Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abe641dd-a10f-4e91-8408-cbc741adace1.roa
File:                     abe641dd-a10f-4e91-8408-cbc741adace1.roa (raw, json)
Hash identifier:          dfaYgkQeRzgy6Su+C2SpgSCW1PCxE2w7OiJSnfyZ/RM=
Subject key identifier:   0F:2A:44:03:A3:42:2B:17:62:21:D6:0F:1B:21:EE:02:09:A4:31:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5485D3C9639E698198FBEA0F39EA8671AEA3FE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abe641dd-a10f-4e91-8408-cbc741adace1.roa
Signing time:             Mon 24 Mar 2025 15:41:14 +0000
ROA not before:           Mon 24 Mar 2025 15:41:14 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.235.6.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:85:d3:c9:63:9e:69:81:98:fb:ea:0f:39:ea:86:71:ae:a3:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:41:14 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6d:20:4b:70:0b:1c:a8:80:b9:ae:dd:e5:e3:
                    1e:11:4b:7a:55:4e:0a:84:42:35:ad:4f:ad:12:06:
                    78:ee:82:d4:2e:74:79:bb:59:14:91:47:27:34:6d:
                    58:97:03:28:0a:9f:ff:c8:80:04:7a:dc:f1:5f:5a:
                    b0:a9:64:01:ab:c9:10:b6:04:5c:10:ce:9c:7f:a5:
                    81:81:23:2c:66:95:86:aa:60:4a:91:ce:01:f4:e8:
                    84:36:d8:f4:12:62:cb:05:e6:dd:22:22:1d:f1:8f:
                    e8:b3:7f:3c:99:95:b9:a5:93:88:35:8a:72:ad:16:
                    10:1d:50:2d:f8:27:66:24:55:eb:37:f5:43:c6:59:
                    89:43:f4:41:9a:58:6d:e0:d3:1d:dd:a0:87:e3:29:
                    67:27:9f:62:5d:5f:83:8d:79:57:fd:f6:b4:72:4a:
                    34:ca:26:43:c8:98:b9:11:b3:0c:90:f8:8d:fb:08:
                    d7:b1:b1:b3:2d:c1:29:66:05:ad:17:1a:7c:64:a2:
                    15:ca:ce:c9:c7:6c:8b:96:a4:01:87:a6:29:1e:bd:
                    04:b7:57:b2:10:38:72:c4:98:0e:eb:a5:ed:fe:a3:
                    e6:35:7f:b4:b6:1f:f8:84:0e:32:4e:50:b2:cf:53:
                    a3:39:e2:05:0c:5d:c0:96:2f:72:98:ae:8a:ca:75:
                    c4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:2A:44:03:A3:42:2B:17:62:21:D6:0F:1B:21:EE:02:09:A4:31:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abe641dd-a10f-4e91-8408-cbc741adace1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6a:7e:90:0f:5c:1c:7f:f6:8a:66:0d:36:92:11:5d:54:5c:
         11:ca:08:e1:a7:b6:f7:20:c3:2f:08:41:42:47:cf:bb:8a:b2:
         0b:82:9c:68:fe:46:59:40:8d:b1:63:53:df:0f:9b:ed:ce:9b:
         76:4a:17:e9:e5:9c:32:c5:99:c1:eb:e7:a0:91:35:49:f6:fd:
         a3:bc:b6:aa:7e:3b:a2:b5:f2:cf:a8:60:47:ff:32:05:fa:40:
         8a:16:6b:dc:70:81:a7:14:e3:5b:41:a6:3b:fa:4f:a6:90:60:
         9d:e9:a5:a2:87:15:a6:f5:71:0c:2c:7a:6e:5c:75:9f:26:92:
         6e:26:6b:00:8b:95:9f:1f:86:bd:97:0f:71:64:93:5b:a9:b0:
         12:c0:38:c3:40:79:b7:56:02:0a:95:8b:a0:92:54:e1:b4:58:
         02:93:7f:e6:04:4f:22:04:f4:12:26:40:68:1b:e8:72:7b:cf:
         05:d5:c0:78:15:a6:d8:87:df:e8:db:11:ae:e9:17:68:b5:cc:
         ed:1d:f1:82:98:47:07:9a:29:b8:87:a6:35:7e:49:1e:62:c6:
         2c:7f:a0:a1:dd:f2:7e:fa:dd:5d:16:98:e2:a1:6b:b2:bb:c9:
         a8:7f:b0:3b:46:d5:80:68:4e:88:e7:14:4f:e1:c1:81:48:52:
         79:74:57:f6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITVIXTyWOeaYGY++oPOeqGca6j/jANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTAzMjQxNTQxMTRaFw0yNTA0MjgyMzU5NTla
MHoxSTBHBgNVBAUTQDU4YWEwMzc1MzdhYjVjZDQyMDNjNmVlMWQzNmY5ZTkzZmI0
NWQxZWE5MGM1MjMwYzdmMzUxNGQ5YzUwMGFlNWUxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMJtIEtwCxyogLmu3eXjHhFLelVOCoRCNa1PrRIGeO6C1C50
ebtZFJFHJzRtWJcDKAqf/8iABHrc8V9asKlkAavJELYEXBDOnH+lgYEjLGaVhqpg
SpHOAfTohDbY9BJiywXm3SIiHfGP6LN/PJmVuaWTiDWKcq0WEB1QLfgnZiRV6zf1
Q8ZZiUP0QZpYbeDTHd2gh+MpZyefYl1fg415V/32tHJKNMomQ8iYuRGzDJD4jfsI
17Gxsy3BKWYFrRcafGSiFcrOycdsi5akAYemKR69BLdXshA4csSYDuul7f6j5jV/
tLYf+IQOMk5Qss9TozniBQxdwJYvcpiuisp1xFUCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQPKkQDo0IrF2Ih1g8bIe4CCaQxWDAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvYWJlNjQxZGQtYTEwZi00ZTkxLTg0MDgtY2JjNzQxYWRhY2UxLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAC7rBjANBgkqhkiG9w0BAQsFAAOCAQEAYWp+kA9cHH/2imYNNpIRXVRcEcoI
4ae29yDDLwhBQkfPu4qyC4KcaP5GWUCNsWNT3w+b7c6bdkoX6eWcMsWZwevnoJE1
Sfb9o7y2qn47orXyz6hgR/8yBfpAihZr3HCBpxTjW0GmO/pPppBgnemloocVpvVx
DCx6blx1nyaSbiZrAIuVnx+GvZcPcWSTW6mwEsA4w0B5t1YCCpWLoJJU4bRYApN/
5gRPIgT0EiZAaBvocnvPBdXAeBWm2Iff6NsRrukXaLXM7R3xgphHB5opuIemNX5J
HmLGLH+god3yfvrdXRaY4qFrsrvJqH+wO0bVgGhOiOcUT+HBgUhSeXRX9g==
-----END CERTIFICATE-----