Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7f92332-54db-4d66-be7a-cf76fc42d00c.roa
File:                     b7f92332-54db-4d66-be7a-cf76fc42d00c.roa (raw, json)
Hash identifier:          XoAYH9wv4CRXG9p1yxCEc/fnwAMThrTlT78B81Xc364=
Subject key identifier:   B5:EF:98:77:E0:F4:4E:73:EA:12:AA:82:DF:65:86:E3:9A:A1:F3:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0177657E5A49205F1D3687E90BF002692C303775
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7f92332-54db-4d66-be7a-cf76fc42d00c.roa
Signing time:             Tue 08 Apr 2025 00:30:28 +0000
ROA not before:           Tue 08 Apr 2025 00:30:28 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.241.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:77:65:7e:5a:49:20:5f:1d:36:87:e9:0b:f0:02:69:2c:30:37:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:30:28 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=0bdc6a3af403fe0daff0730ed2701b260a6a40c8dcba03cf36112b629b59d55f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:18:5b:7c:b8:cc:13:f7:f6:9c:c9:de:8e:7d:
                    42:81:ae:83:4f:bf:9d:24:e8:7b:cd:e1:ca:68:66:
                    26:4b:af:01:d1:25:2d:1a:33:77:dc:95:c8:8e:d2:
                    0b:10:fc:3d:23:5c:4f:f9:d1:f3:15:a3:46:50:26:
                    26:e3:43:36:52:0d:25:3c:32:19:9f:24:cf:82:9e:
                    8e:d8:91:5f:3a:12:95:c3:f6:77:80:b9:d9:ef:72:
                    16:2b:f3:25:ff:5d:43:01:b9:63:b1:0c:8b:4b:e8:
                    f6:b7:7e:9c:12:75:02:a4:85:83:d0:4c:fc:d1:a6:
                    ef:f2:cb:02:33:56:b1:86:2a:15:29:c7:50:5d:48:
                    b4:f5:d0:84:d1:52:3b:d4:45:08:ab:0a:ea:49:d7:
                    09:5c:6d:cb:e2:a3:36:33:4c:ed:74:0b:f5:7c:ea:
                    2b:00:61:ec:5e:d0:9e:bf:fe:2a:c2:92:5e:95:e9:
                    1b:47:b6:ed:bb:1a:64:3f:87:fa:af:de:40:5d:84:
                    b4:89:9a:f0:bd:df:7e:2c:ff:54:c5:c3:ab:41:f6:
                    f0:27:14:aa:d7:20:bc:f7:49:08:53:86:78:bf:63:
                    8b:46:f4:9f:e2:dd:12:e8:6c:48:52:44:85:59:e1:
                    bb:ec:28:67:6e:b5:48:a9:3b:b7:ee:38:d0:fe:65:
                    4f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:EF:98:77:E0:F4:4E:73:EA:12:AA:82:DF:65:86:E3:9A:A1:F3:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7f92332-54db-4d66-be7a-cf76fc42d00c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.241.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:aa:6e:9c:69:38:a2:60:f2:eb:b0:88:7c:c1:ed:45:e7:fd:
         ec:ba:a9:ba:1f:02:34:61:9f:fe:4c:f0:ce:c2:f8:a5:53:7d:
         b1:20:6f:e6:ee:36:39:d6:a2:11:ae:43:20:24:ac:62:24:db:
         7b:9e:e5:c1:c7:06:6c:0e:3f:66:20:f2:32:11:94:26:df:94:
         fb:56:4d:1b:85:90:d5:e5:6d:9a:12:59:c0:48:d9:e9:cd:5f:
         33:ce:ba:40:f5:15:de:dc:91:c9:f8:56:f6:4d:85:9f:8b:82:
         3b:57:38:63:1a:17:7e:bd:ed:53:89:3f:73:a2:55:a3:06:0e:
         82:5b:b7:11:d9:ea:e7:97:27:02:a6:d3:50:dd:6c:27:ef:36:
         ca:65:c2:dd:ed:28:c5:77:71:11:11:eb:06:9c:7e:de:ae:5c:
         e5:f9:c8:c9:b0:84:f7:e5:54:c2:db:8a:fe:fd:87:97:6c:9c:
         46:0f:bf:f4:16:e6:ec:dc:94:f6:c0:9a:a2:1b:5b:f9:5d:b3:
         d7:f3:d4:67:7f:fa:d2:55:6d:7e:81:94:27:b8:ad:03:c8:c2:
         ea:d7:69:fa:ef:03:6b:a5:1a:e1:d3:94:c4:67:04:7b:e8:f6:
         05:ad:f6:97:b2:63:35:03:d3:b6:8f:46:ee:57:6d:7d:76:10:
         ff:d6:d3:bb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAXdlflpJIF8dNofpC/ACaSwwN3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAzMDI4WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmRjNmEzYWY0MDNmZTBkYWZmMDczMGVkMjcwMWIyNjBh
NmE0MGM4ZGNiYTAzY2YzNjExMmI2MjliNTlkNTVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKGFt8uMwT9/acyd6OfUKBroNPv50k6HvN4cpoZiZLrwHR
JS0aM3fclciO0gsQ/D0jXE/50fMVo0ZQJibjQzZSDSU8MhmfJM+Cno7YkV86EpXD
9neAudnvchYr8yX/XUMBuWOxDItL6Pa3fpwSdQKkhYPQTPzRpu/yywIzVrGGKhUp
x1BdSLT10ITRUjvURQirCupJ1wlcbcviozYzTO10C/V86isAYexe0J6//irCkl6V
6RtHtu27GmQ/h/qv3kBdhLSJmvC9334s/1TFw6tB9vAnFKrXILz3SQhThni/Y4tG
9J/i3RLobEhSRIVZ4bvsKGdutUipO7fuOND+ZU8RAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUte+Yd+D0TnPqEqqC32WG45qh8z8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3ZjkyMzMyLTU0ZGItNGQ2Ni1iZTdhLWNmNzZmYzQyZDAwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA48TANBgkqhkiG9w0BAQsFAAOCAQEAo6punGk4omDy67CIfMHtRef97Lqp
uh8CNGGf/kzwzsL4pVN9sSBv5u42OdaiEa5DICSsYiTbe57lwccGbA4/ZiDyMhGU
Jt+U+1ZNG4WQ1eVtmhJZwEjZ6c1fM866QPUV3tyRyfhW9k2Fn4uCO1c4YxoXfr3t
U4k/c6JVowYOglu3Ednq55cnAqbTUN1sJ+82ymXC3e0oxXdxERHrBpx+3q5c5fnI
ybCE9+VUwtuK/v2Hl2ycRg+/9Bbm7NyU9sCaohtb+V2z1/PUZ3/60lVtfoGUJ7it
A8jC6tdp+u8Da6Ua4dOUxGcEe+j2Ba32l7JjNQPTto9G7ldtfXYQ/9bTuw==
-----END CERTIFICATE-----