiAmpVpuxYG5esZn
69J2QmReo9UazA+SP8wNlW+sR2okSgOLRW3U3vAl3mGF6UfVSbrZrqCnrr/FMq7z
vxXecSr857eq9Yjk4cw85j75ES1SV6ElRxTx1sS9DTEHg80BPcHrgRyUksIufRaT
qpo5ybctzjgS1LDMYEIt9cIpe3zzrlF6Z09NcdqPvTSoxp5sapTO5bBZTg==
-----END CERTIFICATE-----