Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5a67cf4-10e5-4819-91b3-5293d070d97e.roa
File:                     d5a67cf4-10e5-4819-91b3-5293d070d97e.roa (raw, json)
Hash identifier:          uh2AlAuOOd+oesdezW1AipNQp4m2hpafR8NZXinA2bk=
Subject key identifier:   73:89:BA:5A:EC:0A:53:AB:8E:91:6F:54:47:18:08:8F:78:7E:94:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AFE3C522E77EB35CD20F7E6EB8774376393C6B3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5a67cf4-10e5-4819-91b3-5293d070d97e.roa
Signing time:             Mon 10 Mar 2025 15:10:24 +0000
ROA not before:           Mon 10 Mar 2025 15:10:24 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.54.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:fe:3c:52:2e:77:eb:35:cd:20:f7:e6:eb:87:74:37:63:93:c6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:10:24 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8e:0f:2b:5e:00:b6:2f:08:61:b1:0d:a8:24:
                    a6:a2:34:84:62:cb:2c:00:24:a3:9c:5d:1f:5a:44:
                    ce:cd:20:ad:4a:8b:03:e6:85:79:d7:5d:b2:3c:6f:
                    35:19:6f:23:7c:90:43:3d:4d:c5:10:2c:41:5e:0c:
                    45:1d:1d:8b:eb:61:ec:8d:80:66:1f:ee:80:7f:e0:
                    d5:4b:09:6a:6a:13:36:6b:34:93:a1:7d:26:4c:a7:
                    0c:b1:e9:64:6c:8b:25:cb:f0:d8:be:cc:44:07:7f:
                    81:51:71:83:59:d3:e2:c0:e4:69:fe:11:4a:90:fc:
                    e3:1c:88:86:b6:c8:b1:78:fe:3d:dd:85:05:a2:a4:
                    63:0e:eb:fe:dc:52:8d:7d:3b:2f:40:a7:a5:31:7b:
                    ac:b5:6c:29:da:2c:b1:94:d8:73:5b:46:f5:a4:ab:
                    ce:b2:3a:76:46:9f:89:33:21:70:ef:54:73:35:23:
                    8d:c0:21:7a:9e:37:f2:06:47:94:75:99:4e:27:e7:
                    a9:07:c4:15:18:ba:2e:76:b5:88:e8:8a:ef:da:e8:
                    11:a6:09:0c:ad:df:68:e6:a3:1a:3e:39:27:bf:5f:
                    37:d3:7c:df:dc:2f:ea:35:76:dd:76:ed:1f:40:2b:
                    f3:13:eb:dc:4a:ba:5a:01:6c:e9:c9:10:30:08:a0:
                    6b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:89:BA:5A:EC:0A:53:AB:8E:91:6F:54:47:18:08:8F:78:7E:94:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5a67cf4-10e5-4819-91b3-5293d070d97e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.54.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         86:db:1c:00:29:73:68:ec:9b:a8:3a:bc:99:c4:1e:99:31:a9:
         5c:d2:48:3e:9d:85:a2:76:aa:95:ff:ef:45:d5:61:31:5b:c9:
         75:5c:46:ae:6b:4d:18:97:18:5c:b2:bf:be:e9:e0:c2:b8:4d:
         13:fe:92:df:b5:47:58:06:88:cd:b4:27:9d:e7:53:08:97:aa:
         ab:bf:9f:be:10:73:bb:91:85:3c:61:8b:b8:aa:ea:d1:7f:1b:
         2f:cb:25:88:90:4a:62:44:b8:71:49:98:0c:85:44:34:39:ac:
         d0:e3:93:b6:93:c7:48:e0:37:bb:c9:81:68:a7:52:e6:37:de:
         2f:50:84:aa:52:32:c7:1f:d0:14:72:38:0a:00:54:17:c5:47:
         8e:f7:3d:fa:0b:93:67:1b:8d:d3:e4:93:ee:50:aa:c1:04:1d:
         f8:1e:f9:45:34:9b:d1:26:bc:ac:c2:88:01:61:be:ff:b3:2d:
         a4:35:db:4c:14:49:a0:90:5a:05:2b:e0:b5:2a:e3:a0:ff:d3:
         76:6c:4d:98:52:c3:19:2e:25:82:63:a4:0b:04:46:dd:34:0e:
         c3:a0:02:f5:b2:d0:1c:88:0a:85:a2:b1:0f:fa:5d:74:07:75:
         03:d5:50:8c:ef:39:22:2a:67:a5:ed:31:f6:85:1d:93:b0:03:
         f9:a2:bb:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUev48Ui536zXNIPfm64d0N2OTxrMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUxMDI0WhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMTFiYjZkNWEyZjEzYTA1NDAzOWMzZWZjODI5YjBmNDk4
NTczNWU4NDE0NzMzYzIzMWFkMDAxYzdiYjgyZTFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUjg8rXgC2LwhhsQ2oJKaiNIRiyywAJKOcXR9aRM7NIK1K
iwPmhXnXXbI8bzUZbyN8kEM9TcUQLEFeDEUdHYvrYeyNgGYf7oB/4NVLCWpqEzZr
NJOhfSZMpwyx6WRsiyXL8Ni+zEQHf4FRcYNZ0+LA5Gn+EUqQ/OMciIa2yLF4/j3d
hQWipGMO6/7cUo19Oy9Ap6Uxe6y1bCnaLLGU2HNbRvWkq86yOnZGn4kzIXDvVHM1
I43AIXqeN/IGR5R1mU4n56kHxBUYui52tYjoiu/a6BGmCQyt32jmoxo+OSe/XzfT
fN/cL+o1dt127R9AK/MT69xKuloBbOnJEDAIoGsNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc4m6WuwKU6uOkW9URxgIj3h+lOIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1YTY3Y2Y0LTEwZTUtNDgxOS05MWIzLTUyOTNkMDcwZDk3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcjNoAwDQYJKoZIhvcNAQELBQADggEBAIbbHAApc2jsm6g6vJnEHpkxqVzS
SD6dhaJ2qpX/70XVYTFbyXVcRq5rTRiXGFyyv77p4MK4TRP+kt+1R1gGiM20J53n
UwiXqqu/n74Qc7uRhTxhi7iq6tF/Gy/LJYiQSmJEuHFJmAyFRDQ5rNDjk7aTx0jg
N7vJgWinUuY33i9QhKpSMscf0BRyOAoAVBfFR473PfoLk2cbjdPkk+5QqsEEHfge
+UU0m9EmvKzCiAFhvv+zLaQ120wUSaCQWgUr4LUq46D/03ZsTZhSwxkuJYJjpAsE
Rt00DsOgAvWy0ByICoWisQ/6XXQHdQPVUIzvOSIqZ6XtMfaFHZOwA/miuzE=
-----END CERTIFICATE-----