Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa
File:                     a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa (raw, json)
Hash identifier:          wgGpeFjXX4TJVshLrQ7RP3p1qRoJXSWmSV1UZ3uaWJM=
Subject key identifier:   70:BF:00:04:39:2B:0C:35:75:8B:60:7F:47:6A:FA:78:28:60:39:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       390FC45814261C2B9593E32213A601FFE77A99F5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa
Signing time:             Sat 08 Mar 2025 00:21:53 +0000
ROA not before:           Sat 08 Mar 2025 00:21:53 +0000
ROA not after:            Sat 12 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.43.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:0f:c4:58:14:26:1c:2b:95:93:e3:22:13:a6:01:ff:e7:7a:99:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  8 00:21:53 2025 GMT
            Not After : Apr 12 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4f:07:d3:c0:e4:39:f6:ca:88:b9:0f:7e:b6:
                    f3:14:31:3a:b1:1f:83:95:14:72:15:ec:16:4f:2e:
                    c6:54:74:14:51:a6:dc:e9:2c:8e:ac:b9:11:9c:40:
                    a3:ce:b4:a0:50:0e:98:2a:cd:24:6d:31:f9:80:0e:
                    ca:2b:88:89:4e:8b:b1:f7:c6:5c:ac:5a:8f:db:30:
                    5b:ff:d7:b7:02:0a:90:44:2e:73:c4:e4:92:7f:76:
                    71:64:d8:85:b9:83:c4:52:b1:b0:31:85:70:0d:19:
                    76:e7:4d:91:72:7a:33:09:d8:6d:5b:e3:3e:87:c0:
                    3c:7d:a7:e2:b1:7f:43:c2:be:27:28:53:48:6a:e7:
                    fb:68:fc:00:52:f2:13:bc:90:a8:72:2f:84:42:52:
                    2e:54:c2:c7:01:02:81:47:0f:80:d2:60:23:cd:65:
                    af:4c:40:a4:30:07:58:63:09:b7:fa:40:a9:18:ed:
                    5a:03:03:8a:23:e8:f7:f7:c6:3d:ae:a8:89:27:59:
                    04:7a:fb:a5:98:a9:2b:fc:43:bf:c4:bf:f0:05:0f:
                    6a:d6:0c:65:11:0c:69:d2:c7:83:73:49:4a:e1:ea:
                    86:0b:1d:a6:6f:b5:82:f8:7f:1c:3e:cc:84:bc:01:
                    42:da:92:51:d7:ee:f0:e7:ec:79:c0:c1:eb:4e:c4:
                    e6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:BF:00:04:39:2B:0C:35:75:8B:60:7F:47:6A:FA:78:28:60:39:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         13:0e:f4:e1:94:cc:b7:38:a0:83:b2:72:7c:f9:12:67:04:4c:
         d2:22:0a:60:86:4d:56:cd:b7:e2:62:51:3c:7e:dd:db:cc:86:
         56:24:81:b1:56:9a:6c:7a:3b:5a:0f:62:bf:95:fb:86:3f:7b:
         9a:d4:cd:b7:f6:44:63:7b:09:35:a7:d5:b2:8d:56:d8:7e:eb:
         ac:6a:ad:b1:1e:cc:1d:51:c7:62:12:2c:f2:d5:f0:92:b5:79:
         c4:12:8b:60:81:a1:b5:85:bd:cf:1e:41:fd:f0:b6:3a:d1:6b:
         3b:46:22:71:9c:2a:05:18:4b:51:66:7d:25:46:cc:7e:63:27:
         7a:d2:db:e2:14:43:47:9f:38:9d:24:68:ed:2e:ac:30:a4:68:
         50:b3:d6:af:ab:bc:de:b1:3c:d5:4f:29:be:96:b3:34:7d:3a:
         70:07:64:85:39:2d:41:a1:e1:02:3a:93:36:7b:74:98:41:04:
         51:17:43:58:8e:0b:49:f2:dd:61:91:aa:10:fa:24:6a:e7:2c:
         65:bf:c3:59:fe:2a:89:6e:d2:b6:8a:e5:3b:10:79:93:74:69:
         f4:bb:bc:4d:62:d7:83:90:96:09:e3:4b:d9:ea:2c:43:86:dc:
         33:9a:5a:c0:42:2e:2c:27:88:9e:ae:46:55:bb:bf:96:a7:b5:
         7b:4b:61:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOQ/EWBQmHCuVk+MiE6YB/+d6mfUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA4MDAyMTUzWhcNMjUwNDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDk4NDU4MDY3YWMwZmVjOWE3NmNkZTBiNDZiMzMzMWQ1
OTRhNGUzNTQ0NWQ3NGNlZWE4ZWJkZjM3YzIyZjQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBTwfTwOQ59sqIuQ9+tvMUMTqxH4OVFHIV7BZPLsZUdBRR
ptzpLI6suRGcQKPOtKBQDpgqzSRtMfmADsoriIlOi7H3xlysWo/bMFv/17cCCpBE
LnPE5JJ/dnFk2IW5g8RSsbAxhXANGXbnTZFyejMJ2G1b4z6HwDx9p+Kxf0PCvico
U0hq5/to/ABS8hO8kKhyL4RCUi5UwscBAoFHD4DSYCPNZa9MQKQwB1hjCbf6QKkY
7VoDA4oj6Pf3xj2uqIknWQR6+6WYqSv8Q7/Ev/AFD2rWDGURDGnSx4NzSUrh6oYL
HaZvtYL4fxw+zIS8AULaklHX7vDn7HnAwetOxObdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcL8ABDkrDDV1i2B/R2r6eChgOScwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0YzAzMWY5LTZkNDAtNGJhNy1iZDk2LWIxZWI0ODVkNmFkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjKzANBgkqhkiG9w0BAQsFAAOCAQEAEw704ZTMtzigg7JyfPkSZwRM0iIK
YIZNVs234mJRPH7d28yGViSBsVaabHo7Wg9iv5X7hj97mtTNt/ZEY3sJNafVso1W
2H7rrGqtsR7MHVHHYhIs8tXwkrV5xBKLYIGhtYW9zx5B/fC2OtFrO0YicZwqBRhL
UWZ9JUbMfmMnetLb4hRDR584nSRo7S6sMKRoULPWr6u83rE81U8pvpazNH06cAdk
hTktQaHhAjqTNnt0mEEEURdDWI4LSfLdYZGqEPokaucsZb/DWf4qiW7StorlOxB5
k3Rp9Lu8TWLXg5CWCeNL2eosQ4bcM5pawEIuLCeInq5GVbu/lqe1e0thLQ==
-----END CERTIFICATE-----