Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b72f4616-5ee0-476d-82ee-4c547532502d.roa
File:                     b72f4616-5ee0-476d-82ee-4c547532502d.roa (raw, json)
Hash identifier:          bCdD2D3zQCOaunQ+VyEq0npKwo0D9BWFKnHOkejGEGw=
Subject key identifier:   0A:36:26:51:FB:7F:A9:D4:CD:39:8B:ED:33:D8:5C:37:FE:83:BF:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       376013584C223C858B94553FA933E6C4E9F4C0CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b72f4616-5ee0-476d-82ee-4c547532502d.roa
Signing time:             Sat 15 Mar 2025 00:01:52 +0000
ROA not before:           Sat 15 Mar 2025 00:01:52 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        157.135.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:60:13:58:4c:22:3c:85:8b:94:55:3f:a9:33:e6:c4:e9:f4:c0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 15 00:01:52 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d1:a9:c5:42:40:ea:85:a8:21:91:04:8f:72:
                    31:c6:2e:7b:5d:2c:56:9d:71:97:37:54:07:04:0d:
                    5d:2c:8c:ca:22:d5:96:60:71:0f:73:c6:8f:16:1a:
                    71:39:6e:11:7a:aa:10:c0:22:58:48:00:6b:46:28:
                    75:88:5d:69:b8:9a:90:d0:1b:f7:b8:26:0e:a6:95:
                    3f:e8:8e:1e:7e:58:1d:95:09:44:30:71:6c:f0:1d:
                    14:69:39:fb:c5:59:3f:ea:2d:87:40:8b:7b:8d:5a:
                    db:bd:69:f1:0d:ee:a0:99:db:9b:90:d4:74:f9:55:
                    cb:b5:7f:98:33:58:38:d5:6a:b4:57:b5:7b:94:b7:
                    60:60:68:bc:93:a6:8f:d6:70:59:8e:15:78:19:84:
                    ae:12:81:aa:71:a8:c9:00:2c:0d:03:7b:e9:8c:85:
                    36:44:76:74:a1:b2:1f:33:72:e4:2f:48:e5:c4:e6:
                    4e:a0:d2:14:80:b3:18:10:29:df:1f:dc:f7:e7:1b:
                    51:0f:86:c1:8c:88:8b:5d:e0:da:2c:52:48:56:74:
                    91:93:13:14:14:3d:4f:a0:fb:e5:71:66:18:42:2b:
                    ee:0d:c5:b0:cd:8f:bc:d0:ad:6a:56:ed:e2:2d:f7:
                    2d:28:fc:17:15:1f:05:85:14:c4:f0:53:1f:d4:6e:
                    bf:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:36:26:51:FB:7F:A9:D4:CD:39:8B:ED:33:D8:5C:37:FE:83:BF:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b72f4616-5ee0-476d-82ee-4c547532502d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.135.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:a1:04:55:ec:27:18:8e:04:77:07:c3:89:8a:a8:34:5c:80:
         26:24:e9:7f:f5:0e:a8:03:4f:80:e6:a7:e8:80:19:c5:42:69:
         9e:66:d0:18:98:a4:a3:24:50:9b:9a:cf:80:f9:6e:67:28:08:
         cc:e3:1f:54:36:14:41:0e:7e:6e:85:a8:f4:5b:bc:0e:bc:8a:
         39:47:d3:41:38:8f:fb:8d:0a:39:b5:fa:5c:1e:6a:3f:9d:ea:
         5b:10:a4:20:2f:14:e5:cd:60:e0:92:1d:f4:ad:9e:1e:e5:60:
         92:7e:86:fb:4e:5c:3d:05:61:5d:3c:0b:95:6d:d0:8a:62:25:
         14:d2:9e:a0:f3:bd:2e:b9:de:30:8c:62:78:e9:02:2e:13:64:
         f2:7c:26:91:02:f6:76:e3:ee:78:51:51:f5:dd:07:88:4e:1c:
         40:4b:57:d1:bd:fa:94:56:74:d0:1a:43:38:43:7d:0e:51:a1:
         a5:68:fa:6d:b0:f2:74:de:06:40:2c:a1:c8:88:81:30:74:21:
         9d:a2:d3:2a:cc:d2:5a:e6:72:8f:bc:54:86:4b:f8:99:f9:23:
         ea:b0:88:ea:c0:a6:98:99:fc:8e:a3:5b:db:d3:79:88:5b:9d:
         f0:11:63:31:97:93:22:73:c7:b5:30:f9:21:61:9c:02:21:15:
         42:03:72:45
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN2ATWEwiPIWLlFU/qTPmxOn0wMwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE1MDAwMTUyWhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlN2Y0MjE5MTY1ZTAyMTQ3MTQ1MDJmNDZjZjI3MDgzMGNj
MDdjOGM3MmU2NmJhNTM2ZGEzNTVkZDU4MjU0NGQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb0anFQkDqhaghkQSPcjHGLntdLFadcZc3VAcEDV0sjMoi
1ZZgcQ9zxo8WGnE5bhF6qhDAIlhIAGtGKHWIXWm4mpDQG/e4Jg6mlT/ojh5+WB2V
CUQwcWzwHRRpOfvFWT/qLYdAi3uNWtu9afEN7qCZ25uQ1HT5Vcu1f5gzWDjVarRX
tXuUt2BgaLyTpo/WcFmOFXgZhK4SgapxqMkALA0De+mMhTZEdnShsh8zcuQvSOXE
5k6g0hSAsxgQKd8f3PfnG1EPhsGMiItd4NosUkhWdJGTExQUPU+g++VxZhhCK+4N
xbDNj7zQrWpW7eIt9y0o/BcVHwWFFMTwUx/Ubr/jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCjYmUft/qdTNOYvtM9hcN/6Dv8swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3MmY0NjE2LTVlZTAtNDc2ZC04MmVlLTRjNTQ3NTMyNTAyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCdhzANBgkqhkiG9w0BAQsFAAOCAQEAF6EEVewnGI4EdwfDiYqoNFyAJiTp
f/UOqANPgOan6IAZxUJpnmbQGJikoyRQm5rPgPluZygIzOMfVDYUQQ5+boWo9Fu8
DryKOUfTQTiP+40KObX6XB5qP53qWxCkIC8U5c1g4JId9K2eHuVgkn6G+05cPQVh
XTwLlW3QimIlFNKeoPO9LrneMIxieOkCLhNk8nwmkQL2duPueFFR9d0HiE4cQEtX
0b36lFZ00BpDOEN9DlGhpWj6bbDydN4GQCyhyIiBMHQhnaLTKszSWuZyj7xUhkv4
mfkj6rCI6sCmmJn8jqNb29N5iFud8BFjMZeTInPHtTD5IWGcAiEVQgNyRQ==
-----END CERTIFICATE-----