Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa
File:                     64ebae17-f5e1-463d-899b-7418dd1add2f.roa (raw, json)
Hash identifier:          vRbVJ6I/F9SqNDModhwGsh4fv4VJb3Na8Q4JQKIFpt0=
Subject key identifier:   AD:06:5B:64:7D:3B:5D:F6:60:E0:8F:B8:29:80:2C:09:23:31:FD:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       034E115ED3AB625163A289694541D4CEA852E167
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa
Signing time:             Wed 09 Apr 2025 00:22:13 +0000
ROA not before:           Wed 09 Apr 2025 00:22:13 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.236.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:4e:11:5e:d3:ab:62:51:63:a2:89:69:45:41:d4:ce:a8:52:e1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  9 00:22:13 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=acbd9c1a44180ce5cba5e3fec45fc41692a5a743ed76b8364d33982819b6b40b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:47:0b:2a:4f:89:dd:1d:65:f5:45:f6:e7:
                    28:35:bd:f2:3c:ee:3e:24:29:1a:ba:da:8b:e8:7a:
                    93:16:e6:e5:ee:05:7a:86:b8:ec:8e:87:dc:d8:3a:
                    18:b6:a6:46:d5:93:42:9a:c7:2e:30:78:f0:51:13:
                    23:a1:79:d8:3b:4a:fb:6e:bf:a3:8b:90:ae:61:5e:
                    db:3d:5d:f3:7c:de:ca:6c:33:60:1c:dc:f3:44:14:
                    04:9c:4e:3b:dd:c2:14:02:bf:25:46:11:78:9f:4a:
                    27:f8:28:93:2b:77:cf:bb:00:16:06:0a:5f:48:73:
                    d6:a9:e1:62:26:98:00:86:71:ed:26:f8:85:6f:17:
                    f0:8b:11:17:5d:b2:b9:45:df:39:9c:d3:36:b9:bb:
                    eb:39:c5:db:53:13:59:27:c0:51:a6:da:ea:3c:26:
                    45:e1:6c:1f:f5:52:4e:68:b8:b2:58:75:da:ce:3c:
                    30:00:73:a7:65:bd:9c:c8:b1:43:c6:58:19:f5:34:
                    f4:a5:25:87:89:78:9d:6b:28:38:d5:81:bb:fa:c7:
                    72:8f:93:69:bb:8a:69:eb:56:13:8a:14:2b:15:d9:
                    d9:fe:07:fb:c7:9f:6e:b2:d7:c9:96:a5:55:6b:e2:
                    81:1c:2f:e4:64:25:1a:ad:9d:e6:1f:5a:df:bc:87:
                    a0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:06:5B:64:7D:3B:5D:F6:60:E0:8F:B8:29:80:2C:09:23:31:FD:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.236.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:13:fb:12:b7:90:da:19:86:08:09:c8:03:ea:a3:4f:5a:24:
         08:c7:15:6f:af:af:40:84:43:46:33:03:5c:ff:dd:fb:91:5e:
         c7:ff:47:f5:99:11:30:2e:06:bc:43:bd:7a:17:ae:f0:c7:7c:
         60:37:38:10:b5:13:1a:b7:80:21:13:ad:cd:38:eb:5b:80:b7:
         39:40:c7:17:cb:eb:b9:db:9b:16:a7:b5:15:be:c9:a6:a8:b7:
         7a:50:61:7c:52:da:47:8a:cc:9a:11:e4:12:8e:57:e0:6e:cf:
         60:96:56:5e:14:00:74:71:fc:c7:17:7d:a2:89:6d:aa:87:9e:
         e2:dd:86:d4:11:49:59:96:ab:bb:0c:a8:9c:c4:09:64:8a:f0:
         3b:a6:e5:b9:56:c4:19:f8:78:8f:01:9d:a3:3b:98:ea:12:e6:
         c2:67:1c:b2:3e:46:76:96:f9:d5:0f:e2:fe:54:c3:18:c7:cf:
         80:d8:e9:a2:c5:42:88:fe:18:0a:f3:6c:e6:aa:45:64:ee:92:
         c4:95:d7:05:40:ac:a6:83:56:7c:92:30:85:17:10:0b:f2:73:
         b2:dd:b5:4a:eb:f0:34:6b:90:e5:f9:6c:64:e8:6b:d8:51:35:
         8a:59:72:a2:d0:ee:ed:af:fc:13:15:c0:d6:e6:b9:a0:5f:43:
         9e:92:d6:fd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUA04RXtOrYlFjoolpRUHUzqhS4WcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA5MDAyMjEzWhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhY2JkOWMxYTQ0MTgwY2U1Y2JhNWUzZmVjNDVmYzQxNjky
YTVhNzQzZWQ3NmI4MzY0ZDMzOTgyODE5YjZiNDBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz5EcLKk+J3R1l9UX25yg1vfI87j4kKRq62ovoepMW5uXu
BXqGuOyOh9zYOhi2pkbVk0Kaxy4wePBREyOhedg7Svtuv6OLkK5hXts9XfN83sps
M2Ac3PNEFAScTjvdwhQCvyVGEXifSif4KJMrd8+7ABYGCl9Ic9ap4WImmACGce0m
+IVvF/CLERddsrlF3zmc0za5u+s5xdtTE1knwFGm2uo8JkXhbB/1Uk5ouLJYddrO
PDAAc6dlvZzIsUPGWBn1NPSlJYeJeJ1rKDjVgbv6x3KPk2m7imnrVhOKFCsV2dn+
B/vHn26y18mWpVVr4oEcL+RkJRqtneYfWt+8h6AfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrQZbZH07XfZg4I+4KYAsCSMx/dgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0ZWJhZTE3LWY1ZTEtNDYzZC04OTliLTc0MThkZDFhZGQyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA47DANBgkqhkiG9w0BAQsFAAOCAQEAQRP7EreQ2hmGCAnIA+qjT1okCMcV
b6+vQIRDRjMDXP/d+5Fex/9H9ZkRMC4GvEO9eheu8Md8YDc4ELUTGreAIROtzTjr
W4C3OUDHF8vrudubFqe1Fb7Jpqi3elBhfFLaR4rMmhHkEo5X4G7PYJZWXhQAdHH8
xxd9ooltqoee4t2G1BFJWZaruwyonMQJZIrwO6bluVbEGfh4jwGdozuY6hLmwmcc
sj5Gdpb51Q/i/lTDGMfPgNjposVCiP4YCvNs5qpFZO6SxJXXBUCspoNWfJIwhRcQ
C/Jzst21SuvwNGuQ5flsZOhr2FE1illyotDu7a/8ExXA1ua5oF9DnpLW/Q==
-----END CERTIFICATE-----