Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e58eb1f8-ad27-4ff7-a49b-c3ff172827a1.roa
File:                     e58eb1f8-ad27-4ff7-a49b-c3ff172827a1.roa (raw, json)
Hash identifier:          lQWKhMzAkDw8pn+omfsCJk82JaZoek9cweTHbEGZs18=
Subject key identifier:   8D:43:C2:B2:63:53:E0:38:95:51:97:CF:5B:FD:0F:29:E8:3C:C3:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76A7041F498209EE0C319C2EBEADF23DDCEBF818
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e58eb1f8-ad27-4ff7-a49b-c3ff172827a1.roa
Signing time:             Wed 26 Mar 2025 00:10:56 +0000
ROA not before:           Wed 26 Mar 2025 00:10:56 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.194.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:a7:04:1f:49:82:09:ee:0c:31:9c:2e:be:ad:f2:3d:dc:eb:f8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 26 00:10:56 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:49:a4:9f:e1:10:f4:c2:88:08:f9:ae:65:b7:
                    f8:c8:01:6b:c0:0e:9e:10:5c:70:91:ea:e6:7b:23:
                    22:61:54:4d:02:3b:53:bb:64:60:3d:e0:8e:07:c7:
                    49:0e:39:0a:6b:9a:96:94:52:ef:25:96:26:ee:fb:
                    ba:d0:f7:b3:ee:e1:f5:5a:75:b0:86:73:9b:b9:de:
                    ee:ba:b1:0d:da:6e:6d:d9:f1:6e:5f:e5:c7:66:ce:
                    35:92:a0:cf:a7:53:fe:d0:57:01:56:65:28:95:1b:
                    68:fa:30:bf:8e:ba:5c:0a:6d:58:ad:61:b1:b7:2d:
                    0b:4c:ba:8d:0b:e8:04:46:49:6c:35:b4:3f:22:2f:
                    9b:30:66:2c:a8:55:c2:14:ea:e4:c2:9d:3f:dd:58:
                    49:d7:3b:c8:a1:c5:8d:99:22:1f:56:85:b8:fd:be:
                    9e:d1:26:6a:10:85:40:c3:14:ab:bf:22:3c:02:7e:
                    3f:a7:8f:cb:98:4c:fd:5e:25:46:73:67:07:37:e0:
                    49:ae:de:06:fd:83:d2:05:12:8b:66:47:54:75:4c:
                    7d:71:64:f0:58:d6:ca:9f:a7:41:be:c4:1b:4c:36:
                    66:25:df:e4:a5:b5:da:c7:c3:40:39:6f:b1:f6:a6:
                    64:13:62:66:f8:7f:5a:0d:6f:39:6a:af:cb:bc:15:
                    46:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:43:C2:B2:63:53:E0:38:95:51:97:CF:5B:FD:0F:29:E8:3C:C3:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e58eb1f8-ad27-4ff7-a49b-c3ff172827a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.194.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         90:34:d6:1e:05:93:49:7c:90:45:79:48:a3:24:fa:d2:ce:7e:
         9c:01:0a:33:0d:c2:03:fd:89:f4:10:f3:e7:fa:cc:9b:09:96:
         9f:fd:2b:f2:4a:ca:93:76:6b:3d:60:be:f2:49:a5:cb:87:8d:
         ce:9e:50:1a:19:db:7d:08:35:05:16:af:96:69:54:58:e6:84:
         d7:d0:14:10:fc:1b:d1:7a:ec:ce:92:93:a6:7b:ca:f1:c9:ac:
         92:7b:cf:cc:45:4f:c3:6a:bf:c7:62:22:6f:f1:38:48:38:14:
         39:a2:9e:ff:2e:47:58:40:36:b1:d8:f7:34:f7:1a:fb:ad:83:
         ad:ea:47:a8:0b:37:c5:ea:4e:92:83:01:bc:41:24:60:93:d5:
         45:0f:96:1d:75:57:85:6e:3f:94:36:5e:ec:34:cb:fa:4c:30:
         4a:65:a4:bb:a7:7a:af:41:39:b4:74:81:b7:fa:48:30:20:47:
         a7:b3:cd:30:8d:71:b7:d9:e0:8a:c1:0e:25:5e:75:67:1e:97:
         99:50:3f:7d:0d:06:75:5d:f3:18:f3:c0:a9:f0:76:2f:80:f1:
         f1:9a:a1:8f:6e:63:48:e5:3e:b4:2f:59:1f:88:d9:52:f2:87:
         4e:0e:84:a9:57:93:fa:57:29:a9:1a:ba:62:6f:7e:1f:f7:c1:
         22:76:d6:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdqcEH0mCCe4MMZwuvq3yPdzr+BgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI2MDAxMDU2WhcNMjUwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjU4MjQ0ZDk2MDk5YzM5OThjNWE0MTk3YzQ0YmZjNjVj
MjU4ODc5NDc4YWE4MWQzMTk3N2ZjNGJkODBlZDFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCySaSf4RD0wogI+a5lt/jIAWvADp4QXHCR6uZ7IyJhVE0C
O1O7ZGA94I4Hx0kOOQprmpaUUu8llibu+7rQ97Pu4fVadbCGc5u53u66sQ3abm3Z
8W5f5cdmzjWSoM+nU/7QVwFWZSiVG2j6ML+OulwKbVitYbG3LQtMuo0L6ARGSWw1
tD8iL5swZiyoVcIU6uTCnT/dWEnXO8ihxY2ZIh9Whbj9vp7RJmoQhUDDFKu/IjwC
fj+nj8uYTP1eJUZzZwc34Emu3gb9g9IFEotmR1R1TH1xZPBY1sqfp0G+xBtMNmYl
3+SltdrHw0A5b7H2pmQTYmb4f1oNbzlqr8u8FUbTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjUPCsmNT4DiVUZfPW/0PKeg8w1swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1OGViMWY4LWFkMjctNGZmNy1hNDliLWMzZmYxNzI4MjdhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwENwjANBgkqhkiG9w0BAQsFAAOCAQEAkDTWHgWTSXyQRXlIoyT60s5+nAEK
Mw3CA/2J9BDz5/rMmwmWn/0r8krKk3ZrPWC+8kmly4eNzp5QGhnbfQg1BRavlmlU
WOaE19AUEPwb0XrszpKTpnvK8cmsknvPzEVPw2q/x2Iib/E4SDgUOaKe/y5HWEA2
sdj3NPca+62DrepHqAs3xepOkoMBvEEkYJPVRQ+WHXVXhW4/lDZe7DTL+kwwSmWk
u6d6r0E5tHSBt/pIMCBHp7PNMI1xt9ngisEOJV51Zx6XmVA/fQ0GdV3zGPPAqfB2
L4Dx8Zqhj25jSOU+tC9ZH4jZUvKHTg6EqVeT+lcpqRq6Ym9+H/fBInbWYQ==
-----END CERTIFICATE-----