Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9ce29e3-7bd7-460c-9786-73423aecfeb0.roa
File:                     a9ce29e3-7bd7-460c-9786-73423aecfeb0.roa (raw, json)
Hash identifier:          JOKkSLS8DcKydWsfZcViq0I2tYoL2m1KMIEOMAcA5mI=
Subject key identifier:   C7:89:72:D6:84:FF:8E:ED:65:E7:D9:8E:E1:71:79:A2:B9:9B:86:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11336A62863CF32C1E657A147BAC1AEC76655AE1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9ce29e3-7bd7-460c-9786-73423aecfeb0.roa
Signing time:             Tue 11 Mar 2025 00:00:42 +0000
ROA not before:           Tue 11 Mar 2025 00:00:42 +0000
ROA not after:            Tue 15 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        149.181.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:33:6a:62:86:3c:f3:2c:1e:65:7a:14:7b:ac:1a:ec:76:65:5a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 11 00:00:42 2025 GMT
            Not After : Apr 15 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:04:8c:c1:65:5c:54:d7:3e:60:7a:a9:1e:91:
                    b3:00:b7:00:e2:37:de:76:58:0e:41:14:fa:f4:a5:
                    4f:9c:5a:19:17:a5:47:51:8d:ba:f3:a3:3c:31:90:
                    9a:2d:9c:9c:fd:95:0f:af:b5:6c:52:1a:3e:b1:8d:
                    02:30:a9:15:bc:4f:a0:1b:42:63:81:3b:ec:e9:11:
                    9c:0a:66:48:4d:1d:cd:05:75:fd:3d:9e:29:c8:d3:
                    0c:68:99:8c:62:03:b0:1f:13:62:a2:74:5e:90:da:
                    14:13:8a:70:e8:48:fe:85:3e:66:a6:89:23:06:c8:
                    46:c3:30:78:f5:b5:cd:cf:b8:6d:f5:ca:f6:8f:f2:
                    1d:89:45:00:8d:08:db:64:26:d3:47:50:b3:a0:6c:
                    a9:a0:5d:9a:c7:e2:a6:c2:8c:68:83:9c:ad:cb:ee:
                    22:db:39:1e:2d:ac:3b:70:d3:6b:ce:e8:df:45:f0:
                    ee:86:23:ab:d9:ab:86:68:c1:a9:5b:51:13:ec:48:
                    ef:76:1d:a3:21:4b:63:9d:66:fb:79:75:ce:26:44:
                    54:3b:2e:03:36:2b:de:ac:25:d2:c7:dd:f1:1d:b8:
                    57:68:83:c5:6d:c3:ef:09:67:4e:aa:73:cc:37:c0:
                    c2:6b:6d:a5:91:39:f5:0c:19:14:c5:55:ab:0d:d2:
                    17:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:89:72:D6:84:FF:8E:ED:65:E7:D9:8E:E1:71:79:A2:B9:9B:86:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9ce29e3-7bd7-460c-9786-73423aecfeb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.181.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         06:e2:56:55:a0:ad:14:8e:07:0c:aa:90:d8:ba:ae:b1:ed:3c:
         f6:04:d6:78:54:cf:27:ff:86:39:d4:21:2e:7d:07:36:f2:be:
         59:62:9d:b1:33:34:f2:1f:68:d4:6b:30:68:b6:73:8e:b3:71:
         3b:17:b6:da:35:6a:59:21:35:50:5a:71:61:5a:3f:0b:87:9a:
         05:e4:3a:cf:17:2d:a3:f2:85:f4:f6:d5:97:fd:7b:b7:73:c4:
         50:33:9c:7d:4d:af:eb:de:cf:29:b1:b6:6c:a6:42:39:99:ac:
         1c:eb:bc:a8:a6:42:b8:fa:03:63:5c:a8:0b:5b:b2:8b:e8:b9:
         f6:c0:b5:a8:31:98:ce:28:39:28:3b:2e:5e:2d:d5:71:29:73:
         aa:42:36:9a:6c:63:da:ae:a9:dd:0c:bb:05:b9:f1:ec:9b:b3:
         77:6e:76:e7:d2:10:7f:09:2a:3a:c2:fd:15:d8:7a:2e:0b:73:
         a3:02:42:eb:5b:8f:0b:01:b1:2e:05:a5:d0:cf:db:32:4a:8b:
         8f:aa:17:5c:b8:f7:e9:a3:e0:89:7f:54:a0:56:c0:aa:17:94:
         fc:71:65:51:fc:fb:27:db:3a:03:2c:a3:75:8c:d0:6a:03:aa:
         79:a5:aa:6c:e1:08:1b:93:e6:55:77:85:3b:ec:ef:b3:ba:d4:
         ef:a6:cb:bf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUETNqYoY88yweZXoUe6wa7HZlWuEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzExMDAwMDQyWhcNMjUwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjlhZWFiY2NkYWRlOGNhZWI2OTY4NTZhNmE4ZjUyZTRl
ZDI1MjhkNjExYTA5OTA0MTg4YjE2ZTQwMjQ0OWE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCBIzBZVxU1z5geqkekbMAtwDiN952WA5BFPr0pU+cWhkX
pUdRjbrzozwxkJotnJz9lQ+vtWxSGj6xjQIwqRW8T6AbQmOBO+zpEZwKZkhNHc0F
df09ninI0wxomYxiA7AfE2KidF6Q2hQTinDoSP6FPmamiSMGyEbDMHj1tc3PuG31
yvaP8h2JRQCNCNtkJtNHULOgbKmgXZrH4qbCjGiDnK3L7iLbOR4trDtw02vO6N9F
8O6GI6vZq4ZowalbURPsSO92HaMhS2OdZvt5dc4mRFQ7LgM2K96sJdLH3fEduFdo
g8Vtw+8JZ06qc8w3wMJrbaWROfUMGRTFVasN0hehAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUx4ly1oT/ju1l59mO4XF5ormbhvYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5Y2UyOWUzLTdiZDctNDYwYy05Nzg2LTczNDIzYWVjZmViMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeVtQAwDQYJKoZIhvcNAQELBQADggEBAAbiVlWgrRSOBwyqkNi6rrHtPPYE
1nhUzyf/hjnUIS59BzbyvllinbEzNPIfaNRrMGi2c46zcTsXtto1alkhNVBacWFa
PwuHmgXkOs8XLaPyhfT21Zf9e7dzxFAznH1Nr+vezymxtmymQjmZrBzrvKimQrj6
A2NcqAtbsovoufbAtagxmM4oOSg7Ll4t1XEpc6pCNppsY9quqd0MuwW58eybs3du
dufSEH8JKjrC/RXYei4Lc6MCQutbjwsBsS4FpdDP2zJKi4+qF1y49+mj4Il/VKBW
wKoXlPxxZVH8+yfbOgMso3WM0GoDqnmlqmzhCBuT5lV3hTvs77O61O+my78=
-----END CERTIFICATE-----