Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac285f19-324f-4769-988a-0b6c67139e64.roa
File:                     ac285f19-324f-4769-988a-0b6c67139e64.roa (raw, json)
Hash identifier:          Rcmt2tnoVh6CGcB4RCZgkT369WjaGxx3fEY1R1TXW+w=
Subject key identifier:   EC:0F:B1:C6:86:06:9B:77:B7:CE:54:BC:9E:90:32:6B:B0:AB:E2:DE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56C14B7B1782FF7346948FC62630451DA233D334
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac285f19-324f-4769-988a-0b6c67139e64.roa
Signing time:             Tue 04 Mar 2025 17:10:19 +0000
ROA not before:           Tue 04 Mar 2025 17:10:19 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.116.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:c1:4b:7b:17:82:ff:73:46:94:8f:c6:26:30:45:1d:a2:33:d3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:10:19 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:95:19:e8:9e:31:bb:79:99:0a:ca:fb:35:95:
                    2b:cc:62:f6:13:36:f1:50:4f:ad:95:24:40:28:33:
                    3f:1e:af:33:ae:f5:6d:04:1a:2e:af:85:51:3a:a7:
                    ac:2f:77:4e:68:93:01:fc:ca:19:ed:16:9d:5c:2e:
                    e5:39:7c:17:16:c1:17:e9:0c:6a:ac:3e:bc:44:13:
                    05:6a:ef:a1:09:fa:ea:a1:00:cf:36:c8:29:ee:09:
                    73:3c:6c:55:38:9c:c4:61:f0:94:d3:5e:8b:2b:e1:
                    61:1c:f6:e7:d3:26:af:c1:10:0e:40:be:79:69:71:
                    72:59:37:28:90:d6:61:c1:f9:0e:b2:58:9d:9d:3a:
                    78:e5:c3:24:d9:48:9e:cd:dc:b5:23:5d:44:c3:03:
                    04:2e:78:00:dc:30:6a:a4:c7:e9:6c:14:5e:35:1e:
                    6c:43:d9:7f:24:d7:f0:b3:48:63:af:6c:fa:7b:c1:
                    73:35:31:09:f0:30:b9:91:6a:67:19:63:b4:27:df:
                    64:dd:5e:38:33:3c:78:50:c4:40:e1:90:f5:2d:54:
                    e6:30:98:16:db:b9:df:eb:36:de:bf:5c:5f:b8:cd:
                    b2:df:97:05:9a:7c:be:d3:c4:0b:c5:9b:be:24:b9:
                    58:57:d1:9f:59:77:4e:53:5a:98:e3:a7:b4:48:09:
                    41:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:0F:B1:C6:86:06:9B:77:B7:CE:54:BC:9E:90:32:6B:B0:AB:E2:DE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac285f19-324f-4769-988a-0b6c67139e64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.116.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         43:f9:73:c4:25:d8:e0:de:47:94:ef:4a:e5:8f:d5:a1:21:84:
         f2:30:2c:93:b8:59:c1:9e:3f:87:f2:ca:92:d3:51:a5:45:5f:
         b8:19:1e:fe:c2:37:19:81:4c:bd:59:a1:84:2e:21:28:99:af:
         d3:75:68:99:bf:04:9e:46:fc:42:97:e2:66:94:e3:86:60:75:
         ac:36:14:00:d4:9c:73:50:e3:9a:02:e5:a2:57:26:0c:a5:d2:
         8a:29:3f:1f:c7:4c:ac:10:4d:37:77:eb:b6:b9:a5:75:b7:e6:
         b8:c9:b2:33:7a:45:27:17:a2:e5:7c:a3:40:d7:8a:31:a4:46:
         b9:72:9c:4a:a3:12:c6:e6:e0:9f:7a:b3:65:81:6b:11:79:3c:
         2e:90:ed:ae:26:d1:f0:be:53:75:90:34:2d:42:e1:a4:7e:a1:
         0e:7b:20:c8:25:e7:ec:17:56:db:b2:90:cd:af:cd:b2:20:df:
         ff:83:e9:63:1b:b8:34:1a:4f:e0:e5:f7:53:e7:26:60:66:13:
         4f:73:3b:1d:b7:27:85:53:81:d5:e0:b6:63:12:ac:78:91:a9:
         11:6c:ea:91:24:27:71:06:98:fc:88:01:a5:98:ae:e6:6a:53:
         77:0c:dd:95:45:07:26:a9:10:45:6f:2f:5c:a5:16:52:d4:9d:
         7b:e2:b7:10
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVsFLexeC/3NGlI/GJjBFHaIz0zQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTcxMDE5WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODFhN2I4MDFiYmIwMDAxMDc4NDQ3ZWY5MGEyZjk3MzFl
NDZjYTM0NWI2ZWNiYjhhODAyNjgwMWIyYjQwNTdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVlRnonjG7eZkKyvs1lSvMYvYTNvFQT62VJEAoMz8erzOu
9W0EGi6vhVE6p6wvd05okwH8yhntFp1cLuU5fBcWwRfpDGqsPrxEEwVq76EJ+uqh
AM82yCnuCXM8bFU4nMRh8JTTXosr4WEc9ufTJq/BEA5AvnlpcXJZNyiQ1mHB+Q6y
WJ2dOnjlwyTZSJ7N3LUjXUTDAwQueADcMGqkx+lsFF41HmxD2X8k1/CzSGOvbPp7
wXM1MQnwMLmRamcZY7Qn32TdXjgzPHhQxEDhkPUtVOYwmBbbud/rNt6/XF+4zbLf
lwWafL7TxAvFm74kuVhX0Z9Zd05TWpjjp7RICUHBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7A+xxoYGm3e3zlS8npAya7Cr4t4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FjMjg1ZjE5LTMyNGYtNDc2OS05ODhhLTBiNmM2NzEzOWU2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2dDANBgkqhkiG9w0BAQsFAAOCAQEAQ/lzxCXY4N5HlO9K5Y/VoSGE8jAs
k7hZwZ4/h/LKktNRpUVfuBke/sI3GYFMvVmhhC4hKJmv03Vomb8Enkb8QpfiZpTj
hmB1rDYUANScc1DjmgLlolcmDKXSiik/H8dMrBBNN3frtrmldbfmuMmyM3pFJxei
5XyjQNeKMaRGuXKcSqMSxubgn3qzZYFrEXk8LpDtribR8L5TdZA0LULhpH6hDnsg
yCXn7BdW27KQza/NsiDf/4PpYxu4NBpP4OX3U+cmYGYTT3M7HbcnhVOB1eC2YxKs
eJGpEWzqkSQncQaY/IgBpZiu5mpTdwzdlUUHJqkQRW8vXKUWUtSde+K3EA==
-----END CERTIFICATE-----