Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa
File:                     b2c3c467-0357-412c-8f21-70113f26e16c.roa (raw, json)
Hash identifier:          TyMRtBMdHNxURgAji59c2C6aBmZTXInErXMDc6MQj4w=
Subject key identifier:   E8:CF:7A:E3:3B:66:A2:CF:E4:41:FE:6F:31:AE:77:B4:E0:2D:DC:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68BFF4DAEA5DF447E34689825E2785DE7FE04093
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa
Signing time:             Mon 10 Mar 2025 15:00:20 +0000
ROA not before:           Mon 10 Mar 2025 15:00:20 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.172.176.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:bf:f4:da:ea:5d:f4:47:e3:46:89:82:5e:27:85:de:7f:e0:40:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:00:20 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d2:0f:dd:fb:76:e2:32:e6:4c:b8:a5:5b:63:
                    fd:f1:02:74:b4:8c:ea:19:78:15:e8:72:98:56:2a:
                    3c:9a:ac:e8:8b:59:79:93:60:b0:c7:66:92:d5:b8:
                    93:06:ad:05:37:f6:ba:b6:46:b7:b9:f8:32:94:23:
                    04:d2:7b:c8:b6:fb:f1:60:31:55:c4:00:ac:7f:ff:
                    90:d7:c7:2c:6c:d2:a9:e5:38:5a:2d:d2:f6:9f:bb:
                    2d:ab:69:2c:3c:87:d6:39:f2:74:d9:26:fb:fa:6d:
                    7f:07:ca:f8:c2:3b:03:7b:9e:b8:8b:b9:9a:93:26:
                    bf:e5:d2:c2:7a:12:ce:39:18:8a:cb:18:71:7f:ef:
                    a6:85:9b:e5:ef:d6:b7:f7:2a:59:bd:3c:fc:11:8f:
                    bc:9c:ec:f4:49:30:ce:2c:7f:51:b9:24:1b:c2:a8:
                    05:df:22:f9:6a:c0:d1:75:94:48:26:91:b7:cb:92:
                    f6:67:cf:ba:fc:bd:80:9d:dc:96:48:20:4b:1e:2e:
                    34:a6:70:72:ba:f2:98:77:30:66:76:95:37:90:3b:
                    37:7c:c6:9b:39:7d:89:8f:cc:52:a6:fb:7e:7a:68:
                    f2:c4:52:cd:cf:28:61:64:45:8c:96:b0:f3:70:b5:
                    ab:01:68:f2:09:db:3c:63:3b:9f:a2:ff:0b:3d:9a:
                    df:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CF:7A:E3:3B:66:A2:CF:E4:41:FE:6F:31:AE:77:B4:E0:2D:DC:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.172.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:bd:1c:ff:6e:73:0f:bd:98:30:4c:32:fc:92:8d:f7:ec:fe:
         82:7b:bd:8b:87:eb:85:0b:d1:96:30:79:38:29:a8:29:87:8a:
         10:94:ca:7f:fe:05:f6:b1:63:18:be:56:12:a2:ae:4c:f7:0a:
         40:37:ab:35:ba:e4:6f:f0:9e:02:6a:8d:94:fe:57:55:25:5c:
         2e:ed:d2:ec:5d:b4:70:df:11:6d:6c:57:ea:ed:88:98:48:96:
         71:f5:f6:61:d2:fc:f3:7e:bb:9e:4e:96:f7:4b:91:e5:e0:f2:
         be:1a:9c:b4:a5:35:df:de:bf:8a:3f:7f:32:db:2a:d2:11:59:
         46:de:87:ae:74:62:17:cc:b2:7e:82:ee:bc:a8:f6:fb:f1:87:
         6c:02:2f:e2:e2:8e:a2:62:2c:74:3e:19:5f:06:ec:2b:d4:c7:
         d9:5e:01:76:17:b0:58:77:1b:89:35:f6:25:97:a0:64:48:4f:
         6d:3c:fc:58:eb:67:40:f0:42:f8:4a:8e:8e:91:3a:94:1e:31:
         0b:ee:1d:37:1e:33:aa:b1:ce:39:cd:8f:b8:1f:8a:14:f0:bf:
         ac:29:90:26:66:e9:6b:11:94:32:8c:a5:11:98:ae:53:69:2b:
         f3:d9:b6:9a:77:01:e6:a9:f2:3c:67:a7:00:10:cc:6d:76:52:
         15:54:2c:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaL/02upd9EfjRomCXieF3n/gQJMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUwMDIwWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmNhN2ViN2VhYTA1YzhjNGY4NTU0ZjNmYWNhZGM1MzA3
YTlhNGQ1ZjUyYjVkMDBkOTY1ZDQyZDk3ZWIzNDE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf0g/d+3biMuZMuKVbY/3xAnS0jOoZeBXocphWKjyarOiL
WXmTYLDHZpLVuJMGrQU39rq2Rre5+DKUIwTSe8i2+/FgMVXEAKx//5DXxyxs0qnl
OFot0vafuy2raSw8h9Y58nTZJvv6bX8HyvjCOwN7nriLuZqTJr/l0sJ6Es45GIrL
GHF/76aFm+Xv1rf3Klm9PPwRj7yc7PRJMM4sf1G5JBvCqAXfIvlqwNF1lEgmkbfL
kvZnz7r8vYCd3JZIIEseLjSmcHK68ph3MGZ2lTeQOzd8xps5fYmPzFKm+356aPLE
Us3PKGFkRYyWsPNwtasBaPIJ2zxjO5+i/ws9mt/tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6M964ztmos/kQf5vMa53tOAt3A0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyYzNjNDY3LTAzNTctNDEyYy04ZjIxLTcwMTEzZjI2ZTE2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALNrLAwDQYJKoZIhvcNAQELBQADggEBAHC9HP9ucw+9mDBMMvySjffs/oJ7
vYuH64UL0ZYweTgpqCmHihCUyn/+BfaxYxi+VhKirkz3CkA3qzW65G/wngJqjZT+
V1UlXC7t0uxdtHDfEW1sV+rtiJhIlnH19mHS/PN+u55OlvdLkeXg8r4anLSlNd/e
v4o/fzLbKtIRWUbeh650YhfMsn6C7ryo9vvxh2wCL+LijqJiLHQ+GV8G7CvUx9le
AXYXsFh3G4k19iWXoGRIT208/FjrZ0DwQvhKjo6ROpQeMQvuHTceM6qxzjnNj7gf
ihTwv6wpkCZm6WsRlDKMpRGYrlNpK/PZtpp3Aeap8jxnpwAQzG12UhVULEk=
-----END CERTIFICATE-----