Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa
File:                     bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa (raw, json)
Hash identifier:          jL5yrp033feuvONdez4Tmmjf4pxYPoDxDQiFDHD6f5Q=
Subject key identifier:   D6:E8:ED:15:D9:2B:82:4F:D9:4E:66:CB:70:E4:57:4D:5E:96:18:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C96DAC59C4FBAE0279D49CAF6EC71C42B84D966
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa
Signing time:             Wed 12 Mar 2025 00:22:01 +0000
ROA not before:           Wed 12 Mar 2025 00:22:01 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        173.83.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:96:da:c5:9c:4f:ba:e0:27:9d:49:ca:f6:ec:71:c4:2b:84:d9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:22:01 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:bc:e7:c0:f5:18:35:fc:c4:13:74:8a:84:
                    30:1e:1c:1b:ff:9e:fd:40:9f:57:6c:be:20:51:09:
                    f0:bf:b2:ce:84:59:99:90:b9:a3:b7:29:92:88:3f:
                    87:4f:ce:10:84:fd:aa:cd:7b:3e:a0:7b:d5:d3:26:
                    88:e2:dd:86:25:ee:98:f5:18:09:2f:7a:55:d8:8e:
                    67:98:f9:b9:0b:be:10:08:2f:ef:d9:a2:fa:8d:d2:
                    05:88:84:38:94:06:dc:72:86:33:8f:a2:bf:82:7c:
                    e6:b9:a4:49:4f:34:61:91:fd:dd:93:f2:2f:e5:01:
                    40:88:97:2a:c1:11:b6:af:1e:f0:5f:30:57:99:31:
                    3e:17:ea:0b:35:38:20:48:3f:c5:ab:3d:f2:4a:81:
                    e8:49:de:09:66:b4:30:6a:0b:00:1d:4a:50:33:14:
                    c6:2e:5b:1f:f6:2e:c8:2d:d3:b4:8a:b0:83:5e:9a:
                    cc:db:2d:be:73:71:0a:88:c7:76:09:fa:f3:91:9e:
                    64:d3:ad:be:1a:3c:24:cb:da:45:15:d8:35:a5:85:
                    a5:13:28:10:46:cf:c5:6a:21:16:ff:d1:55:38:20:
                    1e:dc:72:8e:a0:7a:e4:8b:88:fe:46:3c:12:8d:74:
                    98:21:89:ee:95:4a:ae:d6:ef:a0:b2:7d:1c:93:27:
                    a6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E8:ED:15:D9:2B:82:4F:D9:4E:66:CB:70:E4:57:4D:5E:96:18:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.83.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         97:9d:92:b4:bb:5c:4a:05:9a:8c:64:87:f5:fe:76:16:fe:e3:
         2c:ef:e7:bf:d8:d7:b9:1f:63:13:5f:dc:75:09:c4:c5:93:e1:
         92:57:2d:da:bf:bf:f5:2c:fa:81:2a:5b:19:84:6d:3c:ee:ca:
         7e:e6:ab:37:17:5e:94:21:3d:99:9a:79:3b:e9:11:f0:54:51:
         45:35:3d:1e:35:a2:c9:8c:4b:88:5a:b8:6b:f3:24:26:83:1e:
         23:ac:09:51:19:a5:87:2c:fb:a9:68:5d:aa:6f:49:3c:5d:04:
         33:d3:73:7f:7b:d2:de:02:12:df:20:2e:a7:0f:5b:61:e9:26:
         46:fe:5d:2b:d5:b6:d0:bb:dc:65:52:b9:83:e8:f6:89:e7:4a:
         50:da:01:49:ae:63:e0:7f:82:da:43:de:9a:d5:98:f9:be:9b:
         9a:90:91:db:d5:2e:8f:cb:ac:29:b0:29:9f:f4:d9:4d:0d:46:
         ea:f0:c5:08:c0:c8:c0:09:98:ed:02:b3:16:44:e3:15:0f:53:
         2a:56:a9:96:ae:54:73:82:22:01:4e:37:42:91:3f:6b:54:29:
         71:1e:50:f2:0c:e5:25:01:ac:b4:ea:b7:c4:16:e6:d4:aa:ec:
         8e:89:35:73:3c:8d:b9:5e:d8:ed:52:22:0a:7f:9c:3a:22:0f:
         e0:f4:d4:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXJbaxZxPuuAnnUnK9uxxxCuE2WYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAyMjAxWhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjFlMjJiMGVlMzc1MGM2YWQxOThiZGFmZGExNzFlMTZj
MmIwYWVlM2QzOTI5NzM5YmFhNzVmYWNmNmIwOGE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoFLznwPUYNfzEE3SKhDAeHBv/nv1An1dsviBRCfC/ss6E
WZmQuaO3KZKIP4dPzhCE/arNez6ge9XTJoji3YYl7pj1GAkvelXYjmeY+bkLvhAI
L+/ZovqN0gWIhDiUBtxyhjOPor+CfOa5pElPNGGR/d2T8i/lAUCIlyrBEbavHvBf
MFeZMT4X6gs1OCBIP8WrPfJKgehJ3glmtDBqCwAdSlAzFMYuWx/2Lsgt07SKsINe
mszbLb5zcQqIx3YJ+vORnmTTrb4aPCTL2kUV2DWlhaUTKBBGz8VqIRb/0VU4IB7c
co6geuSLiP5GPBKNdJghie6VSq7W76CyfRyTJ6ZXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1ujtFdkrgk/ZTmbLcORXTV6WGEowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiNGE5Mjc2LWI1YjAtNGFjNC04OGVmLWFkNzUwYjYxMWRiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAetUwAwDQYJKoZIhvcNAQELBQADggEBAJedkrS7XEoFmoxkh/X+dhb+4yzv
57/Y17kfYxNf3HUJxMWT4ZJXLdq/v/Us+oEqWxmEbTzuyn7mqzcXXpQhPZmaeTvp
EfBUUUU1PR41osmMS4hauGvzJCaDHiOsCVEZpYcs+6loXapvSTxdBDPTc3970t4C
Et8gLqcPW2HpJkb+XSvVttC73GVSuYPo9onnSlDaAUmuY+B/gtpD3prVmPm+m5qQ
kdvVLo/LrCmwKZ/02U0NRurwxQjAyMAJmO0CsxZE4xUPUypWqZauVHOCIgFON0KR
P2tUKXEeUPIM5SUBrLTqt8QW5tSq7I6JNXM8jble2O1SIgp/nDoiD+D01Ac=
-----END CERTIFICATE-----