Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/603f6d19-c2c3-4dec-9eca-780337977e94.roa
File:                     603f6d19-c2c3-4dec-9eca-780337977e94.roa (raw, json)
Hash identifier:          8P9M57Sk6zQ9YWVwDClSecXPAJcDAgnUNSjQtcVlnJE=
Subject key identifier:   80:6B:9A:60:5B:CB:9B:CE:75:C9:57:06:06:CB:F9:1C:8D:86:5E:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B77E4983286E85477C459BD21C16BE508237719
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/603f6d19-c2c3-4dec-9eca-780337977e94.roa
Signing time:             Sat 29 Mar 2025 00:40:28 +0000
ROA not before:           Sat 29 Mar 2025 00:40:28 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.213.234.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:77:e4:98:32:86:e8:54:77:c4:59:bd:21:c1:6b:e5:08:23:77:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:40:28 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:60:a6:11:96:0f:ed:e0:da:0a:51:26:24:d0:
                    71:71:60:25:54:f2:51:fa:d1:6a:f7:c4:7c:63:aa:
                    e3:a2:8e:b1:a6:48:49:66:20:fb:5a:40:21:ba:59:
                    aa:6b:d2:b7:80:8c:8f:17:0f:7b:e8:42:6b:27:52:
                    30:a6:27:0a:c2:48:e6:39:1a:f3:c4:05:19:cf:b9:
                    84:0a:7e:07:20:88:d9:9f:db:85:2f:e8:5d:d5:57:
                    b3:26:b6:de:55:35:02:80:a6:aa:4e:18:1f:d3:4e:
                    55:e6:4f:ba:cf:07:5f:b3:c4:f7:fc:b4:76:29:16:
                    9d:d7:07:18:e0:40:ec:3b:47:a8:32:66:5b:56:ac:
                    26:5f:9c:aa:91:1a:d1:a1:2c:ae:94:28:eb:d3:53:
                    f8:45:c6:d5:06:97:5c:08:bd:2b:73:06:dc:93:9d:
                    7c:76:3c:5f:c9:4c:7f:a0:ff:d7:d9:d5:9a:a1:6d:
                    00:08:42:4c:a3:6c:74:fd:d9:ea:7e:ec:6d:eb:03:
                    ce:e3:b7:42:9b:16:cd:98:ab:ad:55:86:37:78:f4:
                    8c:64:0a:31:46:ac:81:63:79:21:b8:27:24:15:34:
                    70:5c:0d:dc:46:ec:4f:df:50:6d:13:e7:21:0a:03:
                    f7:c7:58:40:f9:28:da:20:06:31:ec:34:d7:f3:5f:
                    75:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:6B:9A:60:5B:CB:9B:CE:75:C9:57:06:06:CB:F9:1C:8D:86:5E:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/603f6d19-c2c3-4dec-9eca-780337977e94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.213.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:c2:bc:83:b5:d6:87:a5:73:bc:e2:a1:52:a6:36:57:9a:12:
         00:14:b6:f6:6e:9e:29:93:59:bc:d3:0e:13:c5:eb:b9:40:3a:
         fb:e8:3a:3b:df:30:70:ff:21:09:56:dd:cc:f9:c5:e0:a2:04:
         1f:07:24:45:85:88:7c:43:13:9b:6c:65:5a:0c:77:cb:99:ba:
         16:18:a3:69:c8:53:a1:f8:6f:cc:77:0b:9a:55:d8:e6:e4:b4:
         96:30:5d:ee:12:0d:31:33:a1:b9:dc:a6:f0:40:4d:cc:d7:6b:
         1b:fb:8c:ca:bf:75:c7:9d:a4:48:d3:b1:50:1b:a1:37:bd:e9:
         2e:33:cf:e8:9d:c0:33:d8:14:3c:e0:ee:52:6d:06:ee:36:a9:
         88:bc:c9:6e:5c:02:44:60:85:0d:90:ec:9c:d7:e7:4f:ce:52:
         74:56:6c:8f:28:d0:ae:f2:6c:02:d0:45:5b:39:12:79:a6:e9:
         91:f7:d6:ab:bd:c3:0a:bf:b5:d3:74:e4:55:88:bb:15:3c:39:
         21:05:ee:2f:de:62:74:81:2d:c5:aa:fb:f0:84:5f:07:2e:9a:
         ad:3b:b8:a9:0c:87:0d:60:10:58:43:49:48:af:e5:3a:dd:f4:
         4f:68:a9:0a:b4:8b:29:7d:b4:3d:fc:82:95:cf:5a:f6:78:cc:
         ca:62:8a:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC3fkmDKG6FR3xFm9IcFr5QgjdxkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDA0MDI4WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzIyMzE2NzllZDE4OWE4YWVmZWMyODkzZThjNmNhYzRm
MjViZmJiMWIzNTk0ZDIyZGU2YTU1YzFlYzcyNTBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0YKYRlg/t4NoKUSYk0HFxYCVU8lH60Wr3xHxjquOijrGm
SElmIPtaQCG6Wapr0reAjI8XD3voQmsnUjCmJwrCSOY5GvPEBRnPuYQKfgcgiNmf
24Uv6F3VV7Mmtt5VNQKApqpOGB/TTlXmT7rPB1+zxPf8tHYpFp3XBxjgQOw7R6gy
ZltWrCZfnKqRGtGhLK6UKOvTU/hFxtUGl1wIvStzBtyTnXx2PF/JTH+g/9fZ1Zqh
bQAIQkyjbHT92ep+7G3rA87jt0KbFs2Yq61Vhjd49IxkCjFGrIFjeSG4JyQVNHBc
DdxG7E/fUG0T5yEKA/fHWED5KNogBjHsNNfzX3VRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgGuaYFvLm851yVcGBsv5HI2GXhcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwM2Y2ZDE5LWMyYzMtNGRlYy05ZWNhLTc4MDMzNzk3N2U5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGi1eowDQYJKoZIhvcNAQELBQADggEBADDCvIO11oelc7zioVKmNleaEgAU
tvZunimTWbzTDhPF67lAOvvoOjvfMHD/IQlW3cz5xeCiBB8HJEWFiHxDE5tsZVoM
d8uZuhYYo2nIU6H4b8x3C5pV2ObktJYwXe4SDTEzobncpvBATczXaxv7jMq/dced
pEjTsVAboTe96S4zz+idwDPYFDzg7lJtBu42qYi8yW5cAkRghQ2Q7JzX50/OUnRW
bI8o0K7ybALQRVs5Enmm6ZH31qu9wwq/tdN05FWIuxU8OSEF7i/eYnSBLcWq+/CE
Xwcumq07uKkMhw1gEFhDSUiv5Trd9E9oqQq0iyl9tD38gpXPWvZ4zMpiiu0=
-----END CERTIFICATE-----