Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa
File:                     d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa (raw, json)
Hash identifier:          iKl1sFNXrguOTOj5FDMSoKIpEjtpxItokGj9eBK06Jc=
Subject key identifier:   C9:76:79:3D:00:91:E7:28:AB:FA:1A:D9:8F:28:62:05:78:B5:07:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76362FF2CDC598B5A8BDB285D6F533E8FF6EB8B7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa
Signing time:             Sat 29 Mar 2025 00:41:14 +0000
ROA not before:           Sat 29 Mar 2025 00:41:14 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.63.92.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:36:2f:f2:cd:c5:98:b5:a8:bd:b2:85:d6:f5:33:e8:ff:6e:b8:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:41:14 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8e:b1:1f:1a:d6:e0:64:aa:08:a3:c0:2c:41:
                    18:ae:40:00:af:e0:4f:40:8b:73:03:3f:b7:17:16:
                    e4:40:83:02:66:e4:96:5d:c4:36:ee:80:1f:0d:af:
                    51:2b:10:e0:00:ea:b6:6b:71:c6:89:8b:76:84:69:
                    30:0f:bd:ca:22:08:d7:58:ef:22:1c:06:66:da:1e:
                    9f:2f:54:4a:5c:b3:44:aa:e8:62:a4:34:1d:f0:b5:
                    2b:7b:d2:d7:89:cf:d3:56:27:bc:5b:c6:80:4d:47:
                    07:ea:4d:52:97:6b:05:81:e6:92:36:7b:c8:10:ba:
                    28:a2:bc:5a:e3:e0:6c:db:33:ee:72:fc:58:4a:d3:
                    55:aa:26:5c:78:db:de:d2:64:cc:79:9e:82:6d:8d:
                    96:8d:6a:c0:bf:12:aa:b1:4b:4c:8b:da:20:3a:64:
                    81:f6:f9:9b:e6:0e:f7:c0:47:53:db:de:17:4f:93:
                    0d:bd:c1:00:fd:81:2c:15:59:9e:3c:33:2d:f6:44:
                    e3:86:30:6c:2d:db:82:76:b0:b8:ad:ff:d0:4a:10:
                    9b:34:ec:0e:88:3e:5f:27:79:ef:2f:15:d3:32:20:
                    09:87:10:13:b4:58:3f:b0:5f:40:c0:23:0d:a2:2e:
                    60:b6:c6:90:e8:d0:c5:3b:0a:b6:6f:58:0d:ec:4f:
                    8e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:76:79:3D:00:91:E7:28:AB:FA:1A:D9:8F:28:62:05:78:B5:07:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.63.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:34:3c:64:0a:c7:be:a0:23:b8:80:5f:07:9a:ac:ee:55:2a:
         8c:17:6d:ea:82:3a:29:66:84:bd:b2:e7:91:e5:e2:ab:5b:cb:
         c5:24:9d:30:37:1b:4d:38:5f:a5:86:ac:f4:b5:d5:fd:73:3a:
         3a:97:39:54:fc:15:b9:87:5a:49:61:ec:c8:bb:b3:3f:89:da:
         17:49:2d:9f:f4:3d:74:1a:fb:d9:77:35:59:d6:78:34:f4:13:
         d6:66:2a:f5:7d:85:13:7b:37:8a:e0:85:40:70:51:70:d3:f0:
         a9:ce:fc:67:09:fb:03:b8:06:df:69:81:ac:36:35:d9:17:f8:
         23:51:d9:85:4f:19:f4:6d:b0:a8:70:88:d7:be:35:56:b2:f6:
         1e:9c:65:13:89:c0:01:a8:28:fd:63:0c:3e:08:f4:37:53:eb:
         24:65:87:cb:bb:47:47:4f:6d:2b:22:cd:5d:a2:27:d9:8a:b4:
         d7:4e:a6:0a:79:9d:fc:56:3d:4c:98:49:3f:87:15:70:19:24:
         9e:82:e3:57:14:08:e7:32:1b:a1:0c:55:ef:3a:b3:95:10:a4:
         b0:73:40:62:dd:69:c3:d2:52:0b:5e:c7:f0:93:58:7e:73:5b:
         a1:7f:0c:f6:95:36:da:08:8c:e7:1b:61:77:05:fa:9f:16:bc:
         f3:a1:bf:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdjYv8s3FmLWovbKF1vUz6P9uuLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDA0MTE0WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzc3ZGY5ZmVlNmNlMWQzOTk3MzRiYjIzYTIwZDUzMGNj
NzFjZDFmMTE3MjFmNTYxNzQwOWEyZTIzZTc0MmM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5jrEfGtbgZKoIo8AsQRiuQACv4E9Ai3MDP7cXFuRAgwJm
5JZdxDbugB8Nr1ErEOAA6rZrccaJi3aEaTAPvcoiCNdY7yIcBmbaHp8vVEpcs0Sq
6GKkNB3wtSt70teJz9NWJ7xbxoBNRwfqTVKXawWB5pI2e8gQuiiivFrj4GzbM+5y
/FhK01WqJlx4297SZMx5noJtjZaNasC/EqqxS0yL2iA6ZIH2+ZvmDvfAR1Pb3hdP
kw29wQD9gSwVWZ48My32ROOGMGwt24J2sLit/9BKEJs07A6IPl8nee8vFdMyIAmH
EBO0WD+wX0DAIw2iLmC2xpDo0MU7CrZvWA3sT46jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyXZ5PQCR5yir+hrZjyhiBXi1Bx0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyODY4ZTMwLTIxYjQtNDUxNi1hNjNjLWZjNzZjMDliYjdkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEQP1wwDQYJKoZIhvcNAQELBQADggEBALk0PGQKx76gI7iAXwearO5VKowX
beqCOilmhL2y55Hl4qtby8UknTA3G004X6WGrPS11f1zOjqXOVT8FbmHWklh7Mi7
sz+J2hdJLZ/0PXQa+9l3NVnWeDT0E9ZmKvV9hRN7N4rghUBwUXDT8KnO/GcJ+wO4
Bt9pgaw2NdkX+CNR2YVPGfRtsKhwiNe+NVay9h6cZROJwAGoKP1jDD4I9DdT6yRl
h8u7R0dPbSsizV2iJ9mKtNdOpgp5nfxWPUyYST+HFXAZJJ6C41cUCOcyG6EMVe86
s5UQpLBzQGLdacPSUgtex/CTWH5zW6F/DPaVNtoIjOcbYXcF+p8WvPOhv0s=
-----END CERTIFICATE-----