Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad2dbce1-dfae-4d8d-9ef1-972b31e732ac.roa
File:                     ad2dbce1-dfae-4d8d-9ef1-972b31e732ac.roa (raw, json)
Hash identifier:          uLds99R0nlPyMk5YF8lqFLoszfgC35cM4BXd4iwoWPI=
Subject key identifier:   31:04:F5:46:81:C2:F2:00:7D:98:B3:CB:7C:31:60:F0:2B:29:F5:B1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23DF53335798915D89064D91A5C86C1E03500007
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad2dbce1-dfae-4d8d-9ef1-972b31e732ac.roa
Signing time:             Mon 24 Mar 2025 15:40:23 +0000
ROA not before:           Mon 24 Mar 2025 15:40:23 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.244.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:df:53:33:57:98:91:5d:89:06:4d:91:a5:c8:6c:1e:03:50:00:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:40:23 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e1:b5:eb:29:4f:f1:1a:45:83:f9:10:ed:52:
                    52:a0:97:4a:a8:35:17:b3:1d:db:9e:75:d7:56:c6:
                    86:d8:17:cd:83:6b:0d:cd:e8:49:9b:d8:d3:6a:09:
                    d1:6f:e2:bd:82:cd:ed:9c:fb:b8:f4:19:59:b4:92:
                    2e:5f:67:9d:2c:b4:8c:01:b7:e3:ce:6b:e7:fb:c0:
                    8e:f7:54:20:31:28:51:d3:25:00:1b:64:fc:dd:6b:
                    fa:7e:38:a7:bc:bd:cd:d8:87:4e:98:33:20:c8:8e:
                    df:f9:34:84:f0:4a:ea:25:4a:82:51:65:0a:6b:b4:
                    2f:4e:33:55:dc:dd:98:e5:20:57:cd:b3:4a:12:9a:
                    32:66:b8:3c:e3:05:e6:d6:30:85:46:73:04:41:70:
                    02:01:70:e9:d7:0e:b5:1f:32:1e:f9:ca:b7:91:24:
                    5f:3e:e1:c5:6e:dd:8d:0f:51:76:84:19:73:5f:af:
                    fa:bc:d0:76:ce:76:ad:e2:1b:61:78:85:65:4b:dd:
                    73:d5:01:91:57:9a:89:12:26:73:f9:c0:42:57:c0:
                    0f:47:0b:65:61:29:4f:4a:4a:16:2e:b9:23:61:ee:
                    68:13:ae:2e:4e:e1:ff:8d:e2:70:c3:ca:06:cb:9c:
                    7f:5a:77:af:66:46:cb:85:dc:35:75:35:bd:ce:38:
                    26:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:04:F5:46:81:C2:F2:00:7D:98:B3:CB:7C:31:60:F0:2B:29:F5:B1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad2dbce1-dfae-4d8d-9ef1-972b31e732ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.244.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c6:6d:2f:d9:41:c9:19:be:9d:b5:7a:d7:e3:76:b6:2b:34:87:
         76:aa:3e:fa:70:c1:22:5c:fc:8e:05:0b:7e:62:09:29:59:80:
         1e:86:d2:57:81:97:47:41:ed:33:87:3a:48:47:4e:d1:67:dd:
         8f:d8:40:5e:51:5a:ca:83:7d:96:51:f7:e6:12:a8:fe:61:b0:
         a2:d0:66:ba:1f:70:91:3f:fa:77:60:4a:40:4d:9a:65:f5:09:
         01:75:f8:35:85:2b:91:15:37:e9:20:2b:27:d4:5a:24:be:22:
         85:03:f4:d4:82:f7:06:10:0c:95:8d:0b:6f:80:34:5e:45:16:
         73:ae:9f:cf:87:0a:56:7f:c1:09:68:b4:6e:0b:76:35:52:1b:
         a3:00:7d:46:76:b0:fc:8a:7f:27:e1:4e:0f:e5:c0:5c:f1:08:
         6b:d9:bc:68:34:79:34:f5:08:3a:eb:93:e7:60:a4:37:e7:06:
         e1:14:f5:35:8a:d6:1d:cb:2a:bc:49:04:60:d3:04:3c:59:03:
         33:62:ec:52:a0:f3:11:cb:b1:0e:bb:c0:29:0e:fb:6e:66:01:
         58:d0:50:09:a9:b3:6f:f6:ae:84:3d:24:be:f7:4a:d4:59:29:
         26:48:a3:78:a8:0a:6b:e6:c6:fb:88:e8:bf:74:b0:64:08:78:
         60:11:e4:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI99TM1eYkV2JBk2RpchsHgNQAAcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTU0MDIzWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODAxZGMwZTFlNjYxYzhlZjM5ZTJkMTc2MmVhYTcyYjlm
OTQ3MDc4MzE4NTVlZGE5NGE0ZDI1NGQ2ZGRlMzEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz4bXrKU/xGkWD+RDtUlKgl0qoNRezHduedddWxobYF82D
aw3N6Emb2NNqCdFv4r2Cze2c+7j0GVm0ki5fZ50stIwBt+POa+f7wI73VCAxKFHT
JQAbZPzda/p+OKe8vc3Yh06YMyDIjt/5NITwSuolSoJRZQprtC9OM1Xc3ZjlIFfN
s0oSmjJmuDzjBebWMIVGcwRBcAIBcOnXDrUfMh75yreRJF8+4cVu3Y0PUXaEGXNf
r/q80HbOdq3iG2F4hWVL3XPVAZFXmokSJnP5wEJXwA9HC2VhKU9KShYuuSNh7mgT
ri5O4f+N4nDDygbLnH9ad69mRsuF3DV1Nb3OOCaXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMQT1RoHC8gB9mLPLfDFg8Csp9bEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkMmRiY2UxLWRmYWUtNGQ4ZC05ZWYxLTk3MmIzMWU3MzJhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbY9AAwDQYJKoZIhvcNAQELBQADggEBAMZtL9lByRm+nbV61+N2tis0h3aq
PvpwwSJc/I4FC35iCSlZgB6G0leBl0dB7TOHOkhHTtFn3Y/YQF5RWsqDfZZR9+YS
qP5hsKLQZrofcJE/+ndgSkBNmmX1CQF1+DWFK5EVN+kgKyfUWiS+IoUD9NSC9wYQ
DJWNC2+ANF5FFnOun8+HClZ/wQlotG4LdjVSG6MAfUZ2sPyKfyfhTg/lwFzxCGvZ
vGg0eTT1CDrrk+dgpDfnBuEU9TWK1h3LKrxJBGDTBDxZAzNi7FKg8xHLsQ67wCkO
+25mAVjQUAmps2/2roQ9JL73StRZKSZIo3ioCmvmxvuI6L90sGQIeGAR5EU=
-----END CERTIFICATE-----