Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/987d9d1d-c0ee-40e6-9e9c-2a073bf41dca.roa
File:                     987d9d1d-c0ee-40e6-9e9c-2a073bf41dca.roa (raw, json)
Hash identifier:          ZzZFfaBr/fX1LWxQrGj9W+qz33Bah7ilFz2gH18ikv4=
Subject key identifier:   CC:B5:7F:A8:66:3D:E9:72:25:96:C9:13:7E:DB:26:77:D5:C9:C2:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15535D0DEAB4A7946AE6E00A68C1AD0CA47E09ED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/987d9d1d-c0ee-40e6-9e9c-2a073bf41dca.roa
Signing time:             Sat 29 Mar 2025 00:22:07 +0000
ROA not before:           Sat 29 Mar 2025 00:22:07 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.23.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:53:5d:0d:ea:b4:a7:94:6a:e6:e0:0a:68:c1:ad:0c:a4:7e:09:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:22:07 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7b:3f:70:39:9e:f8:3b:e3:de:96:b8:2b:32:
                    d7:03:e2:46:a8:b7:e3:d3:f2:f3:53:e0:f1:56:97:
                    ca:42:25:2a:54:74:c8:64:57:04:e6:99:a4:a3:66:
                    43:d3:e6:d8:4c:bc:ad:82:1b:a8:c2:2b:10:9f:d6:
                    e3:85:7b:87:87:be:4d:06:f5:5d:4f:48:ee:4d:0f:
                    56:3a:2f:61:99:85:be:fa:1e:f9:06:c7:67:44:91:
                    7f:c9:15:3e:d3:13:d5:c3:be:db:d2:20:e3:92:a9:
                    59:cf:35:f8:e1:11:51:e2:07:27:ea:9f:bf:e7:e2:
                    ec:b7:6b:58:4a:7a:c0:44:c4:0e:21:65:22:b6:7f:
                    00:fb:b9:98:bc:34:11:cf:69:2d:20:b2:65:50:6d:
                    60:50:19:54:ca:33:df:77:5c:5d:01:7d:c0:2f:31:
                    3d:d2:f8:99:2b:65:e6:0e:43:39:3a:16:35:2b:ad:
                    8b:d3:97:1d:57:56:93:6b:58:42:59:20:d3:e1:4b:
                    3a:a5:59:95:02:3f:4e:8b:3b:a3:1e:34:cf:4c:0e:
                    1e:ea:62:52:0e:53:0f:77:67:56:1c:fe:3d:56:97:
                    3f:4b:08:67:7c:1b:26:99:e0:af:e0:cb:4c:e2:9b:
                    ac:98:a1:51:ac:eb:ce:f3:c4:86:f0:b4:50:8f:77:
                    4b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B5:7F:A8:66:3D:E9:72:25:96:C9:13:7E:DB:26:77:D5:C9:C2:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/987d9d1d-c0ee-40e6-9e9c-2a073bf41dca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.23.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         8c:f9:f6:3b:6e:db:c9:4d:4d:6e:c3:33:ab:5b:fb:17:d0:84:
         ab:71:23:87:35:42:ef:1d:37:43:3d:fe:a0:e2:b0:66:67:14:
         73:f2:a0:e8:b3:ac:f1:cc:c5:4e:ab:f3:c4:71:5f:24:4a:54:
         42:d2:d5:ce:87:c6:d1:b0:2c:34:8f:f3:f0:67:fe:6c:db:b4:
         b3:67:36:74:bb:3f:7f:50:c3:bd:88:5b:00:c9:0a:a6:28:97:
         23:3d:46:60:e3:41:11:d5:27:48:f1:84:f3:9f:de:d2:3e:f2:
         3f:2b:40:2b:7f:83:9a:ae:8c:77:86:87:bd:12:c4:89:20:82:
         e4:64:f8:1b:ec:f5:fb:ac:fe:36:f8:8b:c0:e7:b5:c6:23:da:
         42:d2:4a:f4:37:b7:c2:1f:d0:63:74:4a:ab:cd:b5:cd:8a:b6:
         df:22:db:08:af:8b:83:96:22:02:e6:f0:14:3d:03:83:68:43:
         a0:be:52:00:c3:a6:27:25:ed:95:9d:5f:d4:63:06:a1:21:e0:
         fb:0b:75:0c:2c:be:96:34:1b:0c:06:26:c7:e5:e3:bf:06:c9:
         a8:73:b7:0c:95:78:3d:e3:4c:5d:11:ac:e2:0e:a6:d8:bb:e3:
         ac:69:ef:d7:a9:62:61:86:79:99:71:84:ca:49:77:2f:86:fb:
         d5:af:5f:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFVNdDeq0p5Rq5uAKaMGtDKR+Ce0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDAyMjA3WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMmIwZDJjNGNjYTkyNzk4NWYzNjkxMzVlMzk5M2ZhN2Vh
ODcxMzBhZDFmYjFiMDkwZWZlMmI4YmFmOGI5MDYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5ez9wOZ74O+PelrgrMtcD4kaot+PT8vNT4PFWl8pCJSpU
dMhkVwTmmaSjZkPT5thMvK2CG6jCKxCf1uOFe4eHvk0G9V1PSO5ND1Y6L2GZhb76
HvkGx2dEkX/JFT7TE9XDvtvSIOOSqVnPNfjhEVHiByfqn7/n4uy3a1hKesBExA4h
ZSK2fwD7uZi8NBHPaS0gsmVQbWBQGVTKM993XF0BfcAvMT3S+JkrZeYOQzk6FjUr
rYvTlx1XVpNrWEJZINPhSzqlWZUCP06LO6MeNM9MDh7qYlIOUw93Z1Yc/j1Wlz9L
CGd8GyaZ4K/gy0zim6yYoVGs687zxIbwtFCPd0tbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzLV/qGY96XIllskTftsmd9XJwnMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4N2Q5ZDFkLWMwZWUtNDBlNi05ZTljLTJhMDczYmY0MWRjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdrFwAwDQYJKoZIhvcNAQELBQADggEBAIz59jtu28lNTW7DM6tb+xfQhKtx
I4c1Qu8dN0M9/qDisGZnFHPyoOizrPHMxU6r88RxXyRKVELS1c6HxtGwLDSP8/Bn
/mzbtLNnNnS7P39Qw72IWwDJCqYolyM9RmDjQRHVJ0jxhPOf3tI+8j8rQCt/g5qu
jHeGh70SxIkgguRk+Bvs9fus/jb4i8DntcYj2kLSSvQ3t8If0GN0SqvNtc2Ktt8i
2wivi4OWIgLm8BQ9A4NoQ6C+UgDDpicl7ZWdX9RjBqEh4PsLdQwsvpY0GwwGJsfl
478GyahztwyVeD3jTF0RrOIOpti746xp79epYmGGeZlxhMpJdy+G+9WvX8Y=
-----END CERTIFICATE-----