Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52248f94-30ea-4ecd-abe4-da5a8409a81b.roa
File:                     52248f94-30ea-4ecd-abe4-da5a8409a81b.roa (raw, json)
Hash identifier:          VPcuAcBy33G6X14+yJ/djg5Rk263TAr8Gj+nb8bLDug=
Subject key identifier:   D2:53:AD:1B:46:2D:98:93:E3:A3:F4:57:5A:40:AB:04:67:83:33:3A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       573F04A41F8557901FC5C69C5D455DB4202F42D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52248f94-30ea-4ecd-abe4-da5a8409a81b.roa
Signing time:             Mon 24 Mar 2025 15:42:12 +0000
ROA not before:           Mon 24 Mar 2025 15:42:12 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.146.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:3f:04:a4:1f:85:57:90:1f:c5:c6:9c:5d:45:5d:b4:20:2f:42:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:42:12 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a7:50:58:5c:75:00:79:c2:e8:88:81:e3:ec:
                    b8:c3:64:38:cb:39:11:fc:e5:52:3f:08:8a:94:b1:
                    ec:8c:45:73:b2:9e:d8:19:9b:7e:78:e0:91:85:4d:
                    2b:72:b9:d9:4a:ea:63:f9:6d:c3:2b:d4:a8:a4:32:
                    b4:29:ac:23:78:48:19:84:7a:c1:c4:9d:c6:8c:a0:
                    dd:c2:28:81:db:16:c3:19:61:ed:36:8d:f3:37:19:
                    bc:8f:e6:d5:24:dd:d6:a4:3a:d9:2b:10:43:57:c6:
                    f8:44:65:99:cb:af:eb:49:eb:e5:10:b9:7c:5e:d0:
                    24:1d:4d:25:70:94:56:ed:d0:cf:39:75:48:42:f2:
                    17:e1:a8:0a:7a:85:d9:eb:a3:52:d7:9e:1d:3e:cc:
                    ac:43:49:22:df:58:a1:0e:a7:da:10:2a:c5:ff:55:
                    2d:56:15:c8:2d:b7:8d:7e:0e:b6:3b:c5:92:fc:65:
                    bd:6a:73:99:20:d4:16:fe:5b:5a:39:3a:5e:7a:ab:
                    1d:e6:7b:2a:9d:d8:11:0f:cd:14:f9:59:0a:14:4c:
                    b0:ee:fb:57:a7:c3:2a:70:2e:c5:6a:8e:25:9b:39:
                    45:0f:a0:95:4f:73:89:97:a0:7c:04:3a:d2:de:93:
                    14:fa:0b:9c:0f:e8:69:03:52:fc:87:93:23:a4:8c:
                    fb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:53:AD:1B:46:2D:98:93:E3:A3:F4:57:5A:40:AB:04:67:83:33:3A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52248f94-30ea-4ecd-abe4-da5a8409a81b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:94:4f:65:20:f8:09:41:85:d9:44:d3:01:eb:77:eb:08:96:
         c0:cf:81:17:f9:c5:86:5c:00:41:8a:db:9f:bd:2f:7d:69:7b:
         59:4e:bb:61:56:88:27:4e:9a:29:a7:98:7d:b4:0e:18:27:b6:
         10:04:fe:7e:19:54:1d:23:2e:2e:d6:a3:d3:a4:17:de:bc:d1:
         f5:4f:c3:4d:fd:8c:5e:dd:9e:ad:90:ee:4d:1f:3f:04:91:84:
         a3:65:39:89:3c:b4:ca:db:a7:26:34:35:c7:47:a2:7d:b5:ef:
         0e:cd:de:90:46:4e:25:7e:93:05:59:b3:bd:eb:30:46:b6:9d:
         da:86:4e:ad:8c:91:ab:4d:35:be:fe:7d:4a:6e:bf:01:78:3d:
         20:a2:ab:79:d3:a4:44:2f:62:59:4d:f5:32:ba:b6:aa:75:2b:
         e9:a4:a2:58:ea:67:61:9d:31:ef:e1:80:53:9e:9c:93:41:bb:
         05:c8:31:8d:a6:08:1e:70:3e:c9:da:b3:13:d8:e6:22:8c:44:
         92:37:9c:76:ba:f0:fc:a3:5c:54:9d:48:ec:ed:5c:b1:a2:eb:
         c8:7f:a5:1f:4f:db:01:dc:98:7a:a8:59:5e:9a:2d:fe:cd:b9:
         21:52:e3:1f:d3:9f:2d:a0:4a:fc:9d:90:dc:a3:f8:cf:1f:4a:
         a7:19:8c:2b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVz8EpB+FV5AfxcacXUVdtCAvQtQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTU0MjEyWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTMzYTlhY2IxMWUyOTUzODlkM2IyZTFjMzcyNTNiNWIy
MGZhZmM4OGRlZjBmNTNhZjU2MDVlMDY1MzE0OWZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCap1BYXHUAecLoiIHj7LjDZDjLORH85VI/CIqUseyMRXOy
ntgZm3544JGFTStyudlK6mP5bcMr1KikMrQprCN4SBmEesHEncaMoN3CKIHbFsMZ
Ye02jfM3GbyP5tUk3dakOtkrEENXxvhEZZnLr+tJ6+UQuXxe0CQdTSVwlFbt0M85
dUhC8hfhqAp6hdnro1LXnh0+zKxDSSLfWKEOp9oQKsX/VS1WFcgtt41+DrY7xZL8
Zb1qc5kg1Bb+W1o5Ol56qx3meyqd2BEPzRT5WQoUTLDu+1enwypwLsVqjiWbOUUP
oJVPc4mXoHwEOtLekxT6C5wP6GkDUvyHkyOkjPubAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0lOtG0YtmJPjo/RXWkCrBGeDMzowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyMjQ4Zjk0LTMwZWEtNGVjZC1hYmU0LWRhNWE4NDA5YTgxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFFAJIwDQYJKoZIhvcNAQELBQADggEBAGGUT2Ug+AlBhdlE0wHrd+sIlsDP
gRf5xYZcAEGK25+9L31pe1lOu2FWiCdOmimnmH20DhgnthAE/n4ZVB0jLi7Wo9Ok
F9680fVPw039jF7dnq2Q7k0fPwSRhKNlOYk8tMrbpyY0NcdHon217w7N3pBGTiV+
kwVZs73rMEa2ndqGTq2MkatNNb7+fUpuvwF4PSCiq3nTpEQvYllN9TK6tqp1K+mk
oljqZ2GdMe/hgFOenJNBuwXIMY2mCB5wPsnasxPY5iKMRJI3nHa68PyjXFSdSOzt
XLGi68h/pR9P2wHcmHqoWV6aLf7NuSFS4x/Tny2gSvydkNyj+M8fSqcZjCs=
-----END CERTIFICATE-----