Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/893d635c-c7ec-4d77-8388-208a16614cd7.roa
File:                     893d635c-c7ec-4d77-8388-208a16614cd7.roa (raw, json)
Hash identifier:          wIBLvlLUAvic5W0dKwfg4QTSDcDEfGnLslRB2M9Yjnk=
Subject key identifier:   B2:AE:18:D7:11:F2:C6:AB:FB:25:A1:51:BF:F5:6A:F9:DE:1E:EA:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       439BFDE5532B8D8A1AFD4B90A0CE4FEC3DA0A511
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/893d635c-c7ec-4d77-8388-208a16614cd7.roa
Signing time:             Tue 18 Mar 2025 15:23:32 +0000
ROA not before:           Tue 18 Mar 2025 15:23:32 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     701
IP address blocks:        204.126.24.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:9b:fd:e5:53:2b:8d:8a:1a:fd:4b:90:a0:ce:4f:ec:3d:a0:a5:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 15:23:32 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:58:f3:12:f0:f1:41:ee:52:17:5b:71:fa:dd:
                    21:07:48:46:a7:2f:e3:f1:f0:f1:8e:49:37:ab:21:
                    2e:99:83:5f:9e:91:b6:5a:eb:a0:99:1c:c9:05:f8:
                    6d:91:72:e0:eb:62:fd:e8:17:0c:8d:7c:6d:64:e7:
                    c8:d6:7d:f8:3d:82:57:7a:06:71:aa:7d:2e:ca:0e:
                    a0:7c:d3:8c:f9:8e:e7:c4:32:05:5d:ad:db:d2:a2:
                    c1:fd:5b:c5:03:2b:44:5f:5c:0b:43:b5:35:b5:25:
                    d2:ec:81:f9:da:b2:2e:a1:4a:d7:80:37:89:19:3b:
                    eb:2d:09:7f:84:1d:30:e2:4a:cb:4d:29:b8:2a:20:
                    59:d6:50:5d:58:d2:0c:35:f7:41:72:fb:73:10:20:
                    3f:9a:6a:ff:02:8a:9d:de:d8:6c:ae:07:60:02:81:
                    fc:7c:ea:09:2e:f2:5b:46:33:08:d7:66:8b:61:9a:
                    0b:3f:b8:0a:6b:84:7a:7b:ad:4b:cb:9e:9b:11:f4:
                    bb:b9:8d:f0:b3:38:99:b3:97:33:d5:b1:8d:30:aa:
                    dd:a8:0d:90:32:d3:5e:a0:5c:40:19:65:44:c9:c5:
                    5f:9c:05:14:ce:4a:40:b6:19:b7:d0:e4:95:12:ec:
                    28:aa:46:46:a7:14:1a:95:56:1b:e5:01:be:25:a4:
                    66:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:AE:18:D7:11:F2:C6:AB:FB:25:A1:51:BF:F5:6A:F9:DE:1E:EA:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/893d635c-c7ec-4d77-8388-208a16614cd7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.126.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:b1:2a:9a:68:c6:0c:9c:ec:4d:66:78:eb:83:d8:d8:8c:a6:
         1d:ae:7f:b9:7b:67:ad:6f:90:2a:b2:8c:3e:e9:71:9f:59:98:
         96:7b:3b:e7:db:9b:02:2d:d8:3a:77:2d:03:b3:60:a9:6d:1c:
         6b:46:69:6e:94:74:69:47:77:1e:69:a4:8c:90:a3:33:82:f7:
         5a:64:29:47:fb:c7:27:be:12:45:b6:20:dc:9e:50:07:29:87:
         88:4f:a3:e0:ad:30:e0:38:0a:b3:45:9d:9c:d8:c6:5d:c7:dd:
         d9:b2:fe:82:49:0e:0f:b8:d9:37:43:b3:e1:32:8d:c9:79:e4:
         64:03:6c:5e:b6:be:fa:8d:c9:9f:42:d5:36:7d:7c:df:0f:cd:
         80:4b:ea:c3:e7:ed:95:e4:cc:59:2f:87:0f:7a:42:11:bc:2c:
         20:47:9e:71:a4:28:7c:29:8e:27:83:2c:e5:8a:a7:f4:1c:c2:
         57:58:38:ad:77:36:c7:94:16:71:46:d4:36:eb:0b:15:c4:41:
         46:bc:7b:72:00:f5:63:7d:07:d3:2c:b6:02:af:c5:90:26:b6:
         78:cb:37:05:6b:15:6f:24:cc:18:44:7a:98:e8:1e:8a:4b:c2:
         17:8e:b9:04:1e:86:0b:1b:51:99:2a:c8:9a:a0:6c:7d:db:fb:
         15:74:4e:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ5v95VMrjYoa/UuQoM5P7D2gpREwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MTUyMzMyWhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiN2IyNzEyYzRiNDY2NTkyN2RmNjQ5NjBmMGE1N2E3NGI3
MmVhNjc3YzcwZGU0NWE4OWFjZjY5OTUwZjRjYmQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD9WPMS8PFB7lIXW3H63SEHSEanL+Px8PGOSTerIS6Zg1+e
kbZa66CZHMkF+G2RcuDrYv3oFwyNfG1k58jWffg9gld6BnGqfS7KDqB804z5jufE
MgVdrdvSosH9W8UDK0RfXAtDtTW1JdLsgfnasi6hSteAN4kZO+stCX+EHTDiSstN
KbgqIFnWUF1Y0gw190Fy+3MQID+aav8Cip3e2GyuB2ACgfx86gku8ltGMwjXZoth
mgs/uAprhHp7rUvLnpsR9Lu5jfCzOJmzlzPVsY0wqt2oDZAy016gXEAZZUTJxV+c
BRTOSkC2GbfQ5JUS7CiqRkanFBqVVhvlAb4lpGb9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsq4Y1xHyxqv7JaFRv/Vq+d4e6pYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5M2Q2MzVjLWM3ZWMtNGQ3Ny04Mzg4LTIwOGExNjYxNGNkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHMfhgwDQYJKoZIhvcNAQELBQADggEBAJqxKppoxgyc7E1meOuD2NiMph2u
f7l7Z61vkCqyjD7pcZ9ZmJZ7O+fbmwIt2Dp3LQOzYKltHGtGaW6UdGlHdx5ppIyQ
ozOC91pkKUf7xye+EkW2INyeUAcph4hPo+CtMOA4CrNFnZzYxl3H3dmy/oJJDg+4
2TdDs+Eyjcl55GQDbF62vvqNyZ9C1TZ9fN8PzYBL6sPn7ZXkzFkvhw96QhG8LCBH
nnGkKHwpjieDLOWKp/QcwldYOK13NseUFnFG1DbrCxXEQUa8e3IA9WN9B9MstgKv
xZAmtnjLNwVrFW8kzBhEepjoHopLwheOuQQehgsbUZkqyJqgbH3b+xV0TjM=
-----END CERTIFICATE-----