Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
File:                     bbc2b1a5-5365-48b4-affd-3867c265d11a.roa (raw, json)
Hash identifier:          Xq7TY8ISHpaQO2qZyTYGAuu7CBcPzdwLi8YY+g67vgo=
Subject key identifier:   1C:69:27:84:2E:3F:F2:34:52:A6:F8:E7:0F:E7:B4:17:DD:FE:B7:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68C3C8E7A889906F3668533B53C7D3AA64B95CCE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
Signing time:             Mon 24 Mar 2025 15:50:26 +0000
ROA not before:           Mon 24 Mar 2025 15:50:26 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        89.254.8.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:c3:c8:e7:a8:89:90:6f:36:68:53:3b:53:c7:d3:aa:64:b9:5c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:50:26 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:83:28:61:e1:cb:1a:24:a3:16:a1:5e:d4:68:
                    d2:60:d9:69:5d:57:b9:47:25:18:df:e0:75:1d:26:
                    83:52:12:b7:08:50:6e:98:2b:3d:2e:71:3c:65:88:
                    3c:ca:57:5d:e9:f3:c2:a4:a8:23:39:4a:b7:01:eb:
                    da:53:70:09:96:07:ed:a8:e1:84:bd:9e:c8:33:70:
                    9f:67:12:9a:d2:2a:47:58:97:e0:70:72:1e:43:b6:
                    27:2f:03:c3:64:69:96:04:b4:29:4d:64:1e:90:2e:
                    c9:dd:bd:20:bb:60:f0:1a:94:5e:39:3c:4e:75:d7:
                    72:58:68:a9:30:f2:1f:73:20:db:d3:e3:b0:eb:5d:
                    a7:49:cb:77:42:bc:cc:25:ad:13:04:da:06:d4:10:
                    cb:47:e2:71:bb:40:3d:07:a9:7a:ef:47:a1:fe:78:
                    90:3a:a6:5c:ea:7e:fe:42:ab:8c:96:1b:a9:0a:8b:
                    a0:83:b8:2b:56:1d:f8:bd:d4:96:b0:72:54:87:10:
                    2c:97:db:1e:22:23:11:e3:28:6e:99:de:8d:10:8b:
                    c5:be:02:38:0f:b8:a9:19:0c:37:67:13:c2:7c:d1:
                    f4:92:e6:79:e5:10:b9:b8:7e:32:84:72:e2:af:ae:
                    e4:4a:93:09:ab:b7:ed:86:66:1d:a5:69:d5:41:e2:
                    d2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:69:27:84:2E:3F:F2:34:52:A6:F8:E7:0F:E7:B4:17:DD:FE:B7:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:71:d8:3c:44:60:3f:6e:15:48:f8:0c:ab:be:63:a3:11:95:
         da:6e:cf:b6:24:d5:ea:62:60:b2:a3:ae:23:09:d8:0c:d1:95:
         16:32:5c:de:61:d7:9d:9d:52:95:c9:bf:9c:d3:b9:2b:5f:8d:
         52:92:01:d9:ca:68:b9:e0:6c:4b:16:1a:cd:ab:52:8e:79:44:
         81:72:75:c3:c3:6b:b8:e9:10:96:11:14:34:8d:1d:ee:d2:d5:
         18:4c:51:f1:dd:f2:0e:c1:ee:ba:9e:4d:15:6a:37:6b:e0:c2:
         ba:30:72:cd:a0:4d:b1:4f:67:30:b0:b2:61:ea:20:73:33:e7:
         1a:e6:95:45:5c:d8:14:5c:e5:34:43:24:5a:ea:8c:38:fe:d6:
         c6:ce:77:0c:dd:c6:0a:4d:02:b0:0a:16:f8:75:9d:d5:04:dc:
         02:fb:18:7a:95:83:88:ea:62:da:ef:25:3c:fd:72:43:74:cc:
         6c:35:e1:a9:8e:c5:c5:ba:4b:94:99:b3:48:c8:39:85:88:0b:
         bc:07:d0:5e:66:df:37:7f:31:84:ba:52:26:4a:ba:1a:81:95:
         d4:f0:7d:13:58:a8:b4:ec:eb:c6:23:cc:0b:a4:48:fc:d5:8f:
         ef:1c:cd:57:79:06:8e:ba:b6:3f:59:42:6d:22:aa:e9:43:6d:
         50:c5:e8:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaMPI56iJkG82aFM7U8fTqmS5XM4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTU1MDI2WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjFiNDYwYTZmYTU5YmI0MDFmZDcxNGI4NDExYzFhNTYw
ZDI3MDRlYWM4MDcwYWEzNjI2YjkyZTE1ZjU1Y2JkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrgyhh4csaJKMWoV7UaNJg2WldV7lHJRjf4HUdJoNSErcI
UG6YKz0ucTxliDzKV13p88KkqCM5SrcB69pTcAmWB+2o4YS9nsgzcJ9nEprSKkdY
l+Bwch5DticvA8NkaZYEtClNZB6QLsndvSC7YPAalF45PE5113JYaKkw8h9zINvT
47DrXadJy3dCvMwlrRME2gbUEMtH4nG7QD0HqXrvR6H+eJA6plzqfv5Cq4yWG6kK
i6CDuCtWHfi91JawclSHECyX2x4iIxHjKG6Z3o0Qi8W+AjgPuKkZDDdnE8J80fSS
5nnlELm4fjKEcuKvruRKkwmrt+2GZh2ladVB4tKxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHGknhC4/8jRSpvjnD+e0F93+t0kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiYzJiMWE1LTUzNjUtNDhiNC1hZmZkLTM4NjdjMjY1ZDExYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANZ/ggwDQYJKoZIhvcNAQELBQADggEBAARx2DxEYD9uFUj4DKu+Y6MRldpu
z7Yk1epiYLKjriMJ2AzRlRYyXN5h152dUpXJv5zTuStfjVKSAdnKaLngbEsWGs2r
Uo55RIFydcPDa7jpEJYRFDSNHe7S1RhMUfHd8g7B7rqeTRVqN2vgwrowcs2gTbFP
ZzCwsmHqIHMz5xrmlUVc2BRc5TRDJFrqjDj+1sbOdwzdxgpNArAKFvh1ndUE3AL7
GHqVg4jqYtrvJTz9ckN0zGw14amOxcW6S5SZs0jIOYWIC7wH0F5m3zd/MYS6UiZK
uhqBldTwfRNYqLTs68YjzAukSPzVj+8czVd5Bo66tj9ZQm0iqulDbVDF6C8=
-----END CERTIFICATE-----