Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45396181-d099-460b-8475-8ec08021bd09.roa
File:                     45396181-d099-460b-8475-8ec08021bd09.roa (raw, json)
Hash identifier:          lY/Tkfis6/BTvWEEyfWlcDN0QDnhCBLzscK68p1wVxM=
Subject key identifier:   03:C4:03:36:47:A4:A1:33:9B:23:25:70:9D:A0:CE:D4:B3:22:23:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       757608F2C8D2507CEA90D81CA555AD964CAD86BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45396181-d099-460b-8475-8ec08021bd09.roa
Signing time:             Fri 28 Mar 2025 16:11:32 +0000
ROA not before:           Fri 28 Mar 2025 16:11:32 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.234.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:76:08:f2:c8:d2:50:7c:ea:90:d8:1c:a5:55:ad:96:4c:ad:86:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:11:32 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3c:f6:86:52:40:8d:ef:17:3f:f6:5c:a5:38:
                    86:78:ac:44:ad:a5:b5:25:6c:e2:8f:60:c9:fe:34:
                    83:c7:01:bf:10:24:91:38:4c:73:53:9d:7e:74:13:
                    a7:8a:89:1f:91:f1:b7:cc:6a:4d:8f:1c:07:74:16:
                    d1:c5:00:f5:d0:6c:8d:ec:bb:f5:c2:40:5e:58:93:
                    62:cc:16:ea:60:76:0a:09:ab:43:04:53:1c:dd:bc:
                    44:b1:f1:09:45:ab:c2:a1:4f:f6:be:31:52:7b:95:
                    bf:89:12:97:35:95:31:81:21:4c:0f:34:3b:c9:05:
                    54:bf:f6:3c:7f:59:41:6c:6e:a6:c9:db:4b:80:3c:
                    25:9d:b2:d2:01:d6:63:be:59:a4:72:37:a7:d0:0a:
                    78:15:ec:20:4a:d8:5e:31:01:da:f2:ee:4e:71:4a:
                    88:c5:20:a4:83:eb:ef:18:3d:38:69:20:89:d3:59:
                    21:57:97:ad:d2:58:77:85:ba:0d:0d:3d:8c:6d:89:
                    0f:1c:25:c0:7d:d1:0b:78:4d:31:01:01:a0:fc:42:
                    0c:d9:e2:c4:b7:eb:63:6e:24:fa:64:5e:39:e7:27:
                    4d:8a:d8:3b:8c:4f:06:79:c9:f5:c1:b7:03:a1:fa:
                    18:d0:3d:b7:2b:7e:5f:3d:f6:84:9e:18:70:ae:d4:
                    28:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C4:03:36:47:A4:A1:33:9B:23:25:70:9D:A0:CE:D4:B3:22:23:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45396181-d099-460b-8475-8ec08021bd09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.234.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         54:30:62:34:98:7b:bc:99:03:e5:b8:c8:a4:d3:6b:22:94:de:
         ab:1d:19:a5:ec:a1:60:7a:30:07:49:d6:6a:52:95:35:b8:64:
         17:6f:92:43:74:b6:09:d5:22:a0:e7:c2:4a:29:12:18:c2:73:
         6e:78:f5:c1:05:d1:9f:34:64:71:3c:60:c5:86:98:b0:1d:bf:
         8f:c1:13:b6:ba:c7:4e:b1:6b:7c:51:20:ea:40:bd:2a:66:ab:
         b6:cb:3c:2c:95:8d:6d:22:56:bc:e8:25:a1:cc:f0:65:a3:9e:
         a6:9a:c5:4c:1d:d5:90:78:9f:a1:9e:9d:d6:5a:ac:8a:1d:be:
         49:fa:dd:f6:10:e9:d2:14:68:68:0b:c7:16:0c:79:f8:14:7c:
         54:da:30:79:57:44:07:18:32:5e:d8:33:de:a6:b1:32:ef:d4:
         33:cf:38:ed:84:d4:40:12:7f:39:7a:95:dc:fd:cf:0c:1f:61:
         18:ba:b3:84:e7:da:34:9b:52:f7:bc:25:52:16:9d:62:68:ec:
         6a:5a:a8:ee:b8:53:3f:dc:98:a9:45:a6:ff:91:e7:1d:1a:de:
         ab:86:66:7e:21:5c:a2:2e:c6:73:b1:cb:b1:13:69:5c:d3:7e:
         06:9d:4e:ba:54:55:af:95:66:54:7e:38:62:fa:e0:4e:64:c0:
         10:fa:42:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdXYI8sjSUHzqkNgcpVWtlkythrswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYxMTMyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMzEyMGM3ZThlOWI3ZWI0N2I0OWY2OTBjNjQ1MjFkN2Vm
Y2I3ZGQ5MTI1ODI0YjRlMDRlOTQzNmZmMDU1MjM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvPPaGUkCN7xc/9lylOIZ4rEStpbUlbOKPYMn+NIPHAb8Q
JJE4THNTnX50E6eKiR+R8bfMak2PHAd0FtHFAPXQbI3su/XCQF5Yk2LMFupgdgoJ
q0MEUxzdvESx8QlFq8KhT/a+MVJ7lb+JEpc1lTGBIUwPNDvJBVS/9jx/WUFsbqbJ
20uAPCWdstIB1mO+WaRyN6fQCngV7CBK2F4xAdry7k5xSojFIKSD6+8YPThpIInT
WSFXl63SWHeFug0NPYxtiQ8cJcB90Qt4TTEBAaD8QgzZ4sS362NuJPpkXjnnJ02K
2DuMTwZ5yfXBtwOh+hjQPbcrfl899oSeGHCu1Cg7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUA8QDNkekoTObIyVwnaDO1LMiI+wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1Mzk2MTgxLWQwOTktNDYwYi04NDc1LThlYzA4MDIxYmQwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfP6oAwDQYJKoZIhvcNAQELBQADggEBAFQwYjSYe7yZA+W4yKTTayKU3qsd
GaXsoWB6MAdJ1mpSlTW4ZBdvkkN0tgnVIqDnwkopEhjCc2549cEF0Z80ZHE8YMWG
mLAdv4/BE7a6x06xa3xRIOpAvSpmq7bLPCyVjW0iVrzoJaHM8GWjnqaaxUwd1ZB4
n6GendZarIodvkn63fYQ6dIUaGgLxxYMefgUfFTaMHlXRAcYMl7YM96msTLv1DPP
OO2E1EASfzl6ldz9zwwfYRi6s4Tn2jSbUve8JVIWnWJo7GpaqO64Uz/cmKlFpv+R
5x0a3quGZn4hXKIuxnOxy7ETaVzTfgadTrpUVa+VZlR+OGL64E5kwBD6Qj8=
-----END CERTIFICATE-----