Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8e867f3-9430-4ec2-8be1-c7406b137e2a.roa
File:                     b8e867f3-9430-4ec2-8be1-c7406b137e2a.roa (raw, json)
Hash identifier:          8BhlF6J2drYnXRBkxhBKvXdNrw6gNwMNoG0yYP//PQI=
Subject key identifier:   12:A2:FA:DC:79:21:12:98:2E:E9:1B:74:AE:DE:90:59:FD:A7:B4:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71C6F890068492515E8F0AA7C5F43C90FCF678D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8e867f3-9430-4ec2-8be1-c7406b137e2a.roa
Signing time:             Fri 14 Mar 2025 00:32:12 +0000
ROA not before:           Fri 14 Mar 2025 00:32:12 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.82.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:c6:f8:90:06:84:92:51:5e:8f:0a:a7:c5:f4:3c:90:fc:f6:78:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:32:12 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:84:f6:67:ca:38:ef:13:0b:56:29:a8:a0:
                    05:02:b4:67:0c:c8:75:08:70:1d:6c:34:fd:b4:47:
                    20:11:81:4f:1f:a5:23:00:a9:fb:f6:51:fd:84:a6:
                    a4:25:56:46:7b:03:35:d9:7c:03:c1:b3:ce:e4:d0:
                    9e:11:f3:4f:a0:6e:b3:fc:c9:9a:a9:f1:d8:9a:bf:
                    73:a5:76:38:ba:a9:06:a1:a2:d2:db:5c:7f:fd:f3:
                    fc:a9:65:b1:a5:bc:10:19:6f:64:30:cb:c0:ff:1f:
                    b8:5f:cc:1b:b6:7e:f1:8d:22:62:4a:3e:d7:d1:75:
                    ef:b9:f5:84:16:eb:96:42:51:ab:50:bf:1b:78:1e:
                    aa:45:d6:0f:fa:c0:aa:d3:95:a2:3a:3c:93:aa:9c:
                    7b:49:5e:07:cb:12:f9:23:89:33:bd:76:24:65:44:
                    54:42:bb:41:5c:2c:57:fa:3c:b0:73:a6:19:a7:92:
                    96:42:ba:01:ac:f1:ad:d8:0f:7d:bc:5b:d7:b7:83:
                    c7:ea:19:c1:1b:a5:c2:6a:27:7d:c8:d7:3b:b4:cf:
                    88:ed:05:7f:49:3f:de:29:65:25:ab:d7:1b:a5:7a:
                    cc:02:1b:58:19:76:a7:ca:3b:7a:74:2f:ef:b6:d9:
                    c8:1c:5e:e0:5d:0b:33:bc:48:3b:c7:d2:a5:f8:54:
                    fd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A2:FA:DC:79:21:12:98:2E:E9:1B:74:AE:DE:90:59:FD:A7:B4:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8e867f3-9430-4ec2-8be1-c7406b137e2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5f:a7:41:69:09:7c:fc:ec:e4:ce:90:b0:75:42:5a:82:06:68:
         a1:18:68:a7:32:65:1b:50:48:3a:0f:16:08:d5:ec:16:22:ba:
         7e:03:89:f0:2c:00:17:01:c0:51:07:12:51:a5:5e:74:e8:64:
         6d:ef:34:95:ab:db:8e:84:23:81:3a:f5:aa:ea:5a:92:92:6d:
         af:a7:df:b7:7c:64:4f:68:60:16:36:18:5b:8c:9a:00:03:da:
         a2:9d:5b:1b:24:9a:70:c2:d7:3f:27:3a:b0:f0:96:5e:d8:7a:
         47:b2:0b:08:90:31:de:5f:82:eb:ce:bd:6b:0c:8a:0f:d6:cf:
         45:fb:b4:f0:41:f8:17:a7:98:1a:ad:96:b8:25:95:79:f8:2b:
         00:f7:98:00:9e:48:3c:d9:6c:5d:72:e4:b8:98:f7:39:0c:88:
         0c:01:6e:7b:c3:46:3b:17:84:88:e5:a8:01:4d:43:7e:0a:3a:
         5d:d8:d1:dc:4a:c7:ea:56:8a:e0:cb:f5:d0:33:80:ba:16:2f:
         84:54:21:30:3f:ad:4d:46:ee:c8:80:41:98:8c:3b:ba:e3:05:
         af:3b:57:8e:14:85:45:79:dc:d2:11:f4:fb:be:d8:81:07:fc:
         13:ce:e2:06:37:a5:90:be:7a:65:81:94:06:f5:d6:4b:91:a0:
         1e:23:5c:02
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUccb4kAaEklFejwqnxfQ8kPz2eNQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAzMjEyWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmUwZjVmNDQ4YjYzYzM5MGYzMDM2NDJkNmUwZGQ0YWQ4
NjE0MGVmNzZkMzI1ZmUzNDlhYTMyNzFkYTkyNWE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqRYT2Z8o47xMLVimooAUCtGcMyHUIcB1sNP20RyARgU8f
pSMAqfv2Uf2EpqQlVkZ7AzXZfAPBs87k0J4R80+gbrP8yZqp8diav3Oldji6qQah
otLbXH/98/ypZbGlvBAZb2Qwy8D/H7hfzBu2fvGNImJKPtfRde+59YQW65ZCUatQ
vxt4HqpF1g/6wKrTlaI6PJOqnHtJXgfLEvkjiTO9diRlRFRCu0FcLFf6PLBzphmn
kpZCugGs8a3YD328W9e3g8fqGcEbpcJqJ33I1zu0z4jtBX9JP94pZSWr1xuleswC
G1gZdqfKO3p0L++22cgcXuBdCzO8SDvH0qX4VP3lAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEqL63HkhEpgu6Rt0rt6QWf2ntIowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4ZTg2N2YzLTk0MzAtNGVjMi04YmUxLWM3NDA2YjEzN2UyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4UjANBgkqhkiG9w0BAQsFAAOCAQEAX6dBaQl8/OzkzpCwdUJaggZooRho
pzJlG1BIOg8WCNXsFiK6fgOJ8CwAFwHAUQcSUaVedOhkbe80lavbjoQjgTr1qupa
kpJtr6fft3xkT2hgFjYYW4yaAAPaop1bGySacMLXPyc6sPCWXth6R7ILCJAx3l+C
6869awyKD9bPRfu08EH4F6eYGq2WuCWVefgrAPeYAJ5IPNlsXXLkuJj3OQyIDAFu
e8NGOxeEiOWoAU1Dfgo6XdjR3ErH6laK4Mv10DOAuhYvhFQhMD+tTUbuyIBBmIw7
uuMFrztXjhSFRXnc0hH0+77YgQf8E87iBjelkL56ZYGUBvXWS5GgHiNcAg==
-----END CERTIFICATE-----