Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/587edf41-df01-49b4-82dd-5d9a4fe282f1.roa
File:                     587edf41-df01-49b4-82dd-5d9a4fe282f1.roa (raw, json)
Hash identifier:          U5L28nzWzH6XfLD8/vW3srTITvaMUPvpJMAwRM+2uDQ=
Subject key identifier:   28:AC:5D:AA:30:2C:54:C2:83:18:CA:2B:9F:48:06:F5:FD:6E:FE:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       478F3EC98505840C659E5B5C5EB2AB594B8BA943
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/587edf41-df01-49b4-82dd-5d9a4fe282f1.roa
Signing time:             Fri 21 Mar 2025 00:11:02 +0000
ROA not before:           Fri 21 Mar 2025 00:11:02 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.86.0.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:8f:3e:c9:85:05:84:0c:65:9e:5b:5c:5e:b2:ab:59:4b:8b:a9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:11:02 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:62:d7:78:6d:20:00:26:41:60:15:60:3e:17:
                    f3:6c:f8:c0:7d:c9:23:df:ad:2c:7b:65:a1:73:48:
                    56:a7:7d:ff:51:4d:f1:97:ed:1c:39:15:4d:3e:c0:
                    b9:cb:84:6f:f7:b6:10:72:8c:d8:dd:db:61:96:ba:
                    06:f2:db:ee:2d:c2:1b:83:2d:93:2f:f4:a6:a9:31:
                    46:04:09:46:77:d1:ce:ec:dc:fa:b8:cb:fb:30:b4:
                    4e:93:dc:f7:3f:8c:f3:cf:71:b6:8a:56:29:fd:dc:
                    07:e1:8d:2d:62:d1:f7:4d:45:81:9a:97:6a:a5:1d:
                    e0:4c:60:23:87:e5:e3:60:59:49:a8:89:53:89:4f:
                    82:b3:65:35:fc:50:ce:ab:bd:c3:33:ba:9c:61:cf:
                    05:18:f1:a6:27:6b:86:65:7e:a0:b9:6e:8a:a2:d3:
                    16:d7:54:04:6e:84:28:3b:de:35:67:fd:0e:77:19:
                    df:82:06:aa:c7:3a:d1:99:97:6a:e7:16:17:b1:41:
                    5b:17:41:0a:c6:67:1d:a3:9a:e1:63:e7:9d:44:df:
                    2d:6e:32:65:e2:c1:fc:c8:8e:74:41:d0:e6:63:f0:
                    36:cd:0b:90:cd:cc:10:ca:3e:13:b9:d1:c7:01:c3:
                    33:c3:9f:a7:56:ef:7c:5b:c5:39:b6:31:59:1c:1e:
                    24:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:AC:5D:AA:30:2C:54:C2:83:18:CA:2B:9F:48:06:F5:FD:6E:FE:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/587edf41-df01-49b4-82dd-5d9a4fe282f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.86.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         24:35:82:6b:50:36:ee:45:7b:56:1e:83:ff:3a:ac:f3:8f:9c:
         51:16:14:c2:93:13:af:ff:72:bb:e9:dd:d2:8c:0d:45:18:6e:
         68:55:ca:d4:31:a8:53:b2:de:81:8a:a1:d9:ac:33:a1:74:30:
         22:1c:22:ae:d6:06:eb:3c:94:8a:44:c9:72:81:10:94:f0:d2:
         5c:4a:55:39:af:49:3f:d6:17:cf:e8:4d:17:52:cf:bf:dd:68:
         ef:27:c9:fe:ce:f5:7f:76:6a:7a:5f:2c:e3:d6:d0:19:83:dd:
         86:5c:43:ca:8c:38:43:3b:59:70:c6:8f:60:d2:05:dd:94:37:
         a3:d3:38:14:d0:b2:13:a8:fa:93:cd:d6:09:47:e9:da:28:28:
         27:3d:f5:cc:4b:8b:06:9a:7c:c6:02:06:e6:5c:f9:54:ee:47:
         9c:34:e3:37:56:89:c1:40:16:af:ef:96:0b:9b:c1:d1:64:c4:
         4c:c0:58:3e:ff:e4:02:cf:80:5a:99:81:32:e4:b8:f1:20:88:
         39:69:dc:0c:39:92:f5:10:65:de:df:2f:a1:72:18:f7:59:0d:
         af:c2:ab:c2:da:0b:ae:2d:52:a7:2e:ef:5c:63:7f:6b:a2:44:
         a4:a8:24:35:47:67:f1:38:b9:2b:21:27:89:db:9b:71:49:b7:
         13:4f:61:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR48+yYUFhAxlnltcXrKrWUuLqUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAxMTAyWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjdmMDJjOGZiYjAyMGZjZDg5ZDY3NTAzYTgwYjViODcw
OGE5YjEyNzU5MWMwYTI4Y2FlMTQ0ZDg2ZWIzNzE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7Ytd4bSAAJkFgFWA+F/Ns+MB9ySPfrSx7ZaFzSFanff9R
TfGX7Rw5FU0+wLnLhG/3thByjNjd22GWugby2+4twhuDLZMv9KapMUYECUZ30c7s
3Pq4y/swtE6T3Pc/jPPPcbaKVin93AfhjS1i0fdNRYGal2qlHeBMYCOH5eNgWUmo
iVOJT4KzZTX8UM6rvcMzupxhzwUY8aYna4ZlfqC5boqi0xbXVARuhCg73jVn/Q53
Gd+CBqrHOtGZl2rnFhexQVsXQQrGZx2jmuFj551E3y1uMmXiwfzIjnRB0OZj8DbN
C5DNzBDKPhO50ccBwzPDn6dW73xbxTm2MVkcHiTFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKKxdqjAsVMKDGMorn0gG9f1u/iQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4N2VkZjQxLWRmMDEtNDliNC04MmRkLTVkOWE0ZmUyODJmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXYVgAwDQYJKoZIhvcNAQELBQADggEBACQ1gmtQNu5Fe1Yeg/86rPOPnFEW
FMKTE6//crvp3dKMDUUYbmhVytQxqFOy3oGKodmsM6F0MCIcIq7WBus8lIpEyXKB
EJTw0lxKVTmvST/WF8/oTRdSz7/daO8nyf7O9X92anpfLOPW0BmD3YZcQ8qMOEM7
WXDGj2DSBd2UN6PTOBTQshOo+pPN1glH6dooKCc99cxLiwaafMYCBuZc+VTuR5w0
4zdWicFAFq/vlgubwdFkxEzAWD7/5ALPgFqZgTLkuPEgiDlp3Aw5kvUQZd7fL6Fy
GPdZDa/Cq8LaC64tUqcu71xjf2uiRKSoJDVHZ/E4uSshJ4nbm3FJtxNPYWg=
-----END CERTIFICATE-----