Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/703d892d-ff7a-4463-88f7-014e2ca759c0.roa
File:                     703d892d-ff7a-4463-88f7-014e2ca759c0.roa (raw, json)
Hash identifier:          EiPXH/p54e89IjEL8KsDbBT+VUOOu5b0Ln+oNKjFYWw=
Subject key identifier:   67:1E:C7:26:07:B5:4F:4A:1C:1F:22:09:71:BE:09:ED:7A:A5:03:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       430775E3542DBA7CCDDE506EAE88A6B6895D8F4F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/703d892d-ff7a-4463-88f7-014e2ca759c0.roa
Signing time:             Fri 14 Mar 2025 00:41:23 +0000
ROA not before:           Fri 14 Mar 2025 00:41:23 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.91.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:07:75:e3:54:2d:ba:7c:cd:de:50:6e:ae:88:a6:b6:89:5d:8f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:41:23 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8b:a4:a3:d5:7f:15:55:67:db:02:50:45:4a:
                    97:a3:7a:78:af:91:b8:e3:3f:83:a4:45:5c:55:82:
                    53:55:bd:26:9c:46:ff:d6:48:5e:68:a7:39:98:22:
                    4d:a4:b3:56:8a:f4:3f:99:95:4a:9f:dd:eb:a0:9f:
                    e5:ef:91:31:58:fd:84:8a:1f:c2:60:6b:8e:bb:06:
                    41:33:a0:b3:9b:4a:30:bb:74:b5:0a:36:d3:9d:9b:
                    7a:03:fa:74:f7:ea:2f:43:fb:0c:11:91:35:f6:31:
                    ba:19:35:22:cd:4b:ed:93:c6:4d:c8:6c:be:78:2f:
                    04:ff:9d:2a:8b:d4:0a:8c:ed:73:65:36:59:7f:59:
                    ec:af:fe:f5:e0:68:16:02:2c:85:24:ce:c3:a2:08:
                    dc:d6:53:d2:1b:da:01:b3:67:16:20:b9:bd:b6:92:
                    e2:2a:50:fc:0b:ae:86:6b:f6:b3:a3:0f:78:f9:2d:
                    d1:ed:83:e9:b6:be:67:04:34:bd:ce:35:bf:72:04:
                    b6:f5:c1:00:bb:fd:77:a7:5c:54:9f:a6:00:a3:33:
                    4f:da:10:99:b1:0c:ef:73:cd:fd:39:a5:0d:56:90:
                    a4:00:fc:05:b7:55:10:9d:00:70:d3:78:35:22:c9:
                    0e:ac:60:c5:b5:fb:eb:31:46:70:4d:a3:b5:02:05:
                    97:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:1E:C7:26:07:B5:4F:4A:1C:1F:22:09:71:BE:09:ED:7A:A5:03:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/703d892d-ff7a-4463-88f7-014e2ca759c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.91.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ce:2d:41:19:0e:13:e6:2c:d4:c3:75:84:7c:25:c9:fa:84:56:
         32:0a:28:80:e8:37:e6:8b:ae:63:60:7e:07:fe:63:92:f9:7a:
         c0:7e:a7:e6:c3:25:24:f6:c2:ab:08:85:a6:c1:bb:24:8b:bb:
         7c:e2:40:50:65:13:1f:01:1e:63:81:e1:eb:cf:f2:bf:15:2e:
         d3:47:69:69:a1:a9:33:28:ae:de:f2:48:98:a4:e8:22:2c:92:
         96:6f:87:27:8c:90:69:cb:72:55:65:f6:1c:cd:b3:60:27:bf:
         75:68:1f:86:eb:d8:46:ca:f8:62:ad:66:06:d8:0e:ce:ca:46:
         ce:63:77:da:29:ba:94:29:43:c6:e3:8c:37:23:a6:15:ea:67:
         02:97:43:48:a6:32:12:37:45:6e:71:ab:08:0d:6c:22:ab:65:
         88:8d:75:41:30:10:0b:b7:9c:06:b1:ca:24:90:f3:7e:98:e5:
         e9:9e:98:ce:ce:a4:e6:10:17:a2:41:4d:67:ba:46:0b:ed:03:
         3b:0d:c8:9b:22:58:6a:a2:91:bc:fb:82:7b:71:39:2a:3b:99:
         b7:56:4a:fb:2b:65:d2:04:05:0a:b0:18:7d:e6:98:1a:30:b8:
         58:db:b0:9f:5a:c4:a2:fe:2b:27:cb:97:33:d9:29:a0:f7:a3:
         8b:8d:7c:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQwd141QtunzN3lBuroimtoldj08wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDA0MTIzWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGMxZDkxYzg1NzUxOTcxMzcwZmNkMGQ4Mjc0NmUxZTMz
YTM3ZmU4YzM4NzJkMzUwZDRiY2YxMTA4MDRlZjY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUi6Sj1X8VVWfbAlBFSpejenivkbjjP4OkRVxVglNVvSac
Rv/WSF5opzmYIk2ks1aK9D+ZlUqf3eugn+XvkTFY/YSKH8Jga467BkEzoLObSjC7
dLUKNtOdm3oD+nT36i9D+wwRkTX2MboZNSLNS+2Txk3IbL54LwT/nSqL1AqM7XNl
Nll/Weyv/vXgaBYCLIUkzsOiCNzWU9Ib2gGzZxYgub22kuIqUPwLroZr9rOjD3j5
LdHtg+m2vmcENL3ONb9yBLb1wQC7/XenXFSfpgCjM0/aEJmxDO9zzf05pQ1WkKQA
/AW3VRCdAHDTeDUiyQ6sYMW1++sxRnBNo7UCBZcxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZx7HJge1T0ocHyIJcb4J7XqlA4UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwM2Q4OTJkLWZmN2EtNDQ2My04OGY3LTAxNGUyY2E3NTljMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZAW4AwDQYJKoZIhvcNAQELBQADggEBAM4tQRkOE+Ys1MN1hHwlyfqEVjIK
KIDoN+aLrmNgfgf+Y5L5esB+p+bDJST2wqsIhabBuySLu3ziQFBlEx8BHmOB4evP
8r8VLtNHaWmhqTMort7ySJik6CIskpZvhyeMkGnLclVl9hzNs2Anv3VoH4br2EbK
+GKtZgbYDs7KRs5jd9opupQpQ8bjjDcjphXqZwKXQ0imMhI3RW5xqwgNbCKrZYiN
dUEwEAu3nAaxyiSQ836Y5ememM7OpOYQF6JBTWe6RgvtAzsNyJsiWGqikbz7gntx
OSo7mbdWSvsrZdIEBQqwGH3mmBowuFjbsJ9axKL+KyfLlzPZKaD3o4uNfFI=
-----END CERTIFICATE-----