Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cfbd0837-4eff-479f-a1bc-b854caccddcb.roa
File:                     cfbd0837-4eff-479f-a1bc-b854caccddcb.roa (raw, json)
Hash identifier:          FTXZTiDmLQ2/3rpeF4aCgpAJrIun/DXqhChUvfjdAsU=
Subject key identifier:   4D:EF:A3:3E:1E:5A:AF:1F:D7:93:DF:67:45:F9:89:7C:C5:0F:62:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0ACF747DC16AE45C8CECD1DE33C0FD83CCED4BC1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cfbd0837-4eff-479f-a1bc-b854caccddcb.roa
Signing time:             Sat 15 Mar 2025 00:20:27 +0000
ROA not before:           Sat 15 Mar 2025 00:20:27 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.68.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:cf:74:7d:c1:6a:e4:5c:8c:ec:d1:de:33:c0:fd:83:cc:ed:4b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 15 00:20:27 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:62:16:4a:df:bf:4a:2b:fa:1d:30:99:25:b9:
                    36:6a:44:aa:81:a2:77:ec:22:49:b0:e4:62:08:02:
                    28:ee:54:53:1c:a0:ba:b2:24:1a:0a:e4:46:d1:76:
                    7b:f7:7e:b6:10:98:16:52:03:b9:a1:82:ad:c6:5e:
                    6d:e4:5b:40:69:a2:5b:57:21:2f:5a:18:4d:bf:58:
                    51:5f:b3:09:28:8a:f3:d0:61:c6:7b:5f:20:1e:44:
                    33:c1:a7:61:39:dc:3a:0b:98:21:0c:a0:17:5d:96:
                    5e:dd:61:5e:38:52:9c:78:9c:28:00:dd:a7:eb:14:
                    66:00:4c:ed:1b:3c:82:f2:8c:83:b2:79:eb:de:69:
                    ab:35:57:20:d2:db:8c:b4:9f:e0:56:e3:71:63:d1:
                    6f:4f:ab:68:e3:f3:aa:08:b2:7a:b8:39:52:50:80:
                    cc:f7:eb:6b:26:15:7f:50:7d:cf:84:d3:15:66:2e:
                    56:a9:d9:39:e8:0c:15:7d:3b:2c:42:29:0b:c3:cd:
                    7d:f0:b8:43:26:bb:08:16:cf:a5:bb:3c:96:f0:19:
                    df:37:df:d1:a3:ad:4d:b5:54:53:25:e6:25:93:6f:
                    07:8a:6c:8f:29:f6:c1:73:9b:48:f1:b7:81:06:4a:
                    b8:51:8f:fe:08:79:ed:b3:54:52:86:0e:0a:a1:e5:
                    22:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EF:A3:3E:1E:5A:AF:1F:D7:93:DF:67:45:F9:89:7C:C5:0F:62:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cfbd0837-4eff-479f-a1bc-b854caccddcb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:5c:c1:7a:17:ff:11:e8:fb:74:d3:4c:c8:2e:8b:79:2d:18:
         7a:27:c0:a8:fa:10:19:71:ee:90:e7:d6:3f:24:86:0c:21:da:
         f3:5a:2c:3a:8d:7b:02:1d:a1:ba:46:02:36:98:a0:ad:2b:1b:
         88:38:c1:ac:df:61:72:e7:1c:ad:da:2e:fe:8b:2c:11:fb:79:
         76:39:92:d6:d8:fc:6d:c0:d1:81:fb:6d:26:d5:90:87:10:98:
         5a:12:cf:a3:3e:86:7f:21:ad:9e:26:be:7b:31:3b:d8:63:0f:
         97:84:72:56:77:e2:a2:d6:7a:31:a8:b4:27:61:cd:e3:80:94:
         df:c2:10:2d:5b:c0:ad:53:d4:41:8a:4f:e9:61:4a:b4:92:7a:
         cd:51:78:89:60:fa:d3:59:db:74:ec:72:68:7f:5b:90:0c:e0:
         d9:08:4e:2f:25:32:16:bc:70:bd:bb:d3:73:89:d9:cc:77:3c:
         60:8e:9b:1c:6a:cc:b9:ed:b3:3e:79:d5:a7:e3:7e:15:49:37:
         c9:be:e8:d9:51:ee:3e:47:e7:2d:59:ed:2f:a6:d3:07:74:90:
         07:25:57:82:74:de:1d:6e:fb:41:9c:ed:dd:f2:6f:65:02:31:
         be:b2:98:76:72:6c:9d:e2:81:75:54:30:43:80:fc:21:ec:eb:
         e8:9b:76:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCs90fcFq5FyM7NHeM8D9g8ztS8EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE1MDAyMDI3WhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmU4MWEwOTM1ZjgzODBhNmI5NjA5NzA4OTg3ZDcwZTk1
NjQ3MWIyMjZiNWI3ZjZhMDEyNzIyYjkwZjJlNDczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgYhZK379KK/odMJkluTZqRKqBonfsIkmw5GIIAijuVFMc
oLqyJBoK5EbRdnv3frYQmBZSA7mhgq3GXm3kW0BpoltXIS9aGE2/WFFfswkoivPQ
YcZ7XyAeRDPBp2E53DoLmCEMoBddll7dYV44Upx4nCgA3afrFGYATO0bPILyjIOy
eeveaas1VyDS24y0n+BW43Fj0W9Pq2jj86oIsnq4OVJQgMz362smFX9Qfc+E0xVm
Llap2TnoDBV9OyxCKQvDzX3wuEMmuwgWz6W7PJbwGd8339GjrU21VFMl5iWTbweK
bI8p9sFzm0jxt4EGSrhRj/4Iee2zVFKGDgqh5SKjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTe+jPh5arx/Xk99nRfmJfMUPYjQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmYmQwODM3LTRlZmYtNDc5Zi1hMWJjLWI4NTRjYWNjZGRjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EQwDQYJKoZIhvcNAQELBQADggEBAAFcwXoX/xHo+3TTTMgui3ktGHon
wKj6EBlx7pDn1j8khgwh2vNaLDqNewIdobpGAjaYoK0rG4g4wazfYXLnHK3aLv6L
LBH7eXY5ktbY/G3A0YH7bSbVkIcQmFoSz6M+hn8hrZ4mvnsxO9hjD5eEclZ34qLW
ejGotCdhzeOAlN/CEC1bwK1T1EGKT+lhSrSSes1ReIlg+tNZ23Tscmh/W5AM4NkI
Ti8lMha8cL2703OJ2cx3PGCOmxxqzLntsz551afjfhVJN8m+6NlR7j5H5y1Z7S+m
0wd0kAclV4J03h1u+0Gc7d3yb2UCMb6ymHZybJ3igXVUMEOA/CHs6+ibdrg=
-----END CERTIFICATE-----