Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa
File:                     3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa (raw, json)
Hash identifier:          FBhTfm8+/GaZBEJd4vqJhh72bnSauylQ/7L1eeNYp4k=
Subject key identifier:   BD:FC:8A:F9:5C:7E:1E:0A:4C:BD:06:B8:74:E9:C7:46:67:36:30:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75752A007B2336253F481CEA9B655EA466E2BBA3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa
Signing time:             Tue 04 Mar 2025 17:20:55 +0000
ROA not before:           Tue 04 Mar 2025 17:20:55 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.68.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:75:2a:00:7b:23:36:25:3f:48:1c:ea:9b:65:5e:a4:66:e2:bb:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:20:55 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:08:fc:6e:9c:02:08:61:ab:c7:65:f2:8d:46:
                    da:87:a7:00:41:84:0f:3f:6c:8f:54:96:a5:40:fe:
                    91:d6:65:3f:c2:22:55:1d:aa:bf:32:04:43:6c:b4:
                    3f:c8:a5:4b:c2:e8:d0:37:2f:37:5a:d2:ed:2c:b3:
                    fb:17:d9:59:19:c4:4e:ad:a2:b2:f5:01:92:1d:dc:
                    b4:30:07:0f:c5:22:31:c2:24:ef:94:0b:78:12:44:
                    a7:01:e2:bd:c5:5c:f3:f1:af:16:a6:a7:2b:ef:e7:
                    37:87:91:c0:cf:e6:01:f2:a5:ec:b5:2f:2e:9a:0a:
                    e7:3e:bc:91:f3:82:46:94:83:ec:93:a4:02:78:f4:
                    cc:b6:a6:b9:0d:8c:40:de:94:74:6e:4b:d5:0f:00:
                    00:c6:55:a4:ff:b1:57:e6:1b:97:19:86:78:39:05:
                    96:8c:e3:dd:4b:29:2d:1e:b8:53:c8:58:23:49:32:
                    39:f0:a8:17:cc:b9:bd:55:12:6b:19:8f:28:08:bd:
                    6d:e6:fe:aa:9f:92:43:e8:25:71:70:f8:ec:3d:a5:
                    d0:cb:2c:b0:e0:63:f0:19:ce:d1:de:4f:51:e6:f2:
                    57:23:bb:91:a1:a9:a0:42:0f:2a:38:9c:cf:88:9c:
                    27:ea:3e:86:9e:3a:e7:2f:d5:91:d5:24:72:c6:71:
                    d9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:FC:8A:F9:5C:7E:1E:0A:4C:BD:06:B8:74:E9:C7:46:67:36:30:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.68.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a0:e1:15:10:0c:8e:77:c4:48:2c:20:f2:5c:7f:8d:f6:c9:49:
         8a:80:fa:8b:03:5e:ce:00:88:ab:28:33:0c:52:a8:3a:d6:53:
         0e:6a:0a:7d:c7:f0:30:b3:50:1f:4e:d2:bc:ce:95:6c:c6:bc:
         dd:bf:f0:26:b0:b0:84:e9:93:39:da:e2:68:01:db:80:b0:0a:
         32:8c:cc:4d:dc:2b:b8:3f:2a:31:8b:0f:0b:3e:72:77:d6:75:
         b8:a3:a8:4d:c9:d0:d0:62:ae:46:2e:2e:40:a4:3d:f3:0a:66:
         5d:b7:d3:d2:1c:02:92:6f:03:de:03:50:70:b2:d0:ed:36:28:
         c4:38:ed:93:b7:c7:0c:4e:12:e6:ab:46:30:fe:1c:bc:09:8d:
         bb:9c:53:da:d4:e7:8e:fe:4f:00:69:d8:58:48:b4:48:ec:13:
         52:44:ae:27:a1:98:bc:45:87:a4:09:5e:2b:f6:3a:1d:cf:80:
         d2:eb:2f:67:e6:2b:96:e8:8a:f1:9a:94:34:f1:eb:4c:53:9f:
         fd:6a:30:5a:5c:f9:ae:27:b2:7a:f7:5c:e8:76:bb:f3:2a:dd:
         b2:ff:c9:81:03:d2:1a:ce:c8:cf:66:31:74:72:60:a0:ac:5e:
         8d:b2:66:6e:bf:34:68:89:b3:90:cf:b1:9d:eb:4a:d7:ec:16:
         f5:b5:a3:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdXUqAHsjNiU/SBzqm2VepGbiu6MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTcyMDU1WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDk1NTJmYTFiNzI3ZmMyNTgwMjQzMGI1Y2I0NjdlMDAx
NzJjZjUyODA4NmM4ODZjYjJlNDc0NzYxNjU3OWE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTCPxunAIIYavHZfKNRtqHpwBBhA8/bI9UlqVA/pHWZT/C
IlUdqr8yBENstD/IpUvC6NA3Lzda0u0ss/sX2VkZxE6torL1AZId3LQwBw/FIjHC
JO+UC3gSRKcB4r3FXPPxrxampyvv5zeHkcDP5gHypey1Ly6aCuc+vJHzgkaUg+yT
pAJ49My2prkNjEDelHRuS9UPAADGVaT/sVfmG5cZhng5BZaM491LKS0euFPIWCNJ
MjnwqBfMub1VEmsZjygIvW3m/qqfkkPoJXFw+Ow9pdDLLLDgY/AZztHeT1Hm8lcj
u5GhqaBCDyo4nM+InCfqPoaeOucv1ZHVJHLGcdkHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvfyK+Vx+HgpMvQa4dOnHRmc2MH8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiMWMwMjBkLTQxMzEtNDdmMC1hM2Y3LWIwNTU1Y2YwMjZlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc4RAAwDQYJKoZIhvcNAQELBQADggEBAKDhFRAMjnfESCwg8lx/jfbJSYqA
+osDXs4AiKsoMwxSqDrWUw5qCn3H8DCzUB9O0rzOlWzGvN2/8CawsITpkzna4mgB
24CwCjKMzE3cK7g/KjGLDws+cnfWdbijqE3J0NBirkYuLkCkPfMKZl2309IcApJv
A94DUHCy0O02KMQ47ZO3xwxOEuarRjD+HLwJjbucU9rU547+TwBp2FhItEjsE1JE
riehmLxFh6QJXiv2Oh3PgNLrL2fmK5boivGalDTx60xTn/1qMFpc+a4nsnr3XOh2
u/Mq3bL/yYED0hrOyM9mMXRyYKCsXo2yZm6/NGiJs5DPsZ3rStfsFvW1o9Q=
-----END CERTIFICATE-----