Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48af1dfe-0e61-4862-8ae2-75b053bcc924.roa
File:                     48af1dfe-0e61-4862-8ae2-75b053bcc924.roa (raw, json)
Hash identifier:          PHhG8OrTi6gXjYldWy1/z/kY/oe1yveXDD65/r1Nuxc=
Subject key identifier:   42:85:21:72:E9:C6:8E:A7:DB:42:7B:AD:15:D5:BB:A5:23:80:2F:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A09671C867DE73795ADA71D3D4A2B2FE4751968
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48af1dfe-0e61-4862-8ae2-75b053bcc924.roa
Signing time:             Tue 18 Mar 2025 00:11:44 +0000
ROA not before:           Tue 18 Mar 2025 00:11:44 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.215.136.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:09:67:1c:86:7d:e7:37:95:ad:a7:1d:3d:4a:2b:2f:e4:75:19:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:11:44 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:06:36:e0:62:25:7a:c2:22:c9:4b:32:36:a0:
                    0f:78:52:c8:34:a1:e8:52:9c:9c:45:4e:3e:20:ef:
                    87:15:f8:d5:20:cc:ae:cc:4c:f7:77:0e:a8:3f:38:
                    96:bd:13:ad:30:c1:1e:bf:a2:53:1a:55:c8:67:a3:
                    f0:77:41:73:3f:43:20:30:60:0b:40:3d:0f:76:75:
                    e0:4b:79:1f:78:3f:51:25:03:bc:81:83:3b:94:11:
                    f1:fc:a7:76:aa:af:62:85:4a:13:f2:d8:c3:a1:90:
                    2c:90:c2:52:a6:f5:63:71:de:dd:6d:a0:96:28:fc:
                    5e:5a:76:d6:b5:59:7a:a5:37:0f:16:c0:a8:24:8e:
                    ca:70:0d:bd:2c:d2:30:24:b2:37:3a:57:00:c3:ea:
                    f7:4a:4b:47:d4:13:a5:59:2a:d6:5d:26:ae:be:bb:
                    90:94:56:13:d6:d1:51:55:3d:83:10:f1:ce:68:8d:
                    3c:f9:b3:51:e7:41:40:66:d1:c2:20:7d:98:ab:77:
                    61:f3:e7:25:e9:87:5b:3a:75:5b:d2:0c:17:a6:7a:
                    44:f6:a8:f7:95:69:aa:ac:0f:67:55:85:b7:89:b5:
                    aa:ec:9b:d9:3a:7a:aa:52:0f:90:f5:9c:9e:fa:ee:
                    4d:40:c6:7c:fc:e6:1a:37:e1:d4:e0:69:2e:cb:bd:
                    c7:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:85:21:72:E9:C6:8E:A7:DB:42:7B:AD:15:D5:BB:A5:23:80:2F:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48af1dfe-0e61-4862-8ae2-75b053bcc924.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.215.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:55:85:61:f7:87:84:83:0f:07:65:b1:16:0c:da:4c:7a:37:
         5d:55:2c:1f:78:1e:01:79:3c:1b:1d:fc:64:5e:df:f8:92:ca:
         3e:5f:b7:8f:0b:9d:fd:05:0b:93:15:1b:90:3c:7a:4f:12:5e:
         48:94:8d:6f:98:6a:26:6e:7c:6d:81:ec:78:aa:8f:92:8f:f7:
         01:f0:fc:e5:1a:68:78:cb:7a:51:79:04:82:52:d3:b6:fd:ca:
         b5:12:c7:ef:f3:1f:c4:61:1d:eb:e7:6b:71:f1:9d:93:b4:d2:
         07:6d:fe:88:16:5a:fd:09:67:63:76:62:37:8b:08:55:aa:4a:
         d4:10:97:c8:73:9b:2c:41:4a:30:e7:2a:fe:0e:25:9f:b6:6e:
         d6:4e:6d:65:02:fe:0e:5c:15:9d:f4:c0:3c:c0:35:bf:8e:1d:
         94:11:4c:e2:4f:02:ed:67:9e:1a:ec:c1:ec:a4:32:09:2e:c8:
         c4:fd:fb:37:be:fc:11:0c:d3:5d:ef:2c:13:2c:5a:a4:9a:d0:
         b3:31:d9:d3:ec:2b:4b:51:78:27:66:f5:86:c5:de:3d:b0:3b:
         29:0d:45:fd:ce:24:9b:4c:60:41:3c:0b:3c:ca:a4:55:da:58:
         bc:d1:a9:0e:3b:69:88:81:e2:7b:d3:f6:fc:19:df:0d:bf:44:
         c3:63:9f:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCglnHIZ95zeVracdPUorL+R1GWgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAxMTQ0WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWMwYmFkMTk4MmRmZWZjY2FmYWIyNmU4YWExMTQ2ZDBi
ODdiMjIwZjc4NzRjYjJhM2I1NmQ2ODIzZDAxMmNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIBjbgYiV6wiLJSzI2oA94Usg0oehSnJxFTj4g74cV+NUg
zK7MTPd3Dqg/OJa9E60wwR6/olMaVchno/B3QXM/QyAwYAtAPQ92deBLeR94P1El
A7yBgzuUEfH8p3aqr2KFShPy2MOhkCyQwlKm9WNx3t1toJYo/F5adta1WXqlNw8W
wKgkjspwDb0s0jAksjc6VwDD6vdKS0fUE6VZKtZdJq6+u5CUVhPW0VFVPYMQ8c5o
jTz5s1HnQUBm0cIgfZird2Hz5yXph1s6dVvSDBemekT2qPeVaaqsD2dVhbeJtars
m9k6eqpSD5D1nJ767k1Axnz85ho34dTgaS7Lvcf5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQoUhcunGjqfbQnutFdW7pSOALzMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4YWYxZGZlLTBlNjEtNDg2Mi04YWUyLTc1YjA1M2JjYzkyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIs14gwDQYJKoZIhvcNAQELBQADggEBAIdVhWH3h4SDDwdlsRYM2kx6N11V
LB94HgF5PBsd/GRe3/iSyj5ft48Lnf0FC5MVG5A8ek8SXkiUjW+YaiZufG2B7Hiq
j5KP9wHw/OUaaHjLelF5BIJS07b9yrUSx+/zH8RhHevna3HxnZO00gdt/ogWWv0J
Z2N2YjeLCFWqStQQl8hzmyxBSjDnKv4OJZ+2btZObWUC/g5cFZ30wDzANb+OHZQR
TOJPAu1nnhrsweykMgkuyMT9+ze+/BEM013vLBMsWqSa0LMx2dPsK0tReCdm9YbF
3j2wOykNRf3OJJtMYEE8CzzKpFXaWLzRqQ47aYiB4nvT9vwZ3w2/RMNjn90=
-----END CERTIFICATE-----