Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565bd2b5-79dd-4341-a5bc-d68981cd9648.roa
File:                     565bd2b5-79dd-4341-a5bc-d68981cd9648.roa (raw, json)
Hash identifier:          tVGItVe+niKm++F9iFis71gBGkPWnAwWTyjVRGUGIRc=
Subject key identifier:   A6:5E:E4:4D:62:F6:56:CE:79:5F:10:1E:DE:18:22:8F:CE:D0:58:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       630A9317801C7D47042D5A8B2DB310816C286D76
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565bd2b5-79dd-4341-a5bc-d68981cd9648.roa
Signing time:             Sat 12 Apr 2025 00:42:06 +0000
ROA not before:           Sat 12 Apr 2025 00:42:06 +0000
ROA not after:            Sat 17 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.119.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0a:93:17:80:1c:7d:47:04:2d:5a:8b:2d:b3:10:81:6c:28:6d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 12 00:42:06 2025 GMT
            Not After : May 17 23:59:59 2025 GMT
        Subject: serialNumber=1601f0a6a684b7c85f72590098b69ca124c2e0727a2f51e37c1a76bc16208120, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:52:60:bf:fb:c3:2e:44:3b:3b:d2:f6:d8:c8:
                    64:a5:50:65:45:ff:7a:da:ae:88:ca:fe:0d:ef:28:
                    4e:5e:dd:34:09:6a:bd:a4:7e:bb:5c:58:eb:69:53:
                    4a:c7:3b:41:9e:39:81:64:3a:96:84:eb:b6:0b:f4:
                    8e:bd:40:7c:02:c9:21:e2:41:08:e2:f9:4a:30:c6:
                    3a:3d:ec:46:53:28:a8:9a:31:9a:08:5d:a1:39:2f:
                    63:78:6c:3b:5c:75:ff:2d:bd:9a:67:3e:f5:1a:db:
                    f9:41:1e:29:ee:7c:f3:3d:61:f0:0a:20:35:9b:d2:
                    1f:32:66:fb:45:18:97:3f:62:9b:1f:c3:31:45:c3:
                    c6:85:2b:c9:74:10:59:3e:47:77:2f:48:8f:db:5e:
                    1a:2a:e2:b0:1e:5b:18:70:a0:b4:09:21:70:07:e7:
                    bf:99:ef:cb:bc:4a:17:03:50:51:69:7b:bb:9e:28:
                    94:38:cb:b4:4e:d3:d0:aa:bc:f6:09:a4:ad:24:ea:
                    31:0a:07:38:f1:96:37:e7:10:8e:b8:07:63:a6:23:
                    11:9d:89:37:46:08:a3:99:1f:1d:f7:83:79:30:4d:
                    cb:ca:06:9f:5a:d3:38:66:9a:dd:15:3d:54:c0:21:
                    c1:b8:6a:8a:73:b0:9c:0d:9c:a4:72:62:3a:5c:41:
                    72:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:5E:E4:4D:62:F6:56:CE:79:5F:10:1E:DE:18:22:8F:CE:D0:58:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565bd2b5-79dd-4341-a5bc-d68981cd9648.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         50:77:a0:2e:c5:b9:41:82:29:b3:8b:4d:e6:5b:ba:b9:28:9b:
         c9:47:c7:b3:4e:f7:e5:ec:02:80:47:a8:27:da:ba:02:71:1a:
         2b:4b:4e:15:60:80:24:d9:a1:fa:ff:6d:40:c9:08:b2:40:fe:
         73:d2:28:e8:b4:91:0c:9e:36:a2:97:39:58:34:11:07:46:59:
         4e:02:14:8a:f5:a5:bf:27:59:1c:25:84:81:cb:ac:36:b9:c6:
         36:1c:0d:33:50:b6:47:30:4f:54:39:51:0d:51:bb:4f:8b:a8:
         0f:e6:5e:06:ce:e8:bd:01:19:d6:f9:43:43:53:46:43:a8:35:
         de:ac:31:b7:0e:24:25:34:04:a0:45:94:51:77:b5:08:52:3f:
         b0:9a:f9:79:d4:61:65:1c:d4:e6:a8:c1:8e:88:54:b0:37:55:
         93:b5:61:f5:c2:cb:94:c6:77:36:fc:54:72:be:1d:49:66:ff:
         26:e6:b1:65:5c:6b:d8:63:04:6d:b0:80:19:ed:ea:47:ef:72:
         75:44:17:5d:7f:d6:d5:25:a2:a9:6d:4a:66:7a:c0:2a:49:e6:
         cb:1f:b5:e7:b3:ab:31:e6:8f:cb:5a:d8:c3:ee:9a:7a:a1:49:
         61:7d:2d:62:46:61:84:64:7c:69:7c:e4:75:28:a2:ff:11:8a:
         22:91:23:09
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYwqTF4AcfUcELVqLLbMQgWwobXYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDEyMDA0MjA2WhcNMjUwNTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjAxZjBhNmE2ODRiN2M4NWY3MjU5MDA5OGI2OWNhMTI0
YzJlMDcyN2EyZjUxZTM3YzFhNzZiYzE2MjA4MTIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmUmC/+8MuRDs70vbYyGSlUGVF/3rarojK/g3vKE5e3TQJ
ar2kfrtcWOtpU0rHO0GeOYFkOpaE67YL9I69QHwCySHiQQji+Uowxjo97EZTKKia
MZoIXaE5L2N4bDtcdf8tvZpnPvUa2/lBHinufPM9YfAKIDWb0h8yZvtFGJc/Ypsf
wzFFw8aFK8l0EFk+R3cvSI/bXhoq4rAeWxhwoLQJIXAH57+Z78u8ShcDUFFpe7ue
KJQ4y7RO09CqvPYJpK0k6jEKBzjxljfnEI64B2OmIxGdiTdGCKOZHx33g3kwTcvK
Bp9a0zhmmt0VPVTAIcG4aopzsJwNnKRyYjpcQXIHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpl7kTWL2Vs55XxAe3hgij87QWLkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2NWJkMmI1LTc5ZGQtNDM0MS1hNWJjLWQ2ODk4MWNkOTY0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4dzANBgkqhkiG9w0BAQsFAAOCAQEAUHegLsW5QYIps4tN5lu6uSibyUfH
s0735ewCgEeoJ9q6AnEaK0tOFWCAJNmh+v9tQMkIskD+c9Io6LSRDJ42opc5WDQR
B0ZZTgIUivWlvydZHCWEgcusNrnGNhwNM1C2RzBPVDlRDVG7T4uoD+ZeBs7ovQEZ
1vlDQ1NGQ6g13qwxtw4kJTQEoEWUUXe1CFI/sJr5edRhZRzU5qjBjohUsDdVk7Vh
9cLLlMZ3NvxUcr4dSWb/JuaxZVxr2GMEbbCAGe3qR+9ydUQXXX/W1SWiqW1KZnrA
Kknmyx+157OrMeaPy1rYw+6aeqFJYX0tYkZhhGR8aXzkdSii/xGKIpEjCQ==
-----END CERTIFICATE-----