Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56cbb688-b79c-46f1-9338-01219b6222c0.roa
File:                     56cbb688-b79c-46f1-9338-01219b6222c0.roa (raw, json)
Hash identifier:          LnvT1dT87mn5gJ8tqilExloznurwtUb1EFThGtY2R1E=
Subject key identifier:   EE:D0:2E:49:F7:6F:27:4F:69:D6:19:6F:6E:E5:53:93:77:A1:02:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A3322A150F1D8AEC44B9D04C7C83CE0D7962650
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56cbb688-b79c-46f1-9338-01219b6222c0.roa
Signing time:             Fri 21 Mar 2025 00:21:18 +0000
ROA not before:           Fri 21 Mar 2025 00:21:18 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.52.144.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:33:22:a1:50:f1:d8:ae:c4:4b:9d:04:c7:c8:3c:e0:d7:96:26:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:21:18 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:15:fc:fd:b6:09:20:70:a5:55:c2:11:4f:0b:
                    1a:55:85:6b:c5:89:54:c6:c4:db:62:de:6d:5f:59:
                    aa:21:49:8d:80:e6:82:4f:2c:a3:27:49:ef:f2:06:
                    1b:0f:3c:fe:41:41:15:c5:09:c0:f3:e4:bb:2a:e3:
                    13:46:42:00:b8:e4:58:0a:1e:fa:04:3c:28:21:95:
                    84:0c:66:ba:30:48:8f:46:e3:77:ed:05:be:f5:78:
                    d4:15:fb:f7:b1:b9:4a:4c:c1:31:99:2c:45:6e:20:
                    b7:18:d2:c9:78:d5:22:a2:5c:5f:5e:e0:f8:d8:af:
                    54:60:20:bc:22:21:72:0c:3a:99:ab:6f:9b:3f:07:
                    77:e0:6e:0a:c5:a0:8c:45:2f:5b:6e:25:fe:95:41:
                    b1:36:7f:c4:d3:f8:8b:c0:5f:93:fb:6c:ed:04:af:
                    b9:b5:c2:0e:cb:4a:f6:cc:4e:0c:6d:c9:03:0a:99:
                    27:49:9e:c6:33:d5:60:7e:40:76:81:9e:e4:1d:41:
                    42:ea:d4:d7:9f:e3:7c:dc:6f:4b:98:2a:0d:61:14:
                    43:c6:7f:bb:84:fb:67:de:91:88:23:20:e3:66:91:
                    a5:81:b1:6e:91:02:97:97:3e:37:69:a0:67:41:2b:
                    5d:f3:3e:ca:f7:58:ca:3e:ba:15:d1:e0:9c:11:b1:
                    a3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:D0:2E:49:F7:6F:27:4F:69:D6:19:6F:6E:E5:53:93:77:A1:02:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56cbb688-b79c-46f1-9338-01219b6222c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.52.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:0d:47:87:6f:df:ca:be:40:c0:79:63:3e:4f:02:c2:86:4f:
         29:da:0e:9f:f8:fe:21:d7:6e:fa:64:65:d6:78:15:8a:d9:f4:
         06:e2:32:b2:d3:13:73:3d:aa:59:40:19:75:a0:4a:af:7e:16:
         2a:0e:b7:30:b4:c0:be:1b:9e:42:61:13:49:11:88:ea:57:be:
         89:7a:a0:b4:28:79:a1:5d:5a:65:6d:83:2d:2f:87:c7:78:cb:
         5a:3e:ef:c3:37:7c:2e:41:b0:20:88:e6:8c:a9:ad:39:40:3a:
         91:a9:dc:80:ab:1c:cf:99:67:86:37:ba:a5:2f:d6:53:61:71:
         01:3c:59:a1:6a:fe:07:44:47:19:4a:04:9e:93:eb:83:cd:8f:
         ac:2e:23:a2:6d:ac:71:b5:61:11:7d:02:9f:82:a3:2f:cb:34:
         df:7e:18:49:2a:3e:a7:d3:47:e1:74:10:e1:8c:78:fc:12:9c:
         ee:ca:c5:d8:9d:9b:12:6f:a1:71:6b:34:14:9f:08:96:b1:8a:
         87:1f:af:f7:e0:51:66:03:c3:e5:4b:cf:1a:ed:66:82:7f:a9:
         aa:2a:ac:05:62:6b:36:c9:00:09:19:78:11:1c:17:c6:f4:16:
         62:aa:18:f6:bd:9d:83:3e:60:31:a6:da:e9:64:4a:0e:f3:fb:
         27:e0:73:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGjMioVDx2K7ES50Ex8g84NeWJlAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAyMTE4WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTZiMjc3MjYyODM2YWQ4NTlmOWM4NGIyYmFmZGE2NTAy
N2NkYjljNGE3NjZjZjUzNjQ5YTFiYWJkNGJlOGFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvFfz9tgkgcKVVwhFPCxpVhWvFiVTGxNti3m1fWaohSY2A
5oJPLKMnSe/yBhsPPP5BQRXFCcDz5Lsq4xNGQgC45FgKHvoEPCghlYQMZrowSI9G
43ftBb71eNQV+/exuUpMwTGZLEVuILcY0sl41SKiXF9e4PjYr1RgILwiIXIMOpmr
b5s/B3fgbgrFoIxFL1tuJf6VQbE2f8TT+IvAX5P7bO0Er7m1wg7LSvbMTgxtyQMK
mSdJnsYz1WB+QHaBnuQdQULq1Nef43zcb0uYKg1hFEPGf7uE+2fekYgjIONmkaWB
sW6RApeXPjdpoGdBK13zPsr3WMo+uhXR4JwRsaPfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7tAuSfdvJ09p1hlvbuVTk3ehArgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2Y2JiNjg4LWI3OWMtNDZmMS05MzM4LTAxMjE5YjYyMjJjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARANJAwDQYJKoZIhvcNAQELBQADggEBAFINR4dv38q+QMB5Yz5PAsKGTyna
Dp/4/iHXbvpkZdZ4FYrZ9AbiMrLTE3M9qllAGXWgSq9+FioOtzC0wL4bnkJhE0kR
iOpXvol6oLQoeaFdWmVtgy0vh8d4y1o+78M3fC5BsCCI5oyprTlAOpGp3ICrHM+Z
Z4Y3uqUv1lNhcQE8WaFq/gdERxlKBJ6T64PNj6wuI6JtrHG1YRF9Ap+Coy/LNN9+
GEkqPqfTR+F0EOGMePwSnO7KxdidmxJvoXFrNBSfCJaxiocfr/fgUWYDw+VLzxrt
ZoJ/qaoqrAViazbJAAkZeBEcF8b0FmKqGPa9nYM+YDGm2ulkSg7z+yfgcyM=
-----END CERTIFICATE-----