Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0343534b-f673-4820-a35c-761953dd8136.roa
File:                     0343534b-f673-4820-a35c-761953dd8136.roa (raw, json)
Hash identifier:          Dy9ePvYJAjXXgtNZRX3qIhmvYB0k6e8RI7ua0UFC+0A=
Subject key identifier:   61:31:83:E2:8E:55:AF:2B:8C:41:7E:E5:E7:D7:F3:7A:0E:E0:69:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76633A64259F50B72500940420D603CCD731434D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0343534b-f673-4820-a35c-761953dd8136.roa
Signing time:             Fri 14 Mar 2025 00:11:53 +0000
ROA not before:           Fri 14 Mar 2025 00:11:53 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.73.208.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:63:3a:64:25:9f:50:b7:25:00:94:04:20:d6:03:cc:d7:31:43:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:11:53 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:16:d7:bc:42:8f:f1:4c:68:88:b5:5a:89:91:
                    9c:b2:b2:16:1c:7c:61:a7:4b:82:8d:2a:74:68:bc:
                    c7:61:25:51:70:42:88:76:4e:d4:e8:18:d0:8b:f0:
                    db:74:25:01:17:b1:2e:5f:13:91:be:44:ad:e2:68:
                    0e:0f:ed:4f:8c:81:ab:da:ac:7a:a0:69:f0:db:45:
                    96:81:d2:e1:8b:70:4e:f4:f6:67:47:5d:dd:65:f2:
                    d3:bb:a8:56:5c:47:e7:25:7d:51:75:94:14:f7:b8:
                    b3:95:c6:ba:26:7c:1c:19:fe:80:7d:7f:69:16:7e:
                    0a:df:07:96:4e:bf:1c:ab:cd:4e:90:db:4a:46:f0:
                    df:c2:73:51:ae:af:9a:ea:4c:f5:20:53:8b:ea:19:
                    36:b1:4b:7f:67:9b:20:c2:2a:5f:93:f6:34:b0:dc:
                    35:bf:36:69:ff:b9:1d:00:d0:1e:24:02:ed:74:38:
                    d8:84:e1:f0:58:ab:43:07:57:17:2e:ae:07:a5:8c:
                    8f:36:54:17:f3:af:31:5a:29:c6:0d:61:9b:bc:51:
                    35:8e:bf:d9:7e:87:45:f9:70:59:11:da:19:c8:77:
                    77:b1:ee:f7:2a:e6:0e:98:84:c8:32:a4:1d:97:bf:
                    0a:40:4c:71:6f:35:85:84:2b:14:0f:ce:a0:76:da:
                    c1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:31:83:E2:8E:55:AF:2B:8C:41:7E:E5:E7:D7:F3:7A:0E:E0:69:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0343534b-f673-4820-a35c-761953dd8136.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.73.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         af:1f:f2:9b:4f:0b:8f:71:61:33:e8:91:f9:35:28:45:98:b0:
         8e:f0:21:cf:d3:ef:62:bb:c9:58:b8:ec:22:30:a1:8f:4e:27:
         55:50:e1:e2:fa:0b:c1:51:9d:71:ab:5e:e0:55:cf:9a:07:7f:
         7a:d4:70:6d:28:ac:cc:d2:a7:9b:74:42:6e:ff:f0:8d:64:ee:
         05:e7:52:92:04:f5:ee:fe:54:5a:6c:e0:24:16:4b:d7:46:8b:
         ac:93:53:0e:2b:40:3d:9a:57:34:6b:ae:b0:f9:41:41:86:2b:
         33:da:cf:b6:4e:a1:89:3f:28:fb:79:f6:ae:68:b1:d0:43:c3:
         53:16:8d:00:39:97:ba:ca:97:53:3d:8d:26:03:31:b3:52:d0:
         77:84:0f:d7:aa:76:09:1a:f3:32:40:b1:28:33:95:f5:c0:a8:
         1e:c6:22:e3:ba:60:f2:a1:26:08:f7:32:ec:1a:6f:09:e9:a0:
         a8:53:8d:5c:dd:cc:2f:74:33:43:7b:c0:df:9d:aa:ab:9d:4b:
         1b:a6:1e:af:5c:e3:66:5d:69:ef:cb:d6:5e:3f:f1:b9:d8:9e:
         44:74:dc:48:ac:91:42:0e:ce:28:66:f7:78:a7:24:59:fd:75:
         ad:df:8c:eb:b3:51:dd:0e:78:33:82:3c:9e:8d:52:68:74:db:
         73:42:81:0d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdmM6ZCWfULclAJQEINYDzNcxQ00wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAxMTUzWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTMzZjNkNjNmMDI0OTliOTg1OWVmNGEzMTYwMjAwYWZm
MmM1NDE0YzIzMjkwZmIwOTMxOGVlMjlkMzU2YWQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpFte8Qo/xTGiItVqJkZyyshYcfGGnS4KNKnRovMdhJVFw
Qoh2TtToGNCL8Nt0JQEXsS5fE5G+RK3iaA4P7U+MgavarHqgafDbRZaB0uGLcE70
9mdHXd1l8tO7qFZcR+clfVF1lBT3uLOVxromfBwZ/oB9f2kWfgrfB5ZOvxyrzU6Q
20pG8N/Cc1Gur5rqTPUgU4vqGTaxS39nmyDCKl+T9jSw3DW/Nmn/uR0A0B4kAu10
ONiE4fBYq0MHVxcurgeljI82VBfzrzFaKcYNYZu8UTWOv9l+h0X5cFkR2hnId3ex
7vcq5g6YhMgypB2XvwpATHFvNYWEKxQPzqB22sGFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYTGD4o5VryuMQX7l59fzeg7gaYEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzNDM1MzRiLWY2NzMtNDgyMC1hMzVjLTc2MTk1M2RkODEzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYSdAwDQYJKoZIhvcNAQELBQADggEBAK8f8ptPC49xYTPokfk1KEWYsI7w
Ic/T72K7yVi47CIwoY9OJ1VQ4eL6C8FRnXGrXuBVz5oHf3rUcG0orMzSp5t0Qm7/
8I1k7gXnUpIE9e7+VFps4CQWS9dGi6yTUw4rQD2aVzRrrrD5QUGGKzPaz7ZOoYk/
KPt59q5osdBDw1MWjQA5l7rKl1M9jSYDMbNS0HeED9eqdgka8zJAsSgzlfXAqB7G
IuO6YPKhJgj3MuwabwnpoKhTjVzdzC90M0N7wN+dqqudSxumHq9c42Zdae/L1l4/
8bnYnkR03EiskUIOzihm93inJFn9da3fjOuzUd0OeDOCPJ6NUmh023NCgQ0=
-----END CERTIFICATE-----