Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e18127e7-1573-4e16-8284-95afb7316aa5.roa
File:                     e18127e7-1573-4e16-8284-95afb7316aa5.roa (raw, json)
Hash identifier:          fgtDbuVBUtWZbqnQ5v+nFh1+yYS4XWEDh1jX3zDGliw=
Subject key identifier:   28:35:D9:06:8D:EF:A7:A8:78:B7:8B:17:CF:CB:80:DD:36:78:F6:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0586127B81781140EA0131005B1A75914B36902A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e18127e7-1573-4e16-8284-95afb7316aa5.roa
Signing time:             Sat 08 Mar 2025 00:22:08 +0000
ROA not before:           Sat 08 Mar 2025 00:22:08 +0000
ROA not after:            Sat 12 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.137.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:86:12:7b:81:78:11:40:ea:01:31:00:5b:1a:75:91:4b:36:90:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  8 00:22:08 2025 GMT
            Not After : Apr 12 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ce:cd:1f:89:b0:0b:4b:23:d5:5f:db:a5:14:
                    7e:0f:b5:8a:55:c5:39:3b:f1:20:50:80:ba:44:9b:
                    81:04:30:3c:18:69:2b:b7:bd:ef:f9:a9:1f:ac:4b:
                    56:eb:41:e2:13:29:4a:f8:44:c1:0b:ec:92:09:9d:
                    ed:79:b1:d4:6a:a0:83:09:e3:41:50:5d:5f:35:a8:
                    2b:ef:e4:dc:92:a6:71:83:2c:6d:43:d2:a1:34:59:
                    0e:04:24:1b:91:f1:0b:d3:88:07:a4:9b:f7:d9:3f:
                    b8:cb:dc:21:16:fe:30:61:13:d4:01:51:42:d1:93:
                    6d:78:d6:0e:d3:2f:c0:ef:0d:23:d9:ab:4d:8d:7a:
                    8f:17:b1:14:ba:ba:66:81:f2:22:b9:6d:7f:6b:c6:
                    66:e7:7f:d9:d8:4c:f1:20:53:c2:bb:c5:94:f2:65:
                    4a:de:1b:e7:1f:22:51:6f:5d:fe:56:f0:00:5d:53:
                    bd:dd:ff:54:e7:d7:20:4d:fa:80:78:a9:35:d3:fa:
                    33:10:3a:fb:d3:d4:6f:f3:0f:2e:a1:47:c5:b0:a3:
                    cb:1f:12:c2:12:ff:b1:ed:81:01:c9:7f:24:ff:f4:
                    1a:69:23:48:f5:b7:f0:d4:be:aa:b9:8c:74:ec:a5:
                    27:89:fd:ba:54:08:a9:47:e9:54:ba:4e:e4:56:34:
                    3d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:35:D9:06:8D:EF:A7:A8:78:B7:8B:17:CF:CB:80:DD:36:78:F6:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e18127e7-1573-4e16-8284-95afb7316aa5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.137.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:65:fd:70:aa:10:ce:c0:f5:86:2f:a1:e8:f7:1f:12:db:39:
         cc:86:31:1a:59:15:96:a8:50:5b:ac:27:b7:6c:a6:ac:0f:d3:
         c9:d8:7f:cb:a4:ff:b6:b2:51:5c:e6:86:03:ef:cc:10:55:03:
         9d:64:11:2f:04:08:cf:68:75:87:d1:57:9f:8d:b4:e1:ae:4c:
         77:1d:a7:59:79:2e:48:47:f3:95:5c:df:57:8d:91:85:ad:78:
         9d:b7:c6:25:27:43:08:e0:9c:51:99:83:63:08:30:e4:2e:59:
         a5:be:ef:0a:68:70:91:00:f2:4a:6a:dc:3d:37:33:17:20:d5:
         4b:4e:3c:93:bf:9a:7d:8c:bf:c6:3f:09:06:af:74:3f:f7:8d:
         df:4d:e8:0c:82:41:53:8e:85:9c:38:6b:11:de:a1:71:04:01:
         05:d3:60:51:77:cb:12:7b:7c:0c:72:a1:95:8e:d8:c6:19:fb:
         a7:17:cf:cc:00:61:68:85:82:8e:44:53:9a:90:7a:3f:4c:7b:
         42:14:97:26:94:fd:f0:06:c3:8f:8f:ac:5e:59:da:eb:99:71:
         98:30:bc:ad:49:a3:a8:cc:49:8e:ab:be:56:b3:cf:5a:d3:c6:
         a8:f4:b6:df:48:ff:ba:9d:e7:63:ca:b3:66:f9:11:4b:ec:28:
         a9:6b:c3:d1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBYYSe4F4EUDqATEAWxp1kUs2kCowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA4MDAyMjA4WhcNMjUwNDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDBkYzk0N2UwYzgwZmM4NGNkODk1YWE2Y2VkYmI3MWY5
ZDQ3NTNjMzQ4MzBmOWVjZjg4Yjk0ODUyYzIzZDA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMzs0fibALSyPVX9ulFH4PtYpVxTk78SBQgLpEm4EEMDwY
aSu3ve/5qR+sS1brQeITKUr4RMEL7JIJne15sdRqoIMJ40FQXV81qCvv5NySpnGD
LG1D0qE0WQ4EJBuR8QvTiAekm/fZP7jL3CEW/jBhE9QBUULRk2141g7TL8DvDSPZ
q02Neo8XsRS6umaB8iK5bX9rxmbnf9nYTPEgU8K7xZTyZUreG+cfIlFvXf5W8ABd
U73d/1Tn1yBN+oB4qTXT+jMQOvvT1G/zDy6hR8Wwo8sfEsIS/7HtgQHJfyT/9Bpp
I0j1t/DUvqq5jHTspSeJ/bpUCKlH6VS6TuRWND1FAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKDXZBo3vp6h4t4sXz8uA3TZ49lQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UxODEyN2U3LTE1NzMtNGUxNi04Mjg0LTk1YWZiNzMxNmFhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2iTANBgkqhkiG9w0BAQsFAAOCAQEAamX9cKoQzsD1hi+h6PcfEts5zIYx
GlkVlqhQW6wnt2ymrA/Tydh/y6T/trJRXOaGA+/MEFUDnWQRLwQIz2h1h9FXn420
4a5Mdx2nWXkuSEfzlVzfV42Rha14nbfGJSdDCOCcUZmDYwgw5C5Zpb7vCmhwkQDy
SmrcPTczFyDVS048k7+afYy/xj8JBq90P/eN303oDIJBU46FnDhrEd6hcQQBBdNg
UXfLEnt8DHKhlY7Yxhn7pxfPzABhaIWCjkRTmpB6P0x7QhSXJpT98AbDj4+sXlna
65lxmDC8rUmjqMxJjqu+VrPPWtPGqPS230j/up3nY8qzZvkRS+woqWvD0Q==
-----END CERTIFICATE-----