Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78ff198-e6dd-430d-9225-4f016327415c.roa
File:                     a78ff198-e6dd-430d-9225-4f016327415c.roa (raw, json)
Hash identifier:          Mj7DAeY422iFFrqMd6pOpwz+ISGSjlHkTuzHa661lPI=
Subject key identifier:   E7:BB:ED:87:1B:C0:6A:E1:FD:B1:28:8E:32:86:07:B4:C2:6E:C3:5C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       273226F39DB824D56E5E8C89611D5CF2A8743A0C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78ff198-e6dd-430d-9225-4f016327415c.roa
Signing time:             Tue 18 Mar 2025 00:41:55 +0000
ROA not before:           Tue 18 Mar 2025 00:41:55 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.129.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:32:26:f3:9d:b8:24:d5:6e:5e:8c:89:61:1d:5c:f2:a8:74:3a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:41:55 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0c:e4:f0:92:7a:90:11:2c:48:6a:34:e5:a9:
                    3a:2d:a6:d9:58:95:f2:30:32:4a:35:cc:8d:3a:3f:
                    04:93:d8:a4:74:0d:42:da:e6:4e:ec:fb:ab:d3:26:
                    74:94:6c:70:1e:7e:f1:f5:17:3e:61:53:a9:f6:af:
                    a9:16:58:8f:57:7b:ab:64:77:27:4b:7b:6d:74:c7:
                    f6:83:36:c6:2e:ea:ad:da:fd:99:96:1e:7a:2b:db:
                    4e:56:1a:b4:39:d7:f7:08:ec:dc:9b:81:a4:24:bd:
                    a0:4d:f6:79:b5:45:28:cd:b7:0e:9e:0e:66:d7:f4:
                    50:00:fa:90:3b:3d:02:ac:f2:63:ae:6c:1e:4f:78:
                    3f:64:5f:a4:c9:20:6a:82:77:8d:f2:03:bb:7d:92:
                    19:91:71:2d:1f:56:76:39:d9:3b:76:6d:55:d0:1b:
                    57:04:f9:6f:53:da:1e:df:06:f7:00:4f:c7:d8:55:
                    d0:bb:21:97:d3:66:1f:ff:15:aa:d3:97:1d:28:4b:
                    22:55:54:f2:0f:75:42:65:4f:ad:44:aa:9f:a4:72:
                    8e:91:d0:86:d4:65:dc:c9:02:b0:5f:1f:98:a6:e9:
                    86:75:f2:99:b3:3a:0b:fe:7e:9c:1a:b4:9b:8a:77:
                    a2:47:17:84:3a:9d:8b:b8:05:e3:d1:16:b3:38:a9:
                    52:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BB:ED:87:1B:C0:6A:E1:FD:B1:28:8E:32:86:07:B4:C2:6E:C3:5C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78ff198-e6dd-430d-9225-4f016327415c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:8d:73:25:51:df:ba:59:f3:8e:bc:85:70:72:1b:59:ff:4b:
         9f:e7:cb:70:28:6c:4c:90:55:9a:49:1b:e4:a3:05:0e:1c:bc:
         cf:13:46:7e:6c:43:09:f2:f8:01:09:8a:30:23:03:9c:fa:3c:
         78:59:9f:6f:47:43:db:52:34:02:63:5e:63:56:49:30:68:fb:
         1a:36:1d:f8:a9:2b:1f:a3:27:0d:d6:1f:1f:d0:93:a3:c9:35:
         82:78:a5:a9:e5:08:62:29:e9:89:90:30:06:c9:65:2c:50:2a:
         d3:94:7c:fa:c9:a8:ad:6b:85:69:bd:6d:c9:94:da:ec:0c:a1:
         1a:71:0b:01:9c:fd:93:8f:b5:04:88:8e:0b:c6:fb:82:58:93:
         79:db:3c:fb:51:1b:28:2d:f7:d3:9d:f9:2c:5d:06:fd:80:a0:
         69:b2:1e:bd:4b:b3:13:5c:0f:c0:99:66:98:e5:35:ad:bc:ce:
         71:a9:47:67:12:11:87:6e:5a:47:af:73:46:54:22:65:61:a4:
         a8:86:9f:3c:e6:26:a4:f7:3b:38:f8:e8:f8:33:02:4a:e6:28:
         d8:e9:13:f2:8b:1f:1d:45:1d:88:d5:f0:b8:1c:c0:e1:a6:6f:
         55:8b:b3:85:ad:21:ad:0b:b8:52:50:8f:6c:fa:f2:47:41:dd:
         bf:23:8e:e4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJzIm8524JNVuXoyJYR1c8qh0OgwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDA0MTU1WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDAwMTljMmJmY2JmYzY4MDRhNDU0MmVlMTk4ZmUwMjE0
MzBmOTU2OGJhYTg2NjY1OGM0ZDM3NDM3NWYzNGQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8DOTwknqQESxIajTlqTotptlYlfIwMko1zI06PwST2KR0
DULa5k7s+6vTJnSUbHAefvH1Fz5hU6n2r6kWWI9Xe6tkdydLe210x/aDNsYu6q3a
/ZmWHnor205WGrQ51/cI7NybgaQkvaBN9nm1RSjNtw6eDmbX9FAA+pA7PQKs8mOu
bB5PeD9kX6TJIGqCd43yA7t9khmRcS0fVnY52Tt2bVXQG1cE+W9T2h7fBvcAT8fY
VdC7IZfTZh//FarTlx0oSyJVVPIPdUJlT61Eqp+kco6R0IbUZdzJArBfH5im6YZ1
8pmzOgv+fpwatJuKd6JHF4Q6nYu4BePRFrM4qVLtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU57vthxvAauH9sSiOMoYHtMJuw1wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3OGZmMTk4LWU2ZGQtNDMwZC05MjI1LTRmMDE2MzI3NDE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4gTANBgkqhkiG9w0BAQsFAAOCAQEAso1zJVHfulnzjryFcHIbWf9Ln+fL
cChsTJBVmkkb5KMFDhy8zxNGfmxDCfL4AQmKMCMDnPo8eFmfb0dD21I0AmNeY1ZJ
MGj7GjYd+KkrH6MnDdYfH9CTo8k1gnilqeUIYinpiZAwBsllLFAq05R8+smorWuF
ab1tyZTa7AyhGnELAZz9k4+1BIiOC8b7gliTeds8+1EbKC330535LF0G/YCgabIe
vUuzE1wPwJlmmOU1rbzOcalHZxIRh25aR69zRlQiZWGkqIafPOYmpPc7OPjo+DMC
SuYo2OkT8osfHUUdiNXwuBzA4aZvVYuzha0hrQu4UlCPbPryR0HdvyOO5A==
-----END CERTIFICATE-----