Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/927e4be9-2462-477d-ae39-3b134f607354.roa
File:                     927e4be9-2462-477d-ae39-3b134f607354.roa (raw, json)
Hash identifier:          fdWLIHCOe6DsWk6msvI6pBHb+EaJceAPpinV9/AfqUo=
Subject key identifier:   55:78:C8:06:98:6B:E2:42:61:37:54:99:1F:24:8B:F1:8B:4C:BF:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       61EAF4CDED7AAD4AA098AFF6DF3D0EA33E94728F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/927e4be9-2462-477d-ae39-3b134f607354.roa
Signing time:             Sat 22 Mar 2025 00:00:17 +0000
ROA not before:           Sat 22 Mar 2025 00:00:17 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.130.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:ea:f4:cd:ed:7a:ad:4a:a0:98:af:f6:df:3d:0e:a3:3e:94:72:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 22 00:00:17 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bd:dd:30:be:6b:e3:fd:c7:92:13:5e:fc:09:
                    fd:d1:1a:6b:f8:6c:3e:40:a8:ff:55:14:56:83:12:
                    03:a3:44:c0:ae:d6:2a:40:e2:58:bf:fc:b3:69:8c:
                    66:7b:fa:ed:e4:fb:30:d5:58:68:72:d8:36:f8:49:
                    a0:a4:d1:c7:30:17:49:49:78:71:01:3b:6d:e6:80:
                    23:f0:96:16:56:1c:a9:37:9c:dd:ac:d6:7b:de:3f:
                    5f:d6:8d:0d:e6:32:ee:c3:aa:51:71:60:71:07:21:
                    7a:df:fd:09:3b:35:3b:22:47:67:b0:30:12:99:a8:
                    b7:80:2c:10:49:74:ed:30:6d:8c:8d:22:ba:b5:90:
                    bc:d7:b6:af:a0:12:0b:b1:dd:dd:49:55:63:ed:fa:
                    ad:8e:5a:94:9a:9c:92:48:44:ef:d5:8f:86:65:17:
                    99:6e:20:07:b9:a1:ec:a4:f6:13:28:ad:93:5d:b8:
                    27:ee:4b:dc:cd:73:ed:1d:fd:58:e9:21:65:95:e7:
                    21:40:7c:fe:5d:4f:ff:db:2b:b3:56:c0:e5:57:13:
                    76:61:3c:d8:67:92:dc:9c:17:e6:2a:3e:5a:74:c5:
                    a4:eb:70:41:e0:73:30:2f:67:eb:84:30:1b:c2:3d:
                    8f:d0:48:78:1b:64:61:34:e9:2c:3f:67:31:c6:e2:
                    71:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:78:C8:06:98:6B:E2:42:61:37:54:99:1F:24:8B:F1:8B:4C:BF:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/927e4be9-2462-477d-ae39-3b134f607354.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:47:5d:47:f6:cc:c3:ba:f1:d1:28:aa:9b:74:2d:fd:6b:4c:
         06:e2:da:36:fd:5d:37:c9:1d:fa:6d:13:8c:29:53:cb:49:04:
         e0:8f:20:28:75:86:3e:ee:a7:89:77:a8:88:99:79:17:2a:36:
         fb:d5:77:ad:ea:86:fa:ad:e8:49:ba:a2:76:0e:af:0c:8a:78:
         97:64:23:4f:7d:4b:f1:47:9e:fb:7a:5b:71:8e:a6:07:d5:94:
         a6:66:f3:a0:39:66:98:73:c6:f0:5c:22:36:f6:54:fc:72:2a:
         d6:a0:2e:d9:ab:66:30:bf:f1:6f:62:97:e6:6d:e5:1c:cc:6a:
         65:15:09:7b:58:73:85:8f:39:41:30:b4:81:25:4b:81:b9:11:
         fc:14:af:9f:8f:5d:5f:05:bd:54:70:fd:54:1e:bb:d5:f8:ce:
         ce:6a:c7:86:ab:f7:85:fd:ab:0e:4c:9c:0a:9a:89:75:1d:89:
         c2:cc:b1:e3:3e:bc:34:3c:a1:42:65:9a:95:f9:15:4d:f0:83:
         77:52:b6:6c:62:f8:58:c3:1b:e4:c0:ac:f8:64:6c:fa:6a:46:
         89:fd:d5:a2:74:45:f6:42:1a:48:d5:53:4a:42:07:95:38:c3:
         3f:89:99:16:65:aa:78:74:48:e1:74:02:3d:36:88:4d:70:0a:
         13:5b:cf:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYer0ze16rUqgmK/23z0Ooz6Uco8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIyMDAwMDE3WhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzM5OGMxOTI4MTBkZjY2NmMxZDg1ZTA2ZWI1ZWUwZTE4
NjdmODJiMjI0NDYwODlhMmQ1ZjRkMjFkODAzZDkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqvd0wvmvj/ceSE178Cf3RGmv4bD5AqP9VFFaDEgOjRMCu
1ipA4li//LNpjGZ7+u3k+zDVWGhy2Db4SaCk0ccwF0lJeHEBO23mgCPwlhZWHKk3
nN2s1nveP1/WjQ3mMu7DqlFxYHEHIXrf/Qk7NTsiR2ewMBKZqLeALBBJdO0wbYyN
Irq1kLzXtq+gEgux3d1JVWPt+q2OWpSanJJIRO/Vj4ZlF5luIAe5oeyk9hMorZNd
uCfuS9zNc+0d/VjpIWWV5yFAfP5dT//bK7NWwOVXE3ZhPNhnktycF+YqPlp0xaTr
cEHgczAvZ+uEMBvCPY/QSHgbZGE06Sw/ZzHG4nEFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVXjIBphr4kJhN1SZHySL8YtMvxAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyN2U0YmU5LTI0NjItNDc3ZC1hZTM5LTNiMTM0ZjYwNzM1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOIIwDQYJKoZIhvcNAQELBQADggEBAERHXUf2zMO68dEoqpt0Lf1rTAbi
2jb9XTfJHfptE4wpU8tJBOCPICh1hj7up4l3qIiZeRcqNvvVd63qhvqt6Em6onYO
rwyKeJdkI099S/FHnvt6W3GOpgfVlKZm86A5ZphzxvBcIjb2VPxyKtagLtmrZjC/
8W9il+Zt5RzMamUVCXtYc4WPOUEwtIElS4G5EfwUr5+PXV8FvVRw/VQeu9X4zs5q
x4ar94X9qw5MnAqaiXUdicLMseM+vDQ8oUJlmpX5FU3wg3dStmxi+FjDG+TArPhk
bPpqRon91aJ0RfZCGkjVU0pCB5U4wz+JmRZlqnh0SOF0Aj02iE1wChNbz1U=
-----END CERTIFICATE-----