Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05ca82d2-6384-465b-9cc8-584997578e14.roa
File:                     05ca82d2-6384-465b-9cc8-584997578e14.roa (raw, json)
Hash identifier:          i3ClDpo84BuOZafKy7CDB9c6yHHhZdJ43LteXUCWewA=
Subject key identifier:   63:8A:B9:10:2C:CC:7B:A0:E3:85:1E:9D:15:62:29:F0:FF:56:7A:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53E2EF82C68B9AFA2060920A7600113A2D49507E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05ca82d2-6384-465b-9cc8-584997578e14.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.218.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e2:ef:82:c6:8b:9a:fa:20:60:92:0a:76:00:11:3a:2d:49:50:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=614c6d9911a4c25c2663305ccda39c4a8aeeb4c29cf74a24492abedfabfe0541, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b7:fb:6a:2c:87:0d:de:d6:99:c9:34:c7:4c:
                    06:a3:c9:17:c8:f3:af:04:92:1e:61:d4:e5:d8:51:
                    81:7d:55:c5:b2:0a:d1:ad:49:53:67:b6:ef:4b:67:
                    d4:08:b0:2b:a6:ed:51:96:88:87:53:2a:df:6c:fe:
                    76:70:36:c8:5b:ed:22:2a:d4:72:ea:f4:a2:f3:bd:
                    8d:7c:2f:1c:58:de:f2:ab:f3:97:6b:ea:ca:43:aa:
                    a0:35:fe:7b:0b:22:90:64:3a:0b:90:48:55:3d:ec:
                    61:d7:94:b1:0f:f5:ca:e6:24:51:16:c8:b4:38:ff:
                    df:f3:79:13:b3:46:5e:01:05:03:60:12:cc:b5:93:
                    44:eb:5a:28:d1:6f:cf:89:5c:76:8c:bf:ea:95:08:
                    84:ab:73:55:d2:a4:26:34:2c:8f:14:4a:08:da:78:
                    7f:e2:3f:aa:9e:67:f8:97:94:9b:8c:5b:23:99:21:
                    5d:00:3c:8a:e3:e8:f5:cd:a0:24:e7:ba:f6:6a:11:
                    fa:f8:3c:6e:17:1c:31:d5:bb:f8:c9:db:17:aa:54:
                    f0:6f:74:6f:16:f6:b2:1e:63:59:96:a7:f2:5a:96:
                    45:9a:ff:ae:72:32:a0:37:d2:8f:da:b4:53:b1:f2:
                    6f:24:71:57:e2:98:ed:76:7a:3c:4a:4d:46:4b:9d:
                    4f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:8A:B9:10:2C:CC:7B:A0:E3:85:1E:9D:15:62:29:F0:FF:56:7A:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05ca82d2-6384-465b-9cc8-584997578e14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.218.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b1:85:a5:82:14:60:b8:1e:7d:21:a8:5b:c8:45:b8:15:16:a0:
         b8:b8:c5:70:f3:e7:f6:4f:fc:74:31:82:90:33:e3:8a:ae:9f:
         dc:a2:99:32:6d:19:b7:12:32:2c:c8:d4:9d:2d:4f:56:62:a4:
         c1:5d:88:09:0c:68:73:60:59:62:fa:a7:4e:c0:46:41:d4:dc:
         01:64:38:cd:58:0c:8e:fe:77:fe:90:f7:a3:bd:ff:8f:f0:03:
         59:9f:bf:c6:b2:fc:03:e4:c5:35:44:2a:50:1c:4d:1e:a8:77:
         eb:b8:e8:af:0a:1b:f8:ed:db:73:44:6c:9e:ab:32:48:a4:de:
         f9:ad:85:40:07:5e:7f:5a:8c:37:7f:6d:a4:75:14:8b:67:0c:
         d6:af:d9:23:37:1c:a3:62:2a:c9:56:36:a0:3e:57:1a:3b:79:
         ff:d8:31:b1:38:53:55:5d:c9:c1:fa:ea:b2:d7:8e:ae:90:64:
         bf:21:09:e6:05:30:a1:85:4a:87:2c:ec:1a:be:c0:b4:bf:26:
         79:e4:18:e4:fe:cd:29:b3:63:69:c0:93:dc:2d:a3:c1:e8:c8:
         f1:a6:ea:82:6b:9a:95:32:dd:fb:0c:5a:3a:ce:06:ed:01:45:
         3b:0e:c9:8a:06:f2:3b:82:03:cd:c9:61:ec:45:72:5d:8f:a0:
         a5:30:59:ee
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUU+LvgsaLmvogYJIKdgAROi1JUH4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTRjNmQ5OTExYTRjMjVjMjY2MzMwNWNjZGEzOWM0YThh
ZWViNGMyOWNmNzRhMjQ0OTJhYmVkZmFiZmUwNTQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUt/tqLIcN3taZyTTHTAajyRfI868Ekh5h1OXYUYF9VcWy
CtGtSVNntu9LZ9QIsCum7VGWiIdTKt9s/nZwNshb7SIq1HLq9KLzvY18LxxY3vKr
85dr6spDqqA1/nsLIpBkOguQSFU97GHXlLEP9crmJFEWyLQ4/9/zeROzRl4BBQNg
Esy1k0TrWijRb8+JXHaMv+qVCISrc1XSpCY0LI8USgjaeH/iP6qeZ/iXlJuMWyOZ
IV0APIrj6PXNoCTnuvZqEfr4PG4XHDHVu/jJ2xeqVPBvdG8W9rIeY1mWp/JalkWa
/65yMqA30o/atFOx8m8kcVfimO12ejxKTUZLnU+nAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUY4q5ECzMe6DjhR6dFWIp8P9WetwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA1Y2E4MmQyLTYzODQtNDY1Yi05Y2M4LTU4NDk5NzU3OGUxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA42jANBgkqhkiG9w0BAQsFAAOCAQEAsYWlghRguB59IahbyEW4FRaguLjF
cPPn9k/8dDGCkDPjiq6f3KKZMm0ZtxIyLMjUnS1PVmKkwV2ICQxoc2BZYvqnTsBG
QdTcAWQ4zVgMjv53/pD3o73/j/ADWZ+/xrL8A+TFNUQqUBxNHqh367jorwob+O3b
c0RsnqsySKTe+a2FQAdef1qMN39tpHUUi2cM1q/ZIzcco2IqyVY2oD5XGjt5/9gx
sThTVV3JwfrqsteOrpBkvyEJ5gUwoYVKhyzsGr7AtL8meeQY5P7NKbNjacCT3C2j
wejI8abqgmualTLd+wxaOs4G7QFFOw7JigbyO4IDzclh7EVyXY+gpTBZ7g==
-----END CERTIFICATE-----