Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf4c0d6a-87e1-4500-994c-6d67c6dffa61.roa
File:                     cf4c0d6a-87e1-4500-994c-6d67c6dffa61.roa (raw, json)
Hash identifier:          hbqaNHs5FppW2RKFb5v9Qkm3kIhAMJIEkiaIWHWgQWw=
Subject key identifier:   8A:94:5C:97:EF:A1:E5:B4:EB:9F:54:9A:93:5A:65:2E:95:8F:19:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       175685495B84E77BCB313AA79CF9BA69FB79A4A7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf4c0d6a-87e1-4500-994c-6d67c6dffa61.roa
Signing time:             Wed 19 Mar 2025 00:00:17 +0000
ROA not before:           Wed 19 Mar 2025 00:00:17 +0000
ROA not after:            Wed 23 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.171.240.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:56:85:49:5b:84:e7:7b:cb:31:3a:a7:9c:f9:ba:69:fb:79:a4:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 19 00:00:17 2025 GMT
            Not After : Apr 23 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a5:e1:8a:7c:a9:f9:5d:62:df:2f:0e:1e:47:
                    fe:7b:7f:f0:10:37:9a:cd:50:63:55:bc:82:ce:2d:
                    03:4a:23:4f:3f:09:0f:f9:f7:c5:cc:00:85:74:27:
                    27:a6:74:a6:c1:ca:d2:9a:99:6c:08:84:2f:44:34:
                    b9:02:77:ab:97:f3:91:ec:88:bd:55:f5:5b:c2:9a:
                    7d:01:61:62:e5:fb:b4:3b:ef:f8:f8:60:91:2e:f8:
                    84:c0:0f:d9:7a:cb:8d:1d:64:e3:9c:08:2c:9e:63:
                    d3:d7:e4:26:85:87:cd:26:9b:33:a2:e1:bb:6d:f6:
                    81:85:12:ba:6d:a3:a6:21:09:1f:ff:15:5e:e8:1f:
                    26:d8:a1:5e:4c:08:77:b4:a4:21:8f:f5:12:60:85:
                    26:7f:ee:58:d5:3f:ec:a1:7c:c7:1c:90:7a:72:d7:
                    9e:2b:15:02:df:72:4a:f8:be:d3:e8:df:60:dc:b8:
                    6d:3b:f9:1e:85:15:97:7d:72:27:33:52:31:34:fa:
                    86:4e:c4:25:a6:70:60:16:9c:a4:71:68:bb:51:ca:
                    f2:58:db:30:2a:11:31:61:4e:e0:d3:9e:9c:4a:78:
                    10:dd:a6:0f:3d:bb:a8:41:46:58:4b:f9:a6:17:7e:
                    05:51:59:30:bf:ac:85:aa:66:cf:c8:20:8d:c4:31:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:94:5C:97:EF:A1:E5:B4:EB:9F:54:9A:93:5A:65:2E:95:8F:19:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf4c0d6a-87e1-4500-994c-6d67c6dffa61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.171.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b6:c9:19:c3:e7:fe:08:95:66:bf:ef:bb:27:6d:f4:c7:5f:5c:
         a6:ef:41:df:2f:16:78:58:fc:6a:c5:e8:f6:88:a8:fd:25:e3:
         a1:b2:c9:d6:00:0e:4c:cf:7e:4a:29:0f:09:98:e2:44:90:98:
         39:e8:bc:06:7f:d3:0c:b1:a3:c0:fd:d6:17:dd:cf:5d:c4:e4:
         2e:ed:22:0b:fd:c2:9e:84:11:12:1f:df:0e:df:49:42:32:99:
         8a:09:f3:48:7f:0b:b4:7d:5f:69:e1:83:15:c9:9a:05:b2:5f:
         32:9e:27:63:11:ab:71:c1:17:c5:8b:e1:8a:39:a2:b6:e8:77:
         19:da:20:24:22:cb:78:a0:af:54:5c:9a:f7:a7:66:82:c6:75:
         24:12:93:9b:56:7e:d8:ae:22:4a:36:b0:bf:3e:7c:65:cf:cc:
         f3:8d:cc:9d:0b:77:1e:3e:ed:37:75:50:f2:51:e1:b6:44:a8:
         da:49:00:1a:57:70:a0:52:51:01:e0:65:25:3a:9a:a4:86:e4:
         05:0d:bc:d8:bb:a2:b9:36:8e:a1:79:d6:bd:a4:9f:15:09:2d:
         ba:31:0d:52:e3:13:27:3a:b4:f3:c8:39:48:4d:16:55:39:c1:
         85:4f:ad:3b:16:3d:fc:58:a7:9c:3f:f9:48:63:37:cd:6a:9c:
         d8:cc:13:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF1aFSVuE53vLMTqnnPm6aft5pKcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE5MDAwMDE3WhcNMjUwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNDIyN2Y4YTY4MjFjM2VlYWQxZWVkMmM1MDFiYzI2ZWE4
ZjEwZjA5MjNjZjkwZTQ0YTBmY2I4YWQ3Nzc4ZDk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYpeGKfKn5XWLfLw4eR/57f/AQN5rNUGNVvILOLQNKI08/
CQ/598XMAIV0JyemdKbBytKamWwIhC9ENLkCd6uX85HsiL1V9VvCmn0BYWLl+7Q7
7/j4YJEu+ITAD9l6y40dZOOcCCyeY9PX5CaFh80mmzOi4btt9oGFErpto6YhCR//
FV7oHybYoV5MCHe0pCGP9RJghSZ/7ljVP+yhfMcckHpy154rFQLfckr4vtPo32Dc
uG07+R6FFZd9ciczUjE0+oZOxCWmcGAWnKRxaLtRyvJY2zAqETFhTuDTnpxKeBDd
pg89u6hBRlhL+aYXfgVRWTC/rIWqZs/III3EMTURAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUipRcl++h5bTrn1Sak1plLpWPGb4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmNGMwZDZhLTg3ZTEtNDUwMC05OTRjLTZkNjdjNmRmZmE2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsq/AwDQYJKoZIhvcNAQELBQADggEBALbJGcPn/giVZr/vuydt9MdfXKbv
Qd8vFnhY/GrF6PaIqP0l46GyydYADkzPfkopDwmY4kSQmDnovAZ/0wyxo8D91hfd
z13E5C7tIgv9wp6EERIf3w7fSUIymYoJ80h/C7R9X2nhgxXJmgWyXzKeJ2MRq3HB
F8WL4Yo5orbodxnaICQiy3igr1RcmvenZoLGdSQSk5tWftiuIko2sL8+fGXPzPON
zJ0Ldx4+7Td1UPJR4bZEqNpJABpXcKBSUQHgZSU6mqSG5AUNvNi7ork2jqF51r2k
nxUJLboxDVLjEyc6tPPIOUhNFlU5wYVPrTsWPfxYp5w/+UhjN81qnNjME/s=
-----END CERTIFICATE-----