Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c885d6-4061-421b-99ff-f05202cdada5.roa
File:                     f2c885d6-4061-421b-99ff-f05202cdada5.roa (raw, json)
Hash identifier:          KX8isoCBtnQMTSRzI7tpwkgNiWo7P2gE6rIr7LjiEjE=
Subject key identifier:   20:5D:E7:FC:47:BE:91:D3:7F:C8:D3:F9:F4:DB:0C:39:87:3A:97:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EBFB22F15F1E32F9590E1909AAEC978C1CC51DE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c885d6-4061-421b-99ff-f05202cdada5.roa
Signing time:             Tue 18 Mar 2025 00:10:16 +0000
ROA not before:           Tue 18 Mar 2025 00:10:16 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.223.121.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:bf:b2:2f:15:f1:e3:2f:95:90:e1:90:9a:ae:c9:78:c1:cc:51:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:10:16 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9f:c9:b4:c7:90:06:b0:ea:a9:6a:25:e1:17:
                    0e:48:ae:c0:39:eb:92:f7:eb:82:ad:6f:cc:e2:10:
                    c3:af:a8:82:9a:5e:6d:d8:d0:fe:3d:1b:9f:e4:09:
                    70:af:e2:62:ea:3e:94:14:bf:56:dc:ee:fa:24:b2:
                    c8:9e:af:cb:53:b7:0e:c4:c2:ff:31:3d:c8:5f:d8:
                    7d:04:54:0a:9b:da:41:54:c2:31:4b:53:bd:71:d9:
                    69:c8:7e:47:84:0e:0b:99:28:df:eb:07:ef:aa:0e:
                    66:a1:9f:0b:c5:72:4c:7a:f1:bb:44:f9:0e:41:e9:
                    b1:aa:c4:e7:af:ef:73:c8:e8:84:e3:5a:c1:a5:c3:
                    5e:c8:e5:f2:a9:16:e9:4e:5d:65:23:ca:b4:87:90:
                    af:05:40:0c:9a:fd:48:d0:dd:62:67:97:40:3a:c1:
                    20:52:7a:4b:ba:c0:64:12:d9:13:0c:14:01:9c:fe:
                    51:95:b3:86:41:14:19:2d:e4:76:a0:64:d0:96:5d:
                    bd:05:75:50:f6:60:3b:d4:17:81:3a:0e:2e:ea:8e:
                    8d:15:e7:64:53:b2:56:02:87:03:7d:76:5c:e2:3b:
                    59:95:c0:62:2c:e4:38:ce:af:34:3b:cf:71:bc:d9:
                    75:8b:c7:2d:22:36:39:23:0f:78:da:6b:84:15:51:
                    c4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:5D:E7:FC:47:BE:91:D3:7F:C8:D3:F9:F4:DB:0C:39:87:3A:97:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c885d6-4061-421b-99ff-f05202cdada5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.223.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:64:41:3a:8f:c3:85:9d:27:73:1b:fc:3b:b7:79:f3:a8:b5:
         ad:fe:2a:b7:0f:16:bf:d1:70:1a:aa:43:1b:4e:db:77:b1:ae:
         09:0b:00:7b:83:e0:d2:ca:b0:11:2a:f5:3a:5f:5c:eb:14:14:
         27:77:8a:c2:ef:15:65:29:2f:13:fd:9a:3e:b5:2f:cf:ad:05:
         b2:03:31:86:f8:ea:1a:03:bc:1f:86:98:2b:47:72:d1:98:ad:
         fb:af:3e:3e:e3:92:bc:47:93:da:87:60:fc:af:31:6d:b4:35:
         e5:15:21:64:a7:d0:c5:8c:b6:ce:77:2d:86:8b:fa:c8:e4:a2:
         13:4c:06:09:b0:ea:8b:f9:3a:a0:2a:8e:ae:0a:ac:b1:5a:2e:
         7e:21:8f:df:23:12:9e:b1:04:ef:1f:13:d2:e6:dd:e1:24:76:
         ee:b7:b2:3e:32:ea:f8:bb:6b:3c:1c:cc:74:b6:2b:15:cf:0b:
         5c:1c:64:33:d6:d8:7a:35:d6:df:a4:c6:69:08:95:7d:4c:40:
         5b:d0:f4:b5:b2:01:e0:80:cc:d0:76:62:b4:5a:b4:3a:92:de:
         5c:05:cb:a9:1f:01:6e:cb:c4:24:df:a7:ef:76:48:2d:75:39:
         bf:9d:e7:a5:04:fc:f3:52:a2:18:b8:97:25:e7:b8:14:b3:80:
         48:f0:d5:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHr+yLxXx4y+VkOGQmq7JeMHMUd4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAxMDE2WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTVlNGJlMDRjNDVmOWI4YTMyMjgyMzg4YzRjYzA1N2Jk
MTIxMTcwMjZiMzJhNDFkOWI5MDg3M2ZiNjA5ZDQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/n8m0x5AGsOqpaiXhFw5IrsA565L364Ktb8ziEMOvqIKa
Xm3Y0P49G5/kCXCv4mLqPpQUv1bc7vokssier8tTtw7Ewv8xPchf2H0EVAqb2kFU
wjFLU71x2WnIfkeEDguZKN/rB++qDmahnwvFckx68btE+Q5B6bGqxOev73PI6ITj
WsGlw17I5fKpFulOXWUjyrSHkK8FQAya/UjQ3WJnl0A6wSBSeku6wGQS2RMMFAGc
/lGVs4ZBFBkt5HagZNCWXb0FdVD2YDvUF4E6Di7qjo0V52RTslYChwN9dlziO1mV
wGIs5DjOrzQ7z3G82XWLxy0iNjkjD3jaa4QVUcTLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIF3n/Ee+kdN/yNP59NsMOYc6l6swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyYzg4NWQ2LTQwNjEtNDIxYi05OWZmLWYwNTIwMmNkYWRhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAs33kwDQYJKoZIhvcNAQELBQADggEBAE9kQTqPw4WdJ3Mb/Du3efOota3+
KrcPFr/RcBqqQxtO23exrgkLAHuD4NLKsBEq9TpfXOsUFCd3isLvFWUpLxP9mj61
L8+tBbIDMYb46hoDvB+GmCtHctGYrfuvPj7jkrxHk9qHYPyvMW20NeUVIWSn0MWM
ts53LYaL+sjkohNMBgmw6ov5OqAqjq4KrLFaLn4hj98jEp6xBO8fE9Lm3eEkdu63
sj4y6vi7azwczHS2KxXPC1wcZDPW2Ho11t+kxmkIlX1MQFvQ9LWyAeCAzNB2YrRa
tDqS3lwFy6kfAW7LxCTfp+92SC11Ob+d56UE/PNSohi4lyXnuBSzgEjw1Y4=
-----END CERTIFICATE-----