Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d4ea817-9a30-46eb-adae-ea1411984c84.roa
File:                     9d4ea817-9a30-46eb-adae-ea1411984c84.roa (raw, json)
Hash identifier:          TRFZkN4K399wcsA9xRRSec1T6CqJLY7mDA3ENDNaUkM=
Subject key identifier:   1C:4C:AD:68:8D:A2:6C:29:FC:9B:29:0F:EA:94:C1:9B:11:AA:22:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1BFFD6642567ADE7D89F076D00AE351246DFD5CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d4ea817-9a30-46eb-adae-ea1411984c84.roa
Signing time:             Mon 17 Mar 2025 15:10:15 +0000
ROA not before:           Mon 17 Mar 2025 15:10:15 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.45.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:ff:d6:64:25:67:ad:e7:d8:9f:07:6d:00:ae:35:12:46:df:d5:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 17 15:10:15 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:66:62:8d:04:35:8a:0d:4c:05:6c:e6:9b:11:
                    35:d4:c3:a9:60:54:21:87:92:14:6f:b8:21:44:6d:
                    62:cd:a6:f7:9f:13:f5:a9:07:5a:50:bc:39:4e:9e:
                    5d:24:16:2d:cd:c4:e7:cb:a6:d3:7c:4c:23:d7:d5:
                    de:40:2a:9c:f3:b3:0c:51:72:a0:9f:74:2c:07:16:
                    dd:8a:e6:e9:47:e8:9e:d1:91:8f:8d:fe:95:b1:9b:
                    fb:36:05:c5:9a:e2:83:18:bf:42:e7:01:93:08:3d:
                    ae:ad:a8:cf:35:9f:f2:dc:68:3b:85:14:10:28:c5:
                    38:8f:b5:77:86:f8:53:90:17:e7:f6:76:f5:fd:ae:
                    c7:fb:2d:63:7e:53:7a:51:5a:4a:62:cd:4e:84:64:
                    6d:ff:9e:be:5d:93:d2:3f:3a:67:e6:7f:ef:c9:10:
                    93:22:99:b3:09:24:b3:7e:39:69:b9:1f:14:49:5e:
                    dc:30:fa:f1:64:a9:a4:7d:34:06:ae:cb:24:ba:cb:
                    80:11:a1:a9:e3:b0:0c:40:c9:bf:7a:17:df:aa:dd:
                    21:2d:02:7c:7c:d1:c3:5b:44:b8:3f:7a:e7:42:a1:
                    a9:a9:31:00:e8:70:a2:3f:93:c9:4c:c3:70:21:a9:
                    cb:92:c0:09:35:36:3d:19:cb:f7:30:3f:26:e2:d8:
                    a6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:4C:AD:68:8D:A2:6C:29:FC:9B:29:0F:EA:94:C1:9B:11:AA:22:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d4ea817-9a30-46eb-adae-ea1411984c84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.45.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:e1:53:16:9d:fd:d0:47:25:9a:2d:2f:c5:9c:ac:b1:69:d4:
         11:43:b1:0c:43:01:dc:b7:bb:ef:ae:0b:b4:e6:55:cf:76:2c:
         87:3f:02:c3:7b:85:92:49:3e:55:c2:04:40:ee:55:42:d2:6a:
         c7:dc:b2:60:8f:ff:57:c9:74:15:71:19:33:8e:80:f7:da:71:
         7f:0d:26:29:86:9c:93:45:5d:21:29:3a:0e:d8:6c:24:33:bc:
         61:89:3f:3c:f9:0c:37:f5:a8:84:72:09:e6:cc:52:b2:f8:1a:
         f4:70:f7:b1:5e:23:aa:d0:ae:8b:76:4b:8f:6b:c0:ba:30:d2:
         12:cc:13:ba:5d:86:55:ce:e3:f5:c9:9e:b0:3a:3e:ef:dd:cb:
         e2:05:ff:b8:fd:2c:1b:3b:82:e0:7a:ad:cb:63:e6:5a:62:07:
         af:ad:db:cb:77:7a:08:57:be:cc:2e:b7:f6:ed:ab:15:90:e0:
         b2:f1:9c:59:b2:2b:69:da:01:4c:97:9e:5b:47:98:04:53:d0:
         1f:b6:45:ee:81:14:7b:8f:7a:a4:29:aa:c1:9d:48:51:31:6e:
         c8:7c:9d:6a:db:0b:5f:b3:b9:a6:96:8d:77:f3:53:71:e1:1e:
         83:75:d8:da:10:96:11:2e:4f:31:b5:d3:28:c4:21:1f:e0:f3:
         a1:21:9e:fa
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUG//WZCVnrefYnwdtAK41Ekbf1cwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE3MTUxMDE1WhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzcwZjZjMjljNWZhNjFlNzNmMGQ5NzU5Yjg2M2I5MTE0
ZTgxODAxMmFiZjg4MjlkYzYyM2Y5MjdlY2UzNmE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdZmKNBDWKDUwFbOabETXUw6lgVCGHkhRvuCFEbWLNpvef
E/WpB1pQvDlOnl0kFi3NxOfLptN8TCPX1d5AKpzzswxRcqCfdCwHFt2K5ulH6J7R
kY+N/pWxm/s2BcWa4oMYv0LnAZMIPa6tqM81n/LcaDuFFBAoxTiPtXeG+FOQF+f2
dvX9rsf7LWN+U3pRWkpizU6EZG3/nr5dk9I/Omfmf+/JEJMimbMJJLN+OWm5HxRJ
Xtww+vFkqaR9NAauyyS6y4ARoanjsAxAyb96F9+q3SEtAnx80cNbRLg/eudCoamp
MQDocKI/k8lMw3AhqcuSwAk1Nj0Zy/cwPybi2KZpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHEytaI2ibCn8mykP6pTBmxGqIiQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkNGVhODE3LTlhMzAtNDZlYi1hZGFlLWVhMTQxMTk4NGM4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoLTANBgkqhkiG9w0BAQsFAAOCAQEAAeFTFp390Eclmi0vxZyssWnUEUOx
DEMB3Le7764LtOZVz3Yshz8Cw3uFkkk+VcIEQO5VQtJqx9yyYI//V8l0FXEZM46A
99pxfw0mKYack0VdISk6DthsJDO8YYk/PPkMN/WohHIJ5sxSsvga9HD3sV4jqtCu
i3ZLj2vAujDSEswTul2GVc7j9cmesDo+793L4gX/uP0sGzuC4Hqty2PmWmIHr63b
y3d6CFe+zC639u2rFZDgsvGcWbIradoBTJeeW0eYBFPQH7ZF7oEUe496pCmqwZ1I
UTFuyHydatsLX7O5ppaNd/NTceEeg3XY2hCWES5PMbXTKMQhH+DzoSGe+g==
-----END CERTIFICATE-----