Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ff67b07-091b-43da-9723-1a94e29d65e8.roa
File:                     1ff67b07-091b-43da-9723-1a94e29d65e8.roa (raw, json)
Hash identifier:          dGOxCM/8Sb40fbu9eLgAb9wIdbK3l4QnJ4ZtlvGr9v8=
Subject key identifier:   CA:56:EA:F2:A7:B7:72:3A:B6:01:B9:04:E3:0A:E2:04:5D:41:0B:6D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       611B75211DD67F13182586EF20C25A9C29C4379E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ff67b07-091b-43da-9723-1a94e29d65e8.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.43.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:1b:75:21:1d:d6:7f:13:18:25:86:ef:20:c2:5a:9c:29:c4:37:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=ef54f068decc387da4794f1c0539581b35cc0e300b1b120986b2aa1a79947d28, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a7:fc:32:29:a0:6d:b1:9e:82:fc:b2:0a:2f:
                    c3:d4:93:bb:23:3a:81:ca:ae:3e:68:52:cf:8b:44:
                    33:bf:96:d2:d5:a2:0c:2f:63:ff:58:d5:a2:79:09:
                    22:1a:41:42:a5:48:e9:38:b0:e6:65:53:0a:8b:c8:
                    36:a2:09:94:e3:67:57:e7:da:b5:98:61:76:6f:ab:
                    ef:d4:2c:51:37:ce:44:a6:2f:ce:25:fd:8c:e9:41:
                    72:a8:e0:e0:d8:7d:bb:8f:99:dc:1f:47:93:3e:b4:
                    64:d7:8c:de:22:03:cb:09:6e:9f:4f:0d:a2:2d:2a:
                    db:94:e7:aa:d3:0c:bf:62:19:18:20:9a:fb:85:96:
                    4a:b1:d8:aa:5a:1a:e7:82:54:3e:18:38:a3:e7:5e:
                    92:5f:86:93:9d:8f:1f:8d:e1:4c:70:c9:d8:8c:2e:
                    44:31:e6:b1:d4:2f:dc:66:37:2a:ec:37:87:c4:80:
                    3f:d7:47:9c:d3:73:f8:29:f6:9d:72:d1:a4:5a:8e:
                    16:83:00:c0:b0:a2:58:f7:bd:68:1a:45:f1:11:d9:
                    5c:37:65:b7:9d:00:51:dd:f3:d7:6c:62:4b:4c:17:
                    0d:c2:46:3a:10:e7:1a:82:2e:8f:17:b8:8a:f4:3c:
                    f1:3b:e5:70:28:cc:99:c0:51:e6:56:a0:45:9a:c1:
                    c9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:56:EA:F2:A7:B7:72:3A:B6:01:B9:04:E3:0A:E2:04:5D:41:0B:6D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ff67b07-091b-43da-9723-1a94e29d65e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:52:06:fc:e1:67:df:ae:37:2b:79:35:da:0b:06:58:c2:49:
         f0:54:89:09:93:6a:af:bc:82:20:60:17:fc:7b:5e:40:33:6d:
         05:b4:b6:7e:0f:32:85:8a:32:11:93:5e:cd:14:3a:76:f6:da:
         7b:4a:5a:6d:f8:97:2d:7e:83:ce:58:92:66:fb:bb:1a:96:90:
         d5:49:58:f9:68:9b:b0:7d:bc:72:8e:ec:09:d7:ee:8b:31:46:
         80:56:52:b3:11:4c:37:f6:4e:25:d3:8a:91:e4:69:dd:03:e8:
         27:ac:19:0c:5e:8c:00:7e:a2:d9:c3:f0:6a:eb:5d:d5:01:76:
         f8:aa:a4:ec:15:b4:97:ff:09:7d:48:d8:65:c6:26:2b:13:bc:
         27:96:20:61:ed:24:47:d4:e5:a8:db:b6:2b:d8:ac:92:a0:15:
         c1:26:ea:91:33:36:34:77:46:89:d8:c4:87:87:85:33:71:97:
         2d:b1:9d:05:bb:b1:fa:cf:c0:d0:eb:b5:09:c3:ed:75:73:0e:
         19:3e:3e:ab:97:cc:d6:00:c0:24:18:89:8a:f6:32:ca:23:8a:
         38:45:98:66:07:55:84:6a:bb:b9:b1:1e:7f:b4:4c:fb:ce:2b:
         20:f3:4a:d4:d3:e5:d0:d4:3d:28:b4:dc:b9:54:6a:8d:f8:59:
         77:cf:97:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYRt1IR3WfxMYJYbvIMJanCnEN54wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjU0ZjA2OGRlY2MzODdkYTQ3OTRmMWMwNTM5NTgxYjM1
Y2MwZTMwMGIxYjEyMDk4NmIyYWExYTc5OTQ3ZDI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFp/wyKaBtsZ6C/LIKL8PUk7sjOoHKrj5oUs+LRDO/ltLV
ogwvY/9Y1aJ5CSIaQUKlSOk4sOZlUwqLyDaiCZTjZ1fn2rWYYXZvq+/ULFE3zkSm
L84l/YzpQXKo4ODYfbuPmdwfR5M+tGTXjN4iA8sJbp9PDaItKtuU56rTDL9iGRgg
mvuFlkqx2KpaGueCVD4YOKPnXpJfhpOdjx+N4UxwydiMLkQx5rHUL9xmNyrsN4fE
gD/XR5zTc/gp9p1y0aRajhaDAMCwolj3vWgaRfER2Vw3ZbedAFHd89dsYktMFw3C
RjoQ5xqCLo8XuIr0PPE75XAozJnAUeZWoEWawcnPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUylbq8qe3cjq2AbkE4wriBF1BC20wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmZjY3YjA3LTA5MWItNDNkYS05NzIzLTFhOTRlMjlkNjVlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4KzANBgkqhkiG9w0BAQsFAAOCAQEAJ1IG/OFn3643K3k12gsGWMJJ8FSJ
CZNqr7yCIGAX/HteQDNtBbS2fg8yhYoyEZNezRQ6dvbae0pabfiXLX6DzliSZvu7
GpaQ1UlY+WibsH28co7sCdfuizFGgFZSsxFMN/ZOJdOKkeRp3QPoJ6wZDF6MAH6i
2cPwautd1QF2+Kqk7BW0l/8JfUjYZcYmKxO8J5YgYe0kR9TlqNu2K9iskqAVwSbq
kTM2NHdGidjEh4eFM3GXLbGdBbux+s/A0Ou1CcPtdXMOGT4+q5fM1gDAJBiJivYy
yiOKOEWYZgdVhGq7ubEef7RM+84rIPNK1NPl0NQ9KLTcuVRqjfhZd8+XfQ==
-----END CERTIFICATE-----