Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66e59786-c1f4-4146-bccb-708e47a5469a.roa
File:                     66e59786-c1f4-4146-bccb-708e47a5469a.roa (raw, json)
Hash identifier:          QCmDJ1dT9pE72tLk/RY1QO5vTDSoC/A/BJk50cHDWoU=
Subject key identifier:   31:81:0D:C3:10:F0:B9:8D:14:7A:55:F5:E9:F9:77:DA:8C:CB:20:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4564D105AD00B2666A641CC66D1C616881FA8A23
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66e59786-c1f4-4146-bccb-708e47a5469a.roa
Signing time:             Tue 04 Mar 2025 17:10:59 +0000
ROA not before:           Tue 04 Mar 2025 17:10:59 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.48.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:64:d1:05:ad:00:b2:66:6a:64:1c:c6:6d:1c:61:68:81:fa:8a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:10:59 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e7:4e:dd:a0:54:ca:5f:a2:3e:f3:3e:4c:fa:
                    af:fb:08:ec:0e:12:d3:18:c8:a7:ed:e7:45:83:68:
                    6e:e1:24:c8:a6:af:28:9e:78:26:85:d9:94:0d:40:
                    35:e9:86:19:e8:88:84:0f:08:77:fe:98:ee:54:01:
                    6a:24:a4:5a:6a:56:93:55:15:05:a6:8f:b2:6f:70:
                    f9:49:a7:2a:65:9d:93:53:2a:a0:25:d7:82:d3:5a:
                    16:fd:13:96:43:70:c9:f0:ec:78:46:2f:f5:18:4c:
                    f1:a6:22:a4:9b:d0:e9:6e:6d:bc:d5:af:40:3a:15:
                    37:49:2b:4e:0a:36:a5:01:16:c1:0f:ef:25:68:e4:
                    81:0f:8f:15:6b:d1:6b:50:c0:b4:c6:7d:a7:31:ad:
                    f3:79:60:33:39:0a:76:4c:e1:b9:12:8d:6c:29:dc:
                    ba:1f:ad:cf:fb:93:16:3c:23:5f:04:b8:6b:74:44:
                    35:d5:78:12:24:f0:65:16:af:37:87:eb:1c:67:41:
                    77:32:4b:17:58:bb:3e:cf:e9:18:20:67:43:9e:ca:
                    33:1e:3a:b8:a1:c2:52:a2:46:a9:09:94:f1:0d:32:
                    5d:2f:a1:78:f6:16:66:ca:ac:32:99:75:64:29:3c:
                    4f:07:11:68:3f:e0:e0:d3:77:60:e4:de:ef:f0:6c:
                    85:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:81:0D:C3:10:F0:B9:8D:14:7A:55:F5:E9:F9:77:DA:8C:CB:20:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66e59786-c1f4-4146-bccb-708e47a5469a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.48.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4e:7c:1d:0d:aa:cd:df:00:7e:96:87:6e:d1:f3:1b:63:45:d4:
         99:cd:5c:e4:04:e2:00:65:79:a9:33:b3:e7:30:cb:80:ad:15:
         45:ce:09:ac:85:23:90:17:d8:46:77:ea:f2:bb:0f:67:db:ee:
         0f:aa:b4:74:32:ba:cd:19:fb:d4:2e:69:2f:fd:78:99:58:bf:
         0a:6b:14:4e:69:31:54:c8:e1:19:6c:e7:02:44:98:8f:1a:ff:
         44:af:db:d6:f1:98:47:42:c1:f0:da:47:d7:37:4d:94:a1:ee:
         06:0d:b8:e3:10:f0:ed:dc:03:64:ec:dc:a2:bb:61:48:a7:fe:
         df:8d:0a:4d:83:ea:3a:56:b3:0b:53:75:c1:cc:82:de:f8:d3:
         31:e9:42:d0:41:61:a7:b1:0b:01:da:99:fb:64:84:31:51:71:
         48:fd:42:8d:16:c4:17:9e:fe:94:64:a9:83:2c:17:f1:dd:48:
         e5:64:15:ad:41:41:6b:fb:7d:45:90:54:03:93:b5:f5:c1:40:
         52:33:12:70:c5:8b:95:60:c1:41:7f:8f:74:b8:44:0d:13:2e:
         96:83:03:1f:2c:c8:1d:4e:26:64:8c:0f:45:63:f5:e3:c1:35:
         49:f2:2a:ed:bc:52:d5:9b:01:d9:36:63:7c:70:d9:61:16:dd:
         82:46:b1:cd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURWTRBa0AsmZqZBzGbRxhaIH6iiMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTcxMDU5WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzlkYzk3NWViNDNhNWZjMjJmODUwMmZiYmQ0NTZlMDU2
NmI1Zjk1OGYyNjNkZTUwMmUxMDkzZDE5MWNlNmY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ507doFTKX6I+8z5M+q/7COwOEtMYyKft50WDaG7hJMim
ryieeCaF2ZQNQDXphhnoiIQPCHf+mO5UAWokpFpqVpNVFQWmj7JvcPlJpyplnZNT
KqAl14LTWhb9E5ZDcMnw7HhGL/UYTPGmIqSb0OlubbzVr0A6FTdJK04KNqUBFsEP
7yVo5IEPjxVr0WtQwLTGfacxrfN5YDM5CnZM4bkSjWwp3Lofrc/7kxY8I18EuGt0
RDXVeBIk8GUWrzeH6xxnQXcySxdYuz7P6RggZ0OeyjMeOrihwlKiRqkJlPENMl0v
oXj2FmbKrDKZdWQpPE8HEWg/4ODTd2Dk3u/wbIU9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMYENwxDwuY0UelX16fl32ozLIGUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2ZTU5Nzg2LWMxZjQtNDE0Ni1iY2NiLTcwOGU0N2E1NDY5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoMDANBgkqhkiG9w0BAQsFAAOCAQEATnwdDarN3wB+lodu0fMbY0XUmc1c
5ATiAGV5qTOz5zDLgK0VRc4JrIUjkBfYRnfq8rsPZ9vuD6q0dDK6zRn71C5pL/14
mVi/CmsUTmkxVMjhGWznAkSYjxr/RK/b1vGYR0LB8NpH1zdNlKHuBg244xDw7dwD
ZOzcorthSKf+340KTYPqOlazC1N1wcyC3vjTMelC0EFhp7ELAdqZ+2SEMVFxSP1C
jRbEF57+lGSpgywX8d1I5WQVrUFBa/t9RZBUA5O19cFAUjMScMWLlWDBQX+PdLhE
DRMuloMDHyzIHU4mZIwPRWP148E1SfIq7bxS1ZsB2TZjfHDZYRbdgkaxzQ==
-----END CERTIFICATE-----