Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd040691-6f04-4613-a81f-f5417500cc0b.roa
File:                     cd040691-6f04-4613-a81f-f5417500cc0b.roa (raw, json)
Hash identifier:          +LwDKIiN6zeJAZHeljf9QYDG0T11YNjeqmJRJRu7qjg=
Subject key identifier:   FD:04:E0:9D:6B:95:7B:BE:C0:62:88:C8:32:F8:8F:54:65:C0:63:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DA898469C2D7AA140835794323C47748DDE3C83
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd040691-6f04-4613-a81f-f5417500cc0b.roa
Signing time:             Wed 05 Mar 2025 00:31:03 +0000
ROA not before:           Wed 05 Mar 2025 00:31:03 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.128.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:a8:98:46:9c:2d:7a:a1:40:83:57:94:32:3c:47:74:8d:de:3c:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  5 00:31:03 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:74:ab:b8:11:e3:50:6d:d6:a5:04:0f:23:71:
                    25:4b:62:a2:48:4c:19:3d:17:7c:4d:df:98:4e:09:
                    da:b2:df:0f:a0:38:5e:8c:20:42:ca:96:3a:41:d4:
                    3c:4b:bf:99:92:df:2b:f1:bf:24:cf:db:9c:a7:03:
                    d8:3a:3a:6d:87:38:43:e0:09:f5:78:9f:3b:22:46:
                    41:5a:23:fe:cd:4e:c4:49:34:fd:44:93:ca:53:62:
                    9d:fc:46:72:3a:41:25:93:14:b7:08:5d:f8:47:e0:
                    a4:13:d1:c1:81:7f:8f:f5:77:e8:ca:77:d5:44:14:
                    cd:6f:97:9d:fc:a6:f9:31:13:e2:e0:9a:4a:4e:9b:
                    5d:ae:e1:93:d6:4b:71:8e:6f:d7:e9:39:86:36:65:
                    08:3c:6b:54:68:13:13:c5:96:1d:2f:dc:36:58:9b:
                    2c:a7:37:05:ec:b3:89:a7:75:d4:f3:b4:2e:5a:60:
                    29:dc:5b:4a:11:a8:dd:11:c9:80:1e:9f:f7:9c:73:
                    9c:ee:71:b4:7c:f6:35:ff:c9:e4:2d:2e:e2:62:35:
                    58:64:cf:9a:e4:ea:46:b6:79:4c:d7:83:75:3e:b4:
                    af:fb:d4:e7:3e:6d:9c:72:06:2e:f9:98:79:53:6f:
                    35:82:74:81:83:8c:cf:cd:5d:42:2f:c9:ce:e6:95:
                    8f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:04:E0:9D:6B:95:7B:BE:C0:62:88:C8:32:F8:8F:54:65:C0:63:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd040691-6f04-4613-a81f-f5417500cc0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2e:7c:2d:13:ee:d8:2b:52:dc:9c:ba:14:14:39:82:d4:aa:cb:
         57:76:15:87:68:fd:fa:f4:d9:3f:aa:95:30:97:d6:6c:ba:28:
         98:7f:81:ee:70:9a:51:e3:9f:24:30:f0:78:ec:41:03:15:bb:
         45:ed:a7:2b:f7:a4:6e:03:3b:c4:1c:04:6b:fb:25:b6:a5:68:
         72:fa:1c:a3:2d:97:04:74:e9:cd:f9:ca:0b:8c:73:7e:48:d2:
         7e:52:87:5b:0d:a5:7e:c8:c4:bb:01:0a:5b:7d:57:fc:37:3b:
         39:a6:06:1b:6b:34:19:58:43:d7:8f:d2:55:79:64:0c:3f:67:
         98:19:25:74:ed:0d:21:52:03:29:92:71:cd:74:20:3e:cf:b2:
         f1:53:70:c8:4f:d7:a2:b4:b4:c7:69:bf:bc:bf:0e:85:28:68:
         fd:14:d4:81:21:97:33:56:26:af:97:74:b2:1b:9c:f3:1e:7c:
         be:d0:7d:75:10:4d:29:93:c2:6b:2c:db:e1:9f:4e:a9:e8:52:
         10:8b:39:ae:35:9f:87:9e:7b:cd:9e:ad:07:c8:5f:a0:f9:fc:
         6c:3d:7b:e3:67:77:c0:98:33:c1:2d:e6:1a:59:ea:c5:55:cc:
         e5:84:4e:32:4e:43:8d:85:0b:0d:60:6d:23:4b:03:c0:0c:ba:
         fd:02:15:15
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTaiYRpwteqFAg1eUMjxHdI3ePIMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA1MDAzMTAzWhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTlhMjlhNDNiNDY5YTFjMjllZjVkZmYwNjI0MWJmZDAx
MWY3OTk1YTY2YjAyOTc5ZmQ3MTY2OTg0NzA4YWZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbdKu4EeNQbdalBA8jcSVLYqJITBk9F3xN35hOCdqy3w+g
OF6MIELKljpB1DxLv5mS3yvxvyTP25ynA9g6Om2HOEPgCfV4nzsiRkFaI/7NTsRJ
NP1Ek8pTYp38RnI6QSWTFLcIXfhH4KQT0cGBf4/1d+jKd9VEFM1vl538pvkxE+Lg
mkpOm12u4ZPWS3GOb9fpOYY2ZQg8a1RoExPFlh0v3DZYmyynNwXss4mnddTztC5a
YCncW0oRqN0RyYAen/ecc5zucbR89jX/yeQtLuJiNVhkz5rk6ka2eUzXg3U+tK/7
1Oc+bZxyBi75mHlTbzWCdIGDjM/NXUIvyc7mlY9zAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/QTgnWuVe77AYojIMviPVGXAY2EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NkMDQwNjkxLTZmMDQtNDYxMy1hODFmLWY1NDE3NTAwY2MwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4gDANBgkqhkiG9w0BAQsFAAOCAQEALnwtE+7YK1LcnLoUFDmC1KrLV3YV
h2j9+vTZP6qVMJfWbLoomH+B7nCaUeOfJDDweOxBAxW7Re2nK/ekbgM7xBwEa/sl
tqVocvocoy2XBHTpzfnKC4xzfkjSflKHWw2lfsjEuwEKW31X/Dc7OaYGG2s0GVhD
14/SVXlkDD9nmBkldO0NIVIDKZJxzXQgPs+y8VNwyE/XorS0x2m/vL8OhSho/RTU
gSGXM1Ymr5d0shuc8x58vtB9dRBNKZPCayzb4Z9OqehSEIs5rjWfh557zZ6tB8hf
oPn8bD1742d3wJgzwS3mGlnqxVXM5YROMk5DjYULDWBtI0sDwAy6/QIVFQ==
-----END CERTIFICATE-----