Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa
File:                     8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa (raw, json)
Hash identifier:          jnLyCxOtRvJJQx5s2jZq8M9CAOgMgFom/x5n/kGoJbQ=
Subject key identifier:   75:C9:FD:65:78:65:96:3D:AD:8E:8F:31:21:7F:C2:D8:F8:93:9C:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D31C1C27983698BDA84987760A34F013C3F7EC1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa
Signing time:             Tue 04 Mar 2025 16:30:14 +0000
ROA not before:           Tue 04 Mar 2025 16:30:14 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.22.64.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:31:c1:c2:79:83:69:8b:da:84:98:77:60:a3:4f:01:3c:3f:7e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 16:30:14 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d7:bb:21:aa:41:dc:64:d6:8c:32:c1:dd:a6:
                    59:dd:f0:2f:16:95:d1:ca:51:bd:f5:ff:8e:f6:c6:
                    59:f6:96:80:f1:28:62:f6:dd:3e:01:41:a3:b5:4b:
                    57:27:43:8c:d8:02:63:9e:99:ec:26:55:27:df:6f:
                    cf:4b:12:f2:17:34:38:c2:98:27:c2:7a:b7:f4:7a:
                    71:7b:9c:d5:97:6f:87:b2:a2:48:f0:35:11:37:31:
                    58:b8:d8:b4:63:64:98:1b:18:00:39:f1:96:ef:2e:
                    ac:7a:92:ec:4b:d6:f1:93:9e:f6:f9:4c:da:f9:ba:
                    1c:ea:df:57:61:fd:ab:09:f0:eb:e9:d5:d0:a6:c6:
                    e0:5a:e6:85:db:8b:3a:63:34:12:67:65:d7:df:a6:
                    e5:b5:0a:1b:dd:4e:96:83:96:cf:e1:c6:1a:23:64:
                    d4:e5:79:c4:99:12:79:7e:1d:7f:7e:9f:be:7c:1e:
                    6d:0d:c7:c4:33:c7:6d:f2:6d:21:5a:e8:fb:ac:2d:
                    c2:e1:b5:2b:3b:27:9d:15:ef:b5:a6:cf:7b:90:d7:
                    c1:df:78:34:fc:82:93:89:51:f6:bd:e9:07:ea:6f:
                    8e:bc:2a:0c:a5:b9:63:86:29:01:c7:a6:84:78:36:
                    d5:b6:71:05:60:53:cc:23:a5:a0:f0:cd:1d:a5:6c:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C9:FD:65:78:65:96:3D:AD:8E:8F:31:21:7F:C2:D8:F8:93:9C:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         81:e1:d7:4e:b2:b0:ad:8d:82:a8:df:d5:2f:71:47:80:34:e2:
         5c:f8:6c:15:fc:3a:9c:63:9f:d6:29:68:b9:2f:5d:cc:0b:b7:
         73:8f:90:93:59:76:ad:69:40:cb:38:db:e8:e4:b8:47:bc:81:
         5c:fc:06:56:fc:86:31:fa:90:6a:bc:7e:d7:31:b7:be:60:75:
         60:22:69:43:af:2f:65:87:41:b2:dd:23:00:17:7b:d9:13:71:
         29:55:3c:e6:28:a6:d5:b0:c0:b7:73:ef:ff:d4:a8:39:f2:cd:
         6f:73:fc:b1:06:b5:dd:3a:c1:03:16:16:1b:e9:4c:18:18:70:
         e5:96:0c:cd:87:73:ec:1e:59:fe:fe:08:da:64:d1:5b:da:52:
         b3:66:8d:1f:19:1c:3f:d7:d1:9e:e7:d0:29:13:2e:a1:f9:b5:
         53:11:ea:0d:c3:ab:af:b4:44:c9:32:63:23:87:ee:58:ad:68:
         34:9e:ab:4e:9b:92:9c:db:02:8e:0d:5c:e9:96:05:bd:53:c7:
         a6:ce:e4:98:8e:56:87:36:88:c0:a4:1e:f3:1a:06:3c:42:81:
         e4:13:a6:15:7f:d6:45:70:a9:e5:2b:1f:e5:94:ec:f6:17:3f:
         46:20:90:5a:95:bf:65:16:69:c9:5b:81:23:80:75:dc:43:f9:
         c5:dd:41:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTTHBwnmDaYvahJh3YKNPATw/fsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTYzMDE0WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjU0YmE4MDNkMzQ1OTVkNWJjMGU4ZTk2OTlmMWRjNzY4
N2FmNmM0N2E2YzA0MWZhYjdkN2FhMDUyYmRiNDJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCX17shqkHcZNaMMsHdplnd8C8WldHKUb31/472xln2loDx
KGL23T4BQaO1S1cnQ4zYAmOemewmVSffb89LEvIXNDjCmCfCerf0enF7nNWXb4ey
okjwNRE3MVi42LRjZJgbGAA58ZbvLqx6kuxL1vGTnvb5TNr5uhzq31dh/asJ8Ovp
1dCmxuBa5oXbizpjNBJnZdffpuW1ChvdTpaDls/hxhojZNTlecSZEnl+HX9+n758
Hm0Nx8Qzx23ybSFa6PusLcLhtSs7J50V77Wmz3uQ18HfeDT8gpOJUfa96Qfqb468
KgyluWOGKQHHpoR4NtW2cQVgU8wjpaDwzR2lbNZxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdcn9ZXhllj2tjo8xIX/C2PiTnFcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkMjc2NTlhLTk5YjgtNGYxMi04ZTEwLTgxYzdiYzJjZjdiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMXFkAwDQYJKoZIhvcNAQELBQADggEBAIHh106ysK2Ngqjf1S9xR4A04lz4
bBX8Opxjn9YpaLkvXcwLt3OPkJNZdq1pQMs42+jkuEe8gVz8Blb8hjH6kGq8ftcx
t75gdWAiaUOvL2WHQbLdIwAXe9kTcSlVPOYoptWwwLdz7//UqDnyzW9z/LEGtd06
wQMWFhvpTBgYcOWWDM2Hc+weWf7+CNpk0VvaUrNmjR8ZHD/X0Z7n0CkTLqH5tVMR
6g3Dq6+0RMkyYyOH7litaDSeq06bkpzbAo4NXOmWBb1Tx6bO5JiOVoc2iMCkHvMa
BjxCgeQTphV/1kVwqeUrH+WU7PYXP0YgkFqVv2UWaclbgSOAddxD+cXdQZM=
-----END CERTIFICATE-----