Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa
File:                     9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa (raw, json)
Hash identifier:          jSpWFOHKEypt67SBAjYugRW45SFNRa5b//Bvvk19DMI=
Subject key identifier:   87:29:73:91:0E:C9:ED:C8:98:D3:95:D9:FB:16:14:6C:B3:0A:70:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       366507845B1141558C1CD90C98C96A9E115BC81E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa
Signing time:             Sat 22 Mar 2025 00:11:06 +0000
ROA not before:           Sat 22 Mar 2025 00:11:06 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        78.12.61.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:65:07:84:5b:11:41:55:8c:1c:d9:0c:98:c9:6a:9e:11:5b:c8:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 22 00:11:06 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:10:6b:35:5d:59:11:9c:b5:9e:ba:2b:82:f4:
                    73:f3:e8:72:c5:e0:c6:93:d4:e3:67:74:60:e8:b8:
                    cf:cd:c9:b3:b1:58:82:c1:59:57:4e:80:c8:b6:79:
                    ce:78:3e:ba:80:8c:a8:18:10:e6:37:52:fe:e7:ad:
                    b4:87:2f:9b:28:de:b2:71:b7:34:db:e5:7f:ba:af:
                    48:1b:dd:07:02:af:37:82:84:d9:c8:30:fd:99:c8:
                    69:1e:6c:06:aa:20:1a:c3:2d:fa:9f:1f:de:35:82:
                    75:c2:4d:29:12:8c:fd:46:83:15:6b:94:53:15:ce:
                    b8:50:5d:58:7a:5f:fa:4c:40:03:96:ba:6e:22:4b:
                    43:92:76:8a:cf:e2:53:ad:5d:fc:a0:9b:ae:d1:8f:
                    f0:93:27:88:bf:01:2b:ef:df:22:da:61:0c:ef:ba:
                    9e:4d:30:5e:a6:f8:29:d3:00:fb:1e:75:37:9c:22:
                    1f:06:d5:b4:ac:66:62:67:33:1b:7e:80:cc:a8:a0:
                    1d:d5:c0:1b:bf:8d:d2:03:58:33:e2:a0:7d:f8:0a:
                    5f:34:30:c1:11:e9:f0:e7:e4:90:fe:39:f5:2e:32:
                    63:ea:b0:b2:23:66:e2:b2:23:41:30:89:d2:a5:fd:
                    9e:b0:3e:25:d7:48:9e:1e:50:0f:3b:9e:67:19:70:
                    b0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:29:73:91:0E:C9:ED:C8:98:D3:95:D9:FB:16:14:6C:B3:0A:70:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.12.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:94:1e:be:17:75:3a:b1:0c:06:c6:bd:9a:30:16:2c:f8:88:
         08:6f:fd:30:3f:ad:01:78:25:df:b7:9a:27:6a:6d:ae:74:c2:
         35:f0:f0:e6:6e:6b:0a:55:f3:cf:fa:6b:df:89:cb:7e:30:57:
         5d:7e:ee:ca:cc:28:56:cc:3f:5d:0c:46:a9:ad:29:36:62:e5:
         68:af:2e:2d:2c:54:56:13:33:ab:73:2a:40:48:29:cf:9e:b0:
         c2:8d:cd:36:8e:ff:6f:44:93:9e:f7:35:89:53:a8:b4:42:d5:
         9b:66:81:99:da:f6:87:fc:98:0e:a0:4a:f7:31:76:1f:15:bb:
         88:ac:38:36:bf:32:27:b7:b6:d8:33:3e:45:02:b0:52:9f:b6:
         0c:19:4e:c4:c6:80:8e:cd:5f:fd:5a:b4:32:ed:f3:d0:42:9a:
         d1:ed:ed:89:a2:23:21:0d:a1:10:13:29:38:0c:38:eb:71:e6:
         dd:a7:6c:a4:f9:fa:dd:b6:db:68:3f:61:27:1c:9c:fd:33:54:
         97:e5:8d:ae:7f:43:cb:f1:f6:35:50:0e:6c:69:e1:8f:cd:09:
         61:50:1e:55:52:19:f6:2c:e9:68:5e:7e:67:50:c8:6c:ed:6f:
         6c:63:f7:12:f1:dd:58:02:93:e3:a3:a9:94:58:cd:39:e3:bf:
         3d:ff:c3:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNmUHhFsRQVWMHNkMmMlqnhFbyB4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIyMDAxMTA2WhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjNmOWM1OWQzOTMzODA1NjRlNTFhY2UxY2FhYzE3MTBi
OWNjYTM1YzBjN2UwMWY0YjFjOWY3Y2RkNjA1Yzg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiEGs1XVkRnLWeuiuC9HPz6HLF4MaT1ONndGDouM/NybOx
WILBWVdOgMi2ec54PrqAjKgYEOY3Uv7nrbSHL5so3rJxtzTb5X+6r0gb3QcCrzeC
hNnIMP2ZyGkebAaqIBrDLfqfH941gnXCTSkSjP1GgxVrlFMVzrhQXVh6X/pMQAOW
um4iS0OSdorP4lOtXfygm67Rj/CTJ4i/ASvv3yLaYQzvup5NMF6m+CnTAPsedTec
Ih8G1bSsZmJnMxt+gMyooB3VwBu/jdIDWDPioH34Cl80MMER6fDn5JD+OfUuMmPq
sLIjZuKyI0EwidKl/Z6wPiXXSJ4eUA87nmcZcLDFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhylzkQ7J7ciY05XZ+xYUbLMKcJMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhY2ExYWY1LTcwYWQtNDZmOC05NDM1LTdhMzVhOTdjZWYxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABODD0wDQYJKoZIhvcNAQELBQADggEBANGUHr4XdTqxDAbGvZowFiz4iAhv
/TA/rQF4Jd+3midqba50wjXw8OZuawpV88/6a9+Jy34wV11+7srMKFbMP10MRqmt
KTZi5WivLi0sVFYTM6tzKkBIKc+esMKNzTaO/29Ek573NYlTqLRC1ZtmgZna9of8
mA6gSvcxdh8Vu4isODa/Mie3ttgzPkUCsFKftgwZTsTGgI7NX/1atDLt89BCmtHt
7YmiIyENoRATKTgMOOtx5t2nbKT5+t2222g/YSccnP0zVJflja5/Q8vx9jVQDmxp
4Y/NCWFQHlVSGfYs6WhefmdQyGztb2xj9xLx3VgCk+OjqZRYzTnjvz3/w+o=
-----END CERTIFICATE-----