Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa
File:                     497f0d59-c7e7-4604-a259-3494824b7cae.roa (raw, json)
Hash identifier:          lchotZzpcKE1ewBHQEbPeF+QDc6rCYxpRIN8kzrIakc=
Subject key identifier:   55:9D:06:15:40:BE:9A:76:03:0C:F2:F9:2B:9C:67:C2:D1:1D:7A:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DBF874E5A82A0760C02311E7290227D1ED97A8E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa
Signing time:             Sat 29 Mar 2025 00:40:19 +0000
ROA not before:           Sat 29 Mar 2025 00:40:19 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.193.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:bf:87:4e:5a:82:a0:76:0c:02:31:1e:72:90:22:7d:1e:d9:7a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:40:19 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8c:60:1d:70:f6:48:f9:14:a9:bf:31:19:8a:
                    89:27:a8:df:4f:a9:4e:be:7e:99:48:89:4c:83:39:
                    27:57:73:01:06:91:b4:8e:e2:fc:4f:3e:46:54:07:
                    8b:3c:ab:78:66:5f:04:23:f5:15:48:00:a3:46:13:
                    39:e1:67:c5:44:c7:9c:21:d8:62:cb:47:23:1d:b1:
                    be:05:66:4c:94:23:c0:b9:03:94:5c:0a:e3:c5:40:
                    26:0a:de:59:c8:ba:3e:c2:7a:9a:bd:71:5f:14:4b:
                    57:cd:97:8b:d5:cc:53:fd:a1:1a:ca:30:9c:80:c4:
                    4c:59:6d:2c:0f:10:83:21:ea:ff:cd:fd:88:b0:dc:
                    8f:cd:ee:1c:af:c0:b0:c8:38:98:22:c2:f5:40:d7:
                    19:0c:28:32:a5:c4:6f:57:f9:be:19:3f:a3:52:96:
                    f4:db:80:6f:ac:2f:33:a3:97:fe:57:5c:96:8f:92:
                    5e:ad:9e:7a:5e:79:bb:c9:27:c6:79:1d:55:00:a1:
                    06:a7:a9:f0:ba:c5:a2:2c:7c:62:93:0a:91:64:aa:
                    90:a9:0f:ff:b7:69:68:62:78:a4:6e:79:78:cf:4a:
                    83:7c:97:79:b6:c5:76:ca:9c:d2:a3:5d:80:b8:c4:
                    8f:ab:65:5a:d4:f2:7a:be:1c:57:8f:d6:1c:5f:82:
                    88:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:9D:06:15:40:BE:9A:76:03:0C:F2:F9:2B:9C:67:C2:D1:1D:7A:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.193.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5d:87:d5:00:03:44:19:2c:95:e1:5f:e9:36:d1:51:4e:79:6b:
         ae:b2:75:f5:a8:ae:fd:29:34:80:6c:3c:21:7c:d0:d4:7f:24:
         00:4f:9c:62:0a:d1:3b:75:67:9c:1b:ad:28:eb:d5:43:57:ff:
         ff:fd:d4:3d:bc:b9:8a:3f:3d:71:03:8f:4b:d0:6e:09:dc:d2:
         24:d2:34:e8:4d:bc:5b:59:b4:e5:b8:93:2c:f2:9b:a5:44:ee:
         f2:b3:b8:24:a8:3b:9d:cc:54:20:4e:f7:a0:f4:41:11:b7:df:
         f4:58:a4:19:42:16:62:3d:f2:bb:5e:0c:cb:90:32:8c:39:61:
         2f:f4:58:5a:2f:55:e2:e6:94:c8:fd:f7:a8:6d:35:c6:f1:05:
         be:79:de:74:76:ae:ae:24:c8:94:3e:c7:a7:8b:84:80:af:76:
         38:6f:2e:12:84:40:30:6f:dd:1f:f4:25:50:83:06:f5:8b:85:
         ea:3e:e5:38:9b:17:2c:fd:f4:46:34:65:46:4a:99:34:e8:d5:
         1a:75:88:da:4d:2a:9b:08:10:a5:94:23:56:09:a2:31:70:67:
         c7:8c:f0:0b:68:d8:2e:25:7d:a3:81:4e:39:9c:59:e8:f9:d6:
         6e:1f:51:4a:2a:39:90:0d:29:d7:56:a7:8e:a2:8e:05:10:7b:
         64:ec:0e:f5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXb+HTlqCoHYMAjEecpAifR7Zeo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDA0MDE5WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MTdlNmY3ZDNiOTY4YTVmNGE5NmNhYzNiNzI2ODdhMzM1
ZWY5N2I2N2YyMDQ1YWY4ZWUyMjM1MGIyMDQwZGQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDsjGAdcPZI+RSpvzEZioknqN9PqU6+fplIiUyDOSdXcwEG
kbSO4vxPPkZUB4s8q3hmXwQj9RVIAKNGEznhZ8VEx5wh2GLLRyMdsb4FZkyUI8C5
A5RcCuPFQCYK3lnIuj7Cepq9cV8US1fNl4vVzFP9oRrKMJyAxExZbSwPEIMh6v/N
/Yiw3I/N7hyvwLDIOJgiwvVA1xkMKDKlxG9X+b4ZP6NSlvTbgG+sLzOjl/5XXJaP
kl6tnnpeebvJJ8Z5HVUAoQanqfC6xaIsfGKTCpFkqpCpD/+3aWhieKRueXjPSoN8
l3m2xXbKnNKjXYC4xI+rZVrU8nq+HFeP1hxfgog7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVZ0GFUC+mnYDDPL5K5xnwtEdeiswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5N2YwZDU5LWM3ZTctNDYwNC1hMjU5LTM0OTQ4MjRiN2NhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwChwTANBgkqhkiG9w0BAQsFAAOCAQEAXYfVAANEGSyV4V/pNtFRTnlrrrJ1
9aiu/Sk0gGw8IXzQ1H8kAE+cYgrRO3VnnButKOvVQ1f///3UPby5ij89cQOPS9Bu
CdzSJNI06E28W1m05biTLPKbpUTu8rO4JKg7ncxUIE73oPRBEbff9FikGUIWYj3y
u14My5AyjDlhL/RYWi9V4uaUyP33qG01xvEFvnnedHauriTIlD7Hp4uEgK92OG8u
EoRAMG/dH/QlUIMG9YuF6j7lOJsXLP30RjRlRkqZNOjVGnWI2k0qmwgQpZQjVgmi
MXBnx4zwC2jYLiV9o4FOOZxZ6PnWbh9RSio5kA0p11anjqKOBRB7ZOwO9Q==
-----END CERTIFICATE-----