Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa
File:                     6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa (raw, json)
Hash identifier:          cwofOtjFG8v+oFgGRukqzxuKQ+aE6WjfFnM0WYuCxF8=
Subject key identifier:   5F:58:36:AF:33:84:F0:3A:80:12:60:8C:77:6C:F5:F9:E7:03:AE:A0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E6CA5863FE059FA96F84136D211411FABA83D23
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa
Signing time:             Mon 10 Mar 2025 15:10:16 +0000
ROA not before:           Mon 10 Mar 2025 15:10:16 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.28.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:6c:a5:86:3f:e0:59:fa:96:f8:41:36:d2:11:41:1f:ab:a8:3d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:10:16 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9b:c4:7c:ad:a5:be:6f:7c:09:17:3e:bf:d3:
                    ff:e1:4c:21:00:cb:0a:2f:fc:ca:6c:ff:fc:e0:d4:
                    1b:bf:5e:9e:82:f2:f4:eb:f0:05:6e:78:ea:ce:73:
                    02:91:8e:0e:bc:b4:34:0f:50:80:0f:e5:d3:ef:1f:
                    bc:3c:39:cf:93:9a:3d:d2:1e:c5:1c:67:3e:44:7f:
                    ad:83:ba:3c:3c:fe:06:1a:e0:21:8c:29:18:68:f3:
                    f7:8b:48:3c:06:f6:73:49:85:97:ca:f0:3d:bc:6c:
                    cf:7b:26:8a:85:d4:1c:ac:54:77:f0:08:48:3d:17:
                    c1:c8:01:05:89:87:8d:ac:21:25:0c:0c:23:26:4b:
                    32:35:12:29:6b:ea:24:a6:0f:dd:1c:5d:8d:47:28:
                    eb:f9:8f:28:37:51:09:7a:16:96:0b:24:d7:f8:1f:
                    7a:0d:b5:63:3f:50:1f:da:9a:f1:c2:33:8d:13:61:
                    28:0c:71:f0:3b:50:0a:ed:fa:72:c3:19:c5:61:c1:
                    39:5f:f0:5e:a9:c3:91:1b:77:9c:a5:9f:02:f4:b1:
                    7c:e6:82:1a:2c:7b:58:0b:56:dd:a7:bb:25:25:79:
                    4a:22:fc:e3:f1:53:a8:d9:2d:39:d8:39:26:91:93:
                    03:f0:35:86:da:b0:73:88:b9:a2:9d:00:b4:71:8a:
                    b5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:58:36:AF:33:84:F0:3A:80:12:60:8C:77:6C:F5:F9:E7:03:AE:A0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.28.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b2:f9:8c:9f:72:ad:4c:1b:33:59:ef:f7:9d:15:55:f5:de:47:
         a3:d2:8a:3d:e8:ca:0f:92:6f:44:e9:b0:29:3b:d1:47:e9:5c:
         b6:50:7c:b3:36:93:17:59:22:c0:03:6c:e9:64:5c:e5:dd:87:
         3a:ba:ca:01:e1:e3:57:39:6b:02:cf:79:56:8d:29:57:3c:4e:
         b1:9a:59:cd:49:9f:03:6a:19:c6:35:b9:20:25:0c:00:79:d1:
         1f:a3:1c:eb:d5:6c:b7:39:7a:4d:6e:fc:b2:7c:d8:6e:9a:ac:
         f1:35:14:8e:2b:d5:66:f0:9b:92:40:18:ae:f2:bc:51:8e:8e:
         be:2f:a2:5b:27:07:02:8e:1d:78:71:e4:a3:06:c9:60:62:ed:
         38:b9:be:58:17:03:fc:f6:bc:be:07:6d:75:87:70:55:c4:62:
         01:82:c1:07:18:d1:26:e6:5b:41:e6:8b:e0:ea:cd:da:05:d9:
         ba:77:18:7d:d3:91:0e:a7:60:aa:5e:91:37:5d:1f:16:87:af:
         c5:65:b1:f7:1a:b7:28:42:b8:e3:6f:84:bd:39:17:b9:0f:8c:
         2e:f2:2c:73:07:0b:c3:0b:3b:20:8c:66:9e:77:3c:f5:4e:e4:
         5c:8a:4e:1e:15:60:fb:10:0c:46:d4:91:34:ac:f1:86:72:3d:
         73:05:e5:df
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbmylhj/gWfqW+EE20hFBH6uoPSMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUxMDE2WhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTI0ZTk5NjBmMDU4NWFkYzI5YzczNDM4OTJhMDkwZjdj
MDE0YTYzNGIzMmE2MTljNTQyZWQyYmYxNTEzZjNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9m8R8raW+b3wJFz6/0//hTCEAywov/Mps//zg1Bu/Xp6C
8vTr8AVueOrOcwKRjg68tDQPUIAP5dPvH7w8Oc+Tmj3SHsUcZz5Ef62Dujw8/gYa
4CGMKRho8/eLSDwG9nNJhZfK8D28bM97JoqF1BysVHfwCEg9F8HIAQWJh42sISUM
DCMmSzI1Eilr6iSmD90cXY1HKOv5jyg3UQl6FpYLJNf4H3oNtWM/UB/amvHCM40T
YSgMcfA7UArt+nLDGcVhwTlf8F6pw5Ebd5ylnwL0sXzmghose1gLVt2nuyUleUoi
/OPxU6jZLTnYOSaRkwPwNYbasHOIuaKdALRxirWFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUX1g2rzOE8DqAEmCMd2z1+ecDrqAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZkOGExYjM2LTM4NTUtNGIwYS04ZDA3LWVjMGMyYmFmNGZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjHDANBgkqhkiG9w0BAQsFAAOCAQEAsvmMn3KtTBszWe/3nRVV9d5Ho9KK
PejKD5JvROmwKTvRR+lctlB8szaTF1kiwANs6WRc5d2HOrrKAeHjVzlrAs95Vo0p
VzxOsZpZzUmfA2oZxjW5ICUMAHnRH6Mc69Vstzl6TW78snzYbpqs8TUUjivVZvCb
kkAYrvK8UY6Ovi+iWycHAo4deHHkowbJYGLtOLm+WBcD/Pa8vgdtdYdwVcRiAYLB
BxjRJuZbQeaL4OrN2gXZuncYfdORDqdgql6RN10fFoevxWWx9xq3KEK442+EvTkX
uQ+MLvIscwcLwws7IIxmnnc89U7kXIpOHhVg+xAMRtSRNKzxhnI9cwXl3w==
-----END CERTIFICATE-----