Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d1a5f9bd-ede4-4387-85bf-7fdfd794a298.roa
File:                     d1a5f9bd-ede4-4387-85bf-7fdfd794a298.roa (raw, json)
Hash identifier:          4lNEA86qA4+NVZ5yzT4wym6cgU5FHtsHOB0LFF198xs=
Subject key identifier:   1C:08:B8:60:E2:F0:51:69:96:96:4E:77:D8:FA:45:DC:5B:D4:4F:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F54AB7738C342E6E639B7E8471BB7E2503E1E24
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d1a5f9bd-ede4-4387-85bf-7fdfd794a298.roa
Signing time:             Tue 04 Mar 2025 17:20:12 +0000
ROA not before:           Tue 04 Mar 2025 17:20:12 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.26.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:54:ab:77:38:c3:42:e6:e6:39:b7:e8:47:1b:b7:e2:50:3e:1e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:20:12 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3f:b0:26:87:0c:52:d5:04:1c:33:cd:43:1e:
                    7d:83:a4:2d:99:d7:c5:e6:d8:1a:cf:65:5c:24:6e:
                    b9:8d:a2:e3:db:d3:48:34:26:45:e4:50:20:87:4c:
                    9d:d2:50:05:4b:a1:42:bb:ee:1a:e2:06:77:0e:c1:
                    9b:57:19:f9:45:d7:08:70:24:94:b2:ff:a7:3a:25:
                    47:28:e4:26:9f:81:03:14:e8:ac:14:14:e9:ab:8d:
                    fb:96:5d:49:fe:93:25:18:35:05:dc:33:09:c4:9f:
                    6b:64:67:c2:96:07:65:65:52:56:bb:97:5a:85:f9:
                    22:51:db:2c:b8:bb:ef:79:ac:87:6b:9b:f3:4e:12:
                    97:a4:20:48:96:79:a1:1d:59:d4:f2:6b:10:7f:29:
                    82:68:fa:4a:f6:16:7b:4f:c9:b0:0a:0a:de:c4:c2:
                    08:e7:3e:4b:ac:00:61:de:bd:ec:70:d1:b5:e8:6e:
                    bd:e2:ff:ca:a5:5e:06:9a:62:3b:af:af:11:65:7a:
                    d3:66:13:6a:93:ee:1d:56:7d:08:2e:0b:91:11:15:
                    69:a6:b5:9e:ac:8c:03:f6:64:39:24:6a:51:18:5f:
                    e0:1f:b0:1f:42:0d:70:c4:f7:99:b0:b1:b5:0a:20:
                    e2:57:7c:2a:04:85:10:81:13:6c:10:de:86:4f:b9:
                    3e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:08:B8:60:E2:F0:51:69:96:96:4E:77:D8:FA:45:DC:5B:D4:4F:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d1a5f9bd-ede4-4387-85bf-7fdfd794a298.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.26.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:ed:0c:1b:c7:d5:d8:3f:fb:c9:d0:e2:af:28:d9:43:ee:87:
         6f:85:73:dd:cc:fb:1f:68:07:c7:28:0f:38:d4:8a:2e:52:e9:
         61:77:c4:f2:ea:8f:0e:cd:56:8c:97:be:a1:f8:d2:eb:cc:24:
         9d:d6:3a:d3:16:5c:42:44:4f:4f:79:fe:71:ac:e1:1c:8d:40:
         03:fe:60:30:0f:cf:ba:3d:58:ce:31:7e:11:75:44:bd:60:f3:
         c1:74:f1:32:39:b4:b6:23:7b:97:00:e0:8d:8e:b6:56:91:c1:
         4d:b1:90:71:4d:e4:00:e5:8a:d4:b3:4a:f5:f5:f4:32:c7:2b:
         a8:fa:a0:8b:7a:51:c4:fa:bf:0e:e6:46:f0:2f:03:dc:f6:06:
         03:4e:6c:be:29:a9:1b:d8:be:7d:60:76:7c:62:99:18:67:38:
         8e:e2:94:6e:0d:2e:e2:b3:37:7e:44:c8:2c:09:c4:9d:4b:a5:
         04:e6:63:0b:af:7b:92:94:02:82:a1:8d:37:bf:2b:99:7c:a5:
         7c:89:ae:8b:ae:f3:ee:08:c7:c6:76:40:fc:b9:f5:94:34:f1:
         af:a7:7c:1b:61:f1:2d:d4:be:61:e1:ad:24:19:23:b0:df:62:
         46:07:4c:b9:cd:bc:1f:1d:bc:52:64:32:0d:d7:76:c1:4f:34:
         8e:71:a7:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUD1SrdzjDQubmObfoRxu34lA+HiQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTcyMDEyWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTEzMDcyM2MwMjkyZGQxNDJmMDZkMTcyNGZhNmY4YmRh
YTc5Mjg2OWVmY2E1ZDNkYmJkNWM5M2YxMGEwMDQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMP7AmhwxS1QQcM81DHn2DpC2Z18Xm2BrPZVwkbrmNouPb
00g0JkXkUCCHTJ3SUAVLoUK77hriBncOwZtXGflF1whwJJSy/6c6JUco5CafgQMU
6KwUFOmrjfuWXUn+kyUYNQXcMwnEn2tkZ8KWB2VlUla7l1qF+SJR2yy4u+95rIdr
m/NOEpekIEiWeaEdWdTyaxB/KYJo+kr2FntPybAKCt7EwgjnPkusAGHevexw0bXo
br3i/8qlXgaaYjuvrxFletNmE2qT7h1WfQguC5ERFWmmtZ6sjAP2ZDkkalEYX+Af
sB9CDXDE95mwsbUKIOJXfCoEhRCBE2wQ3oZPuT75AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHAi4YOLwUWmWlk532PpF3FvUT04wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QxYTVmOWJkLWVkZTQtNDM4Ny04NWJmLTdmZGZkNzk0YTI5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2GjANBgkqhkiG9w0BAQsFAAOCAQEAq+0MG8fV2D/7ydDiryjZQ+6Hb4Vz
3cz7H2gHxygPONSKLlLpYXfE8uqPDs1WjJe+ofjS68wkndY60xZcQkRPT3n+cazh
HI1AA/5gMA/Puj1YzjF+EXVEvWDzwXTxMjm0tiN7lwDgjY62VpHBTbGQcU3kAOWK
1LNK9fX0MscrqPqgi3pRxPq/DuZG8C8D3PYGA05svimpG9i+fWB2fGKZGGc4juKU
bg0u4rM3fkTILAnEnUulBOZjC697kpQCgqGNN78rmXylfImui67z7gjHxnZA/Ln1
lDTxr6d8G2HxLdS+YeGtJBkjsN9iRgdMuc28Hx28UmQyDdd2wU80jnGnKg==
-----END CERTIFICATE-----