Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa
File:                     68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa (raw, json)
Hash identifier:          /RhQ/MgOMfJKFR2pTR68DRGoReFIYzAgqcrOs6lS21A=
Subject key identifier:   68:69:36:59:0E:C3:B1:B3:2E:3E:7D:1F:EA:61:99:38:F0:01:96:14
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F5F033CADC5806A13B2CA016BDDF794CA6CF218
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa
Signing time:             Sat 15 Mar 2025 00:41:43 +0000
ROA not before:           Sat 15 Mar 2025 00:41:43 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.152.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:5f:03:3c:ad:c5:80:6a:13:b2:ca:01:6b:dd:f7:94:ca:6c:f2:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 15 00:41:43 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ef:5b:1e:a5:6d:50:4f:5e:c5:29:17:53:81:
                    68:24:26:b6:c7:b8:f4:11:fd:f6:35:33:d9:e9:de:
                    2a:0c:c2:af:ef:9f:36:78:73:cb:95:e5:3d:11:7c:
                    01:a7:87:b7:d8:9f:21:5c:36:7e:ca:d4:eb:46:76:
                    71:64:fd:cb:91:8b:ee:0e:ea:e1:08:af:80:9a:6f:
                    7d:df:ff:7a:82:bd:73:16:7c:db:8f:c4:bc:53:cb:
                    64:f6:fd:e2:83:4e:2b:e0:f9:f6:5c:7e:c6:da:6a:
                    24:14:49:d3:23:b6:1c:43:7f:5a:1a:81:8f:32:e5:
                    d7:9b:96:b3:23:61:ff:e9:1e:bf:41:f2:77:49:ea:
                    2a:e6:02:73:1d:a3:64:e7:da:bf:26:68:2b:13:0d:
                    f7:af:9c:52:2a:fa:43:e0:39:4b:97:32:4f:c4:fe:
                    09:e9:5a:7f:c0:41:0d:8a:be:a8:22:59:1f:c9:26:
                    5e:79:2a:78:13:c1:33:a3:20:17:49:89:1a:b0:5a:
                    84:7f:05:bb:89:87:a1:10:08:9d:bd:11:18:cb:61:
                    73:f0:03:a0:49:49:41:c8:cf:d8:ce:f0:4e:6c:48:
                    bc:e7:a0:6c:ae:12:ba:52:48:db:4b:aa:97:ee:aa:
                    fb:20:bf:4e:3a:89:c0:14:d6:2f:c1:b0:24:b4:43:
                    6a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:69:36:59:0E:C3:B1:B3:2E:3E:7D:1F:EA:61:99:38:F0:01:96:14
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2c:ec:28:8d:c9:f7:7c:e8:a1:e1:cc:ad:f7:0f:90:1d:90:33:
         42:eb:db:66:b5:67:64:df:d9:9e:90:bb:3f:02:00:55:50:71:
         0e:1f:6e:42:9b:aa:75:e2:2f:a1:2e:bd:aa:c5:f8:31:18:bd:
         e4:d8:58:f0:a4:dc:8d:b0:b3:6f:45:33:b3:b9:e7:9c:47:06:
         92:01:4d:06:b2:1c:90:b0:3a:7e:4e:ab:50:fc:0d:c9:e7:9b:
         26:77:0c:1c:ca:53:cc:60:2c:73:bf:49:a8:7b:a4:72:ec:34:
         ed:0f:d6:d4:96:df:02:84:3a:26:73:e6:c0:2b:ed:a3:ea:8b:
         16:fd:4e:88:93:2e:e3:c8:51:1b:05:f0:6b:21:b3:f0:bb:e9:
         63:f1:d2:d4:cc:f1:10:9f:79:d5:9a:e4:7f:87:fd:16:08:bf:
         cc:17:5a:9e:15:7e:a3:53:56:bf:88:1b:d7:59:a4:96:80:ee:
         95:74:39:fb:f2:63:d1:b2:de:67:3b:56:2a:8b:c3:0e:61:9c:
         43:70:b0:6b:6c:f3:3a:f1:79:c2:b6:1f:e6:72:e5:9d:f1:ad:
         bb:76:28:0d:d8:fc:f6:18:ec:5f:2e:15:dc:c5:2b:67:44:d1:
         a3:62:12:d4:c3:b8:8b:3f:91:47:ca:6d:ff:ab:f4:d9:74:db:
         e4:05:61:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH18DPK3FgGoTssoBa933lMps8hgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE1MDA0MTQzWhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjcwNjlkMWY3ODFkODRiMGEzZDUxM2VkYmU5ODVjMjc2
YWQ1M2E3ZmM3YmZjMjMxNTE5ZmVmYWJiZjg5ZTkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC871sepW1QT17FKRdTgWgkJrbHuPQR/fY1M9np3ioMwq/v
nzZ4c8uV5T0RfAGnh7fYnyFcNn7K1OtGdnFk/cuRi+4O6uEIr4Cab33f/3qCvXMW
fNuPxLxTy2T2/eKDTivg+fZcfsbaaiQUSdMjthxDf1oagY8y5deblrMjYf/pHr9B
8ndJ6irmAnMdo2Tn2r8maCsTDfevnFIq+kPgOUuXMk/E/gnpWn/AQQ2KvqgiWR/J
Jl55KngTwTOjIBdJiRqwWoR/BbuJh6EQCJ29ERjLYXPwA6BJSUHIz9jO8E5sSLzn
oGyuErpSSNtLqpfuqvsgv046icAU1i/BsCS0Q2qxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaGk2WQ7DsbMuPn0f6mGZOPABlhQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4YTI0YjViLTczNTAtNGI5ZS05ZTU0LWUxZGE4YmM5MTc3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgAJgwDQYJKoZIhvcNAQELBQADggEBACzsKI3J93zooeHMrfcPkB2QM0Lr
22a1Z2Tf2Z6Quz8CAFVQcQ4fbkKbqnXiL6EuvarF+DEYveTYWPCk3I2ws29FM7O5
55xHBpIBTQayHJCwOn5Oq1D8DcnnmyZ3DBzKU8xgLHO/Sah7pHLsNO0P1tSW3wKE
OiZz5sAr7aPqixb9ToiTLuPIURsF8Gshs/C76WPx0tTM8RCfedWa5H+H/RYIv8wX
Wp4VfqNTVr+IG9dZpJaA7pV0OfvyY9Gy3mc7ViqLww5hnENwsGts8zrxecK2H+Zy
5Z3xrbt2KA3Y/PYY7F8uFdzFK2dE0aNiEtTDuIs/kUfKbf+r9Nl02+QFYeQ=
-----END CERTIFICATE-----