Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ebe2ca3-bd47-4c61-86d3-83c9cab1b836.roa
File:                     9ebe2ca3-bd47-4c61-86d3-83c9cab1b836.roa (raw, json)
Hash identifier:          r3esMIgIOtWUQ2Q0KKnzSATIOSmnE53586sYAfn3qEo=
Subject key identifier:   DF:4E:79:93:81:90:2E:9F:09:64:75:3C:24:1F:79:27:E0:88:8C:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3EFB62C48232C79994125F6692691976618506B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ebe2ca3-bd47-4c61-86d3-83c9cab1b836.roa
Signing time:             Wed 19 Mar 2025 00:10:28 +0000
ROA not before:           Wed 19 Mar 2025 00:10:28 +0000
ROA not after:            Wed 23 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.245.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:fb:62:c4:82:32:c7:99:94:12:5f:66:92:69:19:76:61:85:06:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 19 00:10:28 2025 GMT
            Not After : Apr 23 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a5:8b:eb:9d:ea:59:82:b2:be:c7:1f:66:6e:
                    98:9f:93:d6:22:c8:15:7b:e1:c9:b1:70:bf:c9:70:
                    bc:a2:84:b2:f5:7c:d9:bf:1f:79:bf:b8:fb:f8:40:
                    6d:33:ec:59:1b:f1:22:4c:92:38:75:8d:e3:2a:3a:
                    11:40:43:2b:50:07:7c:ab:3a:05:92:78:3a:39:8d:
                    cc:c1:83:79:98:89:b3:73:73:4e:72:18:17:5e:cc:
                    1d:b0:40:8d:4b:61:9c:10:bc:7f:eb:70:e7:16:fa:
                    12:be:ac:52:9b:0c:cc:fe:5a:8e:63:e0:32:53:70:
                    23:12:90:b0:a8:f6:59:52:06:74:90:73:09:6e:99:
                    1e:e7:c4:48:a8:4d:a6:b0:c3:c5:1d:bd:ba:cd:a7:
                    7b:c0:0b:d2:75:e1:f1:3f:f8:98:fd:5e:32:3f:cc:
                    8e:28:50:37:c9:c4:ee:ec:0c:70:a9:ab:1c:b0:f2:
                    07:c8:f6:96:4c:ae:95:df:ba:56:9a:e6:ab:cb:ae:
                    1d:fd:5f:1d:45:cc:83:92:30:96:2c:65:62:e0:cb:
                    82:85:70:9c:2c:3c:e0:3b:a6:81:f2:0e:e7:ba:04:
                    b9:17:de:3c:24:e4:ef:18:54:49:fd:79:7c:c7:9c:
                    f4:a4:35:63:2d:34:52:fb:76:bf:af:27:66:98:1e:
                    66:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:4E:79:93:81:90:2E:9F:09:64:75:3C:24:1F:79:27:E0:88:8C:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ebe2ca3-bd47-4c61-86d3-83c9cab1b836.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.245.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3e:cd:da:77:d9:15:a9:58:96:df:dd:17:a3:c7:6d:5f:35:88:
         53:e1:11:e8:64:a0:8a:e9:92:55:5c:42:92:ee:dd:0a:7a:7c:
         6e:59:c3:2e:d3:bc:5b:a9:c1:76:c6:35:3f:5e:74:56:12:5b:
         9c:74:0b:4c:7c:23:de:0a:29:1d:77:8a:5d:90:cf:f8:66:2d:
         61:83:d3:1c:ea:52:d4:8d:a4:dd:31:09:0f:1c:fb:3e:cf:de:
         8f:b4:b1:1e:ad:e9:87:7f:7a:f2:75:ef:ff:ba:53:38:b9:ad:
         ed:fb:85:aa:5d:30:89:69:32:13:ba:1c:4d:b8:fa:ed:eb:76:
         aa:c5:85:ec:fe:40:85:c0:b3:cc:16:2a:46:1f:ae:08:9c:45:
         f7:bf:0e:61:32:c6:4c:3b:01:3a:90:c7:9b:c0:4a:3b:30:af:
         69:d8:e2:b9:ab:22:d9:f3:86:3a:8f:a4:4d:ca:39:db:c3:ee:
         3d:71:66:85:c3:3c:53:99:8b:8f:39:58:b6:25:58:40:0c:cf:
         2f:7e:cb:3a:0a:f6:0b:3b:71:5a:e5:7d:00:c8:76:5a:08:79:
         33:82:c0:84:b4:0d:09:ed:77:3f:3e:43:48:99:e3:08:4c:ef:
         20:dc:55:56:db:ff:67:cf:7e:46:02:27:fe:91:ae:6e:35:3a:
         cd:75:b0:40
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPvtixIIyx5mUEl9mkmkZdmGFBrAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE5MDAxMDI4WhcNMjUwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDUzODVlMDVlNDMwZmNjODVlM2NiNzUzNTNkODIwYzRl
YWM0N2U4ZWYyMmJlOTU3Y2FiNzAyZDllMDYyMGM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfpYvrnepZgrK+xx9mbpifk9YiyBV74cmxcL/JcLyihLL1
fNm/H3m/uPv4QG0z7Fkb8SJMkjh1jeMqOhFAQytQB3yrOgWSeDo5jczBg3mYibNz
c05yGBdezB2wQI1LYZwQvH/rcOcW+hK+rFKbDMz+Wo5j4DJTcCMSkLCo9llSBnSQ
cwlumR7nxEioTaaww8UdvbrNp3vAC9J14fE/+Jj9XjI/zI4oUDfJxO7sDHCpqxyw
8gfI9pZMrpXfulaa5qvLrh39Xx1FzIOSMJYsZWLgy4KFcJwsPOA7poHyDue6BLkX
3jwk5O8YVEn9eXzHnPSkNWMtNFL7dr+vJ2aYHmYpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3055k4GQLp8JZHU8JB95J+CIjM0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllYmUyY2EzLWJkNDctNGM2MS04NmQzLTgzYzljYWIxYjgzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCW9TANBgkqhkiG9w0BAQsFAAOCAQEAPs3ad9kVqViW390Xo8dtXzWIU+ER
6GSgiumSVVxCku7dCnp8blnDLtO8W6nBdsY1P150VhJbnHQLTHwj3gopHXeKXZDP
+GYtYYPTHOpS1I2k3TEJDxz7Ps/ej7SxHq3ph3968nXv/7pTOLmt7fuFql0wiWky
E7ocTbj67et2qsWF7P5AhcCzzBYqRh+uCJxF978OYTLGTDsBOpDHm8BKOzCvadji
uasi2fOGOo+kTco528PuPXFmhcM8U5mLjzlYtiVYQAzPL37LOgr2CztxWuV9AMh2
Wgh5M4LAhLQNCe13Pz5DSJnjCEzvINxVVtv/Z89+RgIn/pGubjU6zXWwQA==
-----END CERTIFICATE-----