Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1374a67-dfa3-499e-88a9-33619dcae730.roa
File:                     b1374a67-dfa3-499e-88a9-33619dcae730.roa (raw, json)
Hash identifier:          q/uKvYMbDqVH7QoUyDhVlMeyg511PoYP4MoBpy3fSvs=
Subject key identifier:   2F:DC:4B:72:67:6D:54:B3:57:26:ED:82:80:CF:03:76:68:43:16:14
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       27DFE53CF83C982FE182E9E01439E22100318B5C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1374a67-dfa3-499e-88a9-33619dcae730.roa
Signing time:             Tue 18 Mar 2025 00:00:55 +0000
ROA not before:           Tue 18 Mar 2025 00:00:55 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.128.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:df:e5:3c:f8:3c:98:2f:e1:82:e9:e0:14:39:e2:21:00:31:8b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:00:55 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:24:86:1d:41:f4:39:51:a0:be:1f:23:f9:97:
                    f7:9f:bc:30:16:75:c5:5f:c2:f7:0b:c1:61:7a:56:
                    ff:bd:16:c4:d2:70:d6:fd:9e:b5:ab:8d:3e:80:c5:
                    fb:8a:e7:ef:52:44:c1:db:bb:b3:a7:a7:4c:ec:f0:
                    ca:2f:ed:91:5e:08:b8:24:90:72:89:41:0b:35:fd:
                    9b:6d:79:bc:bd:3e:f2:d4:0a:86:f8:30:c7:00:a3:
                    73:9d:9b:e3:9a:ee:d7:65:03:a9:76:19:04:a0:76:
                    28:44:50:1c:3e:57:ed:a3:36:a1:92:de:f9:aa:07:
                    89:f0:08:b0:a1:ef:0d:24:de:e4:27:52:7b:18:82:
                    4f:1e:db:2b:96:85:07:e0:4d:34:52:d2:9f:9f:6e:
                    02:f6:19:0b:a7:98:82:b2:3e:3a:16:c3:b7:6c:12:
                    e0:44:c3:16:c4:6c:53:49:60:77:31:7e:2c:77:ff:
                    5d:da:cd:a0:0f:fc:39:df:c3:c9:03:5a:c7:2b:dd:
                    a4:e6:9e:83:4b:7b:90:1e:28:7a:3c:8e:47:0a:59:
                    0e:47:95:43:83:20:51:0a:02:d0:46:6f:bc:22:df:
                    b2:a7:1b:34:25:c8:b3:8f:56:1f:be:f3:01:05:db:
                    10:e3:4d:5a:81:c7:b4:ca:e0:b9:48:09:59:41:4e:
                    64:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:DC:4B:72:67:6D:54:B3:57:26:ED:82:80:CF:03:76:68:43:16:14
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1374a67-dfa3-499e-88a9-33619dcae730.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:23:21:35:d8:15:01:09:0e:0a:68:21:30:8c:c4:13:2b:99:
         ec:b0:97:e3:78:ca:20:54:0f:7d:bf:fe:4d:d7:cd:dc:66:0b:
         16:f6:16:9c:07:f4:cb:78:d0:56:12:3a:e7:98:6b:d5:19:73:
         94:31:ba:42:e3:b3:3e:67:bd:b3:3a:95:51:5a:a1:da:68:cc:
         d9:6f:1a:33:39:74:0b:5c:59:f4:ad:63:66:b2:68:cc:b1:f1:
         0f:ab:53:68:f5:60:58:a3:27:32:3a:9d:ff:d9:b2:9c:2f:74:
         5d:e2:7f:8d:ed:7d:65:50:c5:5a:18:15:e1:ac:0b:65:a4:a5:
         45:65:96:39:32:e8:0c:a1:66:02:b0:d1:d9:b5:55:63:73:a3:
         0a:3c:f8:e1:f2:00:a8:0e:1c:59:cf:fb:6c:ad:3b:f5:7a:00:
         b0:2f:02:e4:82:e4:b6:76:5b:78:99:9f:c3:8a:dc:9a:b4:bd:
         69:0d:a9:46:5b:e9:1b:15:c5:b6:98:70:46:64:56:57:52:61:
         e5:5d:05:38:ee:93:71:4c:4f:d0:a0:ac:06:0d:2e:20:0f:75:
         92:3c:5b:48:0f:8c:d4:fe:9e:72:8d:6c:e9:9f:2c:ef:22:11:
         30:ae:b1:8c:0d:44:1e:c6:92:60:b5:44:5c:7d:2f:71:86:e2:
         ea:dd:cf:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJ9/lPPg8mC/hgungFDniIQAxi1wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAwMDU1WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDU4ZWRkZDVhOGM4NDFhZGRjOTMxZDc4MWFlZmU5MjAz
ODk0NjY0YjkyMWM2MWMwZjgzMDlhZDZjOGI0NjhlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0JIYdQfQ5UaC+HyP5l/efvDAWdcVfwvcLwWF6Vv+9FsTS
cNb9nrWrjT6AxfuK5+9SRMHbu7Onp0zs8Mov7ZFeCLgkkHKJQQs1/Ztteby9PvLU
Cob4MMcAo3Odm+Oa7tdlA6l2GQSgdihEUBw+V+2jNqGS3vmqB4nwCLCh7w0k3uQn
UnsYgk8e2yuWhQfgTTRS0p+fbgL2GQunmIKyPjoWw7dsEuBEwxbEbFNJYHcxfix3
/13azaAP/Dnfw8kDWscr3aTmnoNLe5AeKHo8jkcKWQ5HlUODIFEKAtBGb7wi37Kn
GzQlyLOPVh++8wEF2xDjTVqBx7TK4LlICVlBTmQZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUL9xLcmdtVLNXJu2CgM8DdmhDFhQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxMzc0YTY3LWRmYTMtNDk5ZS04OGE5LTMzNjE5ZGNhZTczMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANgDANBgkqhkiG9w0BAQsFAAOCAQEAsiMhNdgVAQkOCmghMIzEEyuZ7LCX
43jKIFQPfb/+TdfN3GYLFvYWnAf0y3jQVhI655hr1RlzlDG6QuOzPme9szqVUVqh
2mjM2W8aMzl0C1xZ9K1jZrJozLHxD6tTaPVgWKMnMjqd/9mynC90XeJ/je19ZVDF
WhgV4awLZaSlRWWWOTLoDKFmArDR2bVVY3OjCjz44fIAqA4cWc/7bK079XoAsC8C
5ILktnZbeJmfw4rcmrS9aQ2pRlvpGxXFtphwRmRWV1Jh5V0FOO6TcUxP0KCsBg0u
IA91kjxbSA+M1P6eco1s6Z8s7yIRMK6xjA1EHsaSYLVEXH0vcYbi6t3PLQ==
-----END CERTIFICATE-----