Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f924b639-a668-4962-9eae-8a87cb05de1d.roa
File:                     f924b639-a668-4962-9eae-8a87cb05de1d.roa (raw, json)
Hash identifier:          pecSDc535UtnRlCRHxt6V2kxIc5saAzDIRRvsLrtVHM=
Subject key identifier:   45:7D:A2:63:09:31:92:B7:A5:55:8D:49:65:FD:4F:EF:9F:84:BD:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0521F1C219A31536319320EDAFEF5FDCB1334EBF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f924b639-a668-4962-9eae-8a87cb05de1d.roa
Signing time:             Tue 04 Mar 2025 16:10:19 +0000
ROA not before:           Tue 04 Mar 2025 16:10:19 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.182.236.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:21:f1:c2:19:a3:15:36:31:93:20:ed:af:ef:5f:dc:b1:33:4e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 16:10:19 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:e9:41:46:85:26:27:bd:34:de:16:97:53:
                    da:07:4e:37:f4:7b:c6:15:e1:c4:8d:f2:25:bd:0b:
                    96:c7:e1:87:b6:a0:42:e7:95:93:fd:d3:81:9b:f3:
                    bd:97:99:49:e9:e9:aa:77:68:bd:bd:2a:18:ec:c4:
                    d7:61:8c:de:64:43:50:ab:3a:5a:bc:5e:b3:fd:79:
                    d3:e1:39:d7:fc:a8:06:1a:1b:e8:8f:c3:96:20:df:
                    1a:18:65:6e:94:ce:98:d4:e9:fd:75:f1:6a:83:80:
                    71:58:c6:e1:55:c8:a5:80:d1:84:9e:76:85:81:75:
                    97:46:70:99:fa:f9:e1:a5:c8:a7:ef:78:37:cf:17:
                    ac:63:25:2c:2f:94:f6:b9:5e:e1:4a:f0:76:50:41:
                    28:d6:4f:85:6c:41:cd:35:20:23:27:b8:b9:aa:bf:
                    52:9f:fd:7e:12:cf:fe:9f:e7:40:aa:3c:e4:e6:d8:
                    91:af:2d:c7:38:d0:31:3a:bf:21:8e:7e:bd:4a:37:
                    6c:cf:e9:2c:ca:3c:3c:1b:d1:00:fe:cf:95:2e:e7:
                    c9:0b:8e:48:92:ab:55:fc:c5:12:05:49:a9:a1:cc:
                    a6:8d:53:22:85:9f:b0:d1:aa:fc:b7:ed:bd:28:b4:
                    68:7a:9f:f3:3d:ef:ee:6c:8f:36:12:64:85:c7:bc:
                    08:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7D:A2:63:09:31:92:B7:A5:55:8D:49:65:FD:4F:EF:9F:84:BD:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f924b639-a668-4962-9eae-8a87cb05de1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:9f:a3:c2:fb:99:cc:96:93:e5:87:23:ce:74:02:66:af:a3:
         2a:40:73:6c:68:ef:e3:91:31:33:04:8f:9d:ee:63:a2:58:10:
         46:f9:15:d1:4e:f7:4b:06:e1:2d:05:58:44:fa:31:b4:a1:96:
         39:6c:b8:f5:30:d5:76:da:03:9f:43:1d:eb:9a:9d:6c:7c:a2:
         4d:8a:59:cc:ff:a8:5d:70:b8:e8:34:a7:6d:36:1e:5e:d3:a5:
         cd:a1:78:0f:7d:d9:5d:d7:b5:8f:0d:27:77:20:86:51:9c:f6:
         f3:b4:ca:f4:da:40:38:f8:2b:47:06:0c:5f:7d:37:75:78:32:
         9d:0f:7a:42:ea:b8:78:56:dc:4c:8d:09:37:f9:84:23:65:e4:
         ef:68:be:77:8c:0b:e2:c8:84:08:88:e4:21:c7:eb:e7:eb:46:
         38:cf:45:7c:ce:6b:34:52:b4:43:54:75:9c:de:07:69:3c:94:
         a5:d7:7f:b6:c3:5f:5e:6c:93:ff:d8:a8:d4:e0:32:63:12:c5:
         a1:9c:bb:9e:ec:51:43:56:c0:e1:f6:46:5e:16:5c:3b:15:1f:
         c5:76:86:3e:4c:38:6a:79:a7:8d:f8:54:f4:6a:45:82:b8:63:
         a6:c4:00:92:8d:63:36:c4:be:4d:98:38:91:70:e9:80:6a:ea:
         d7:93:22:bc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBSHxwhmjFTYxkyDtr+9f3LEzTr8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTYxMDE5WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNmVlOGVkZmQ0M2QyZTQ0YTQ5ZmU3NjU0MDFjYTg2M2Zj
OTNjMWRjMWE4M2RiMjg1ZjJkNzlmNWQzMDQyM2U4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1J+lBRoUmJ7003haXU9oHTjf0e8YV4cSN8iW9C5bH4Ye2
oELnlZP904Gb872XmUnp6ap3aL29KhjsxNdhjN5kQ1CrOlq8XrP9edPhOdf8qAYa
G+iPw5Yg3xoYZW6UzpjU6f118WqDgHFYxuFVyKWA0YSedoWBdZdGcJn6+eGlyKfv
eDfPF6xjJSwvlPa5XuFK8HZQQSjWT4VsQc01ICMnuLmqv1Kf/X4Sz/6f50CqPOTm
2JGvLcc40DE6vyGOfr1KN2zP6SzKPDwb0QD+z5Uu58kLjkiSq1X8xRIFSamhzKaN
UyKFn7DRqvy37b0otGh6n/M97+5sjzYSZIXHvAiBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURX2iYwkxkrelVY1JZf1P75+Eva4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5MjRiNjM5LWE2NjgtNDk2Mi05ZWFlLThhODdjYjA1ZGUxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHYtuwwDQYJKoZIhvcNAQELBQADggEBADGfo8L7mcyWk+WHI850AmavoypA
c2xo7+ORMTMEj53uY6JYEEb5FdFO90sG4S0FWET6MbShljlsuPUw1XbaA59DHeua
nWx8ok2KWcz/qF1wuOg0p202Hl7Tpc2heA992V3XtY8NJ3cghlGc9vO0yvTaQDj4
K0cGDF99N3V4Mp0PekLquHhW3EyNCTf5hCNl5O9ovneMC+LIhAiI5CHH6+frRjjP
RXzOazRStENUdZzeB2k8lKXXf7bDX15sk//YqNTgMmMSxaGcu57sUUNWwOH2Rl4W
XDsVH8V2hj5MOGp5p434VPRqRYK4Y6bEAJKNYzbEvk2YOJFw6YBq6teTIrw=
-----END CERTIFICATE-----