Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b329dcd2-1949-46fc-8852-9e7592d53c17.roa
File:                     b329dcd2-1949-46fc-8852-9e7592d53c17.roa (raw, json)
Hash identifier:          ZjO33FVH8GfnsPAsNFN4pQ1FwEK90j0uw1CoxrriI98=
Subject key identifier:   5D:A0:CC:62:75:51:7D:D9:3C:7E:50:42:D4:47:EC:03:6B:13:D5:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       59A6F575927F39C83C1B5C0513C43418EC5F712A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b329dcd2-1949-46fc-8852-9e7592d53c17.roa
Signing time:             Tue 04 Mar 2025 18:00:17 +0000
ROA not before:           Tue 04 Mar 2025 18:00:17 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.82.154.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:a6:f5:75:92:7f:39:c8:3c:1b:5c:05:13:c4:34:18:ec:5f:71:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 18:00:17 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a7:9e:b7:69:79:5a:75:d6:5c:66:45:80:0f:
                    2c:db:a6:74:ef:94:f7:86:cb:60:c7:cd:25:6b:ef:
                    2e:91:68:c7:dd:cc:10:1b:7e:d7:f9:39:3e:84:7c:
                    24:b5:34:32:57:66:33:85:97:16:08:79:58:e4:c8:
                    74:72:c1:39:7d:b0:7a:b5:fb:37:27:3c:67:bd:51:
                    6d:be:40:24:8c:8e:90:74:8e:12:0c:e7:b3:ed:79:
                    48:b6:eb:ab:dd:65:5b:18:28:a5:55:7d:da:5d:55:
                    3f:a0:c0:7a:b2:3c:db:23:a0:ab:59:20:64:3c:b5:
                    e5:e6:f8:5f:3e:9d:7c:a5:eb:49:c3:fc:49:7e:4e:
                    7e:91:ba:bb:02:03:cd:ab:db:ba:f1:2c:3b:4a:36:
                    e5:ca:fd:d8:71:ee:b6:b1:13:fc:b1:ec:15:58:79:
                    54:cd:8d:ae:24:0a:cf:22:36:c1:9b:32:a1:8b:1e:
                    f8:34:2b:a5:ac:ea:5f:0e:f1:4f:62:66:d7:14:e4:
                    be:b8:fb:73:82:e2:f1:a6:ab:94:56:1f:07:a5:fb:
                    c4:21:65:cd:4e:90:f6:66:6b:34:7b:66:22:2b:82:
                    87:8d:dc:1b:4f:13:5b:00:a0:10:04:3e:22:34:fd:
                    9f:66:32:9b:72:e6:fb:65:ee:75:97:ae:cd:0b:48:
                    02:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A0:CC:62:75:51:7D:D9:3C:7E:50:42:D4:47:EC:03:6B:13:D5:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b329dcd2-1949-46fc-8852-9e7592d53c17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.82.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:57:b5:50:33:1b:d9:f9:05:3f:0f:55:98:d0:e5:e6:96:cd:
         8c:51:c5:86:01:bb:e6:82:2c:be:02:26:b3:4b:9a:81:f9:94:
         90:cc:07:db:42:31:16:c2:fd:97:e8:d4:99:d1:4a:6c:fe:aa:
         5e:53:df:f6:34:7a:02:21:0d:91:dd:2d:9b:71:a5:37:a5:97:
         0a:20:0b:74:be:d8:b9:de:c0:a4:bb:b2:96:a8:01:8d:77:ea:
         ca:37:41:94:dd:35:58:84:cd:21:53:a8:3a:91:cc:4d:97:d3:
         b6:e2:bc:b2:c8:39:ca:a4:6c:e4:04:ee:2a:a9:19:de:93:40:
         20:bb:3e:b2:89:32:d7:12:58:63:5b:63:25:03:41:36:83:db:
         44:cc:fc:c7:fc:7c:69:2d:15:74:ea:9a:c5:cf:55:58:d6:73:
         15:42:97:99:47:0c:d2:b8:b2:25:ca:82:9c:45:20:41:aa:7a:
         bc:cd:ca:03:43:85:6f:13:05:3c:d4:6c:7e:00:1e:f8:fb:c6:
         d7:86:9d:3e:65:aa:e4:68:07:d0:d1:c1:e2:11:75:a7:f5:0d:
         c2:31:13:05:15:20:78:7d:94:c1:e4:7c:9d:1d:a3:bb:13:35:
         0d:75:8b:b8:69:5a:f8:cd:18:37:88:45:ac:4b:52:15:f9:dc:
         0f:81:0b:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWab1dZJ/Ocg8G1wFE8Q0GOxfcSowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTgwMDE3WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MGJlZGMyYzlmZjAxNDU2MGE1YWY3ZjhhNDg5YzVkYWFi
M2I4ZThhYjIxY2VmMGExOWFhNzcyYzY3ZWExNjkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfp563aXladdZcZkWADyzbpnTvlPeGy2DHzSVr7y6RaMfd
zBAbftf5OT6EfCS1NDJXZjOFlxYIeVjkyHRywTl9sHq1+zcnPGe9UW2+QCSMjpB0
jhIM57PteUi266vdZVsYKKVVfdpdVT+gwHqyPNsjoKtZIGQ8teXm+F8+nXyl60nD
/El+Tn6RursCA82r27rxLDtKNuXK/dhx7raxE/yx7BVYeVTNja4kCs8iNsGbMqGL
Hvg0K6Ws6l8O8U9iZtcU5L64+3OC4vGmq5RWHwel+8QhZc1OkPZmazR7ZiIrgoeN
3BtPE1sAoBAEPiI0/Z9mMpty5vtl7nWXrs0LSAJ7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXaDMYnVRfdk8flBC1EfsA2sT1dIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzMjlkY2QyLTE5NDktNDZmYy04ODUyLTllNzU5MmQ1M2MxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFiUpowDQYJKoZIhvcNAQELBQADggEBAL5XtVAzG9n5BT8PVZjQ5eaWzYxR
xYYBu+aCLL4CJrNLmoH5lJDMB9tCMRbC/Zfo1JnRSmz+ql5T3/Y0egIhDZHdLZtx
pTellwogC3S+2LnewKS7spaoAY136so3QZTdNViEzSFTqDqRzE2X07bivLLIOcqk
bOQE7iqpGd6TQCC7PrKJMtcSWGNbYyUDQTaD20TM/Mf8fGktFXTqmsXPVVjWcxVC
l5lHDNK4siXKgpxFIEGqerzNygNDhW8TBTzUbH4AHvj7xteGnT5lquRoB9DRweIR
daf1DcIxEwUVIHh9lMHkfJ0do7sTNQ11i7hpWvjNGDeIRaxLUhX53A+BCzs=
-----END CERTIFICATE-----