Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ed817bc-fe34-41fd-b5d4-b7805ecd2d73.roa
File:                     3ed817bc-fe34-41fd-b5d4-b7805ecd2d73.roa (raw, json)
Hash identifier:          elaPY2iDCLASnsu4OI+3IVVbkTW9Vu0+7bYDAGDghGo=
Subject key identifier:   B7:25:76:31:7F:26:84:A5:08:14:74:DD:CD:4E:80:5A:2F:CB:8D:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56A1A15F93066AA82457E44400B4017278E4A55B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ed817bc-fe34-41fd-b5d4-b7805ecd2d73.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.70.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:a1:a1:5f:93:06:6a:a8:24:57:e4:44:00:b4:01:72:78:e4:a5:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=71f16f0bd0de368f8ef930b89e3349a7e905c45caa01f2591ba7b62ebedeffac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1e:de:1c:ff:fb:3d:fd:6f:97:ff:57:85:d0:
                    b3:57:47:22:2f:9a:56:7c:b0:ec:93:97:94:db:3a:
                    49:90:a9:82:75:5d:4f:86:79:83:28:98:23:ca:46:
                    cd:c8:2a:d2:c1:ea:1b:88:dc:ad:d0:b0:e1:25:4a:
                    86:3e:cf:8f:32:b9:c6:cf:9d:38:15:05:49:c4:db:
                    40:7f:02:4f:13:54:00:2a:20:01:75:0f:bf:f4:a7:
                    58:be:1d:fd:48:5e:bf:e4:e6:0c:eb:4a:f1:3a:26:
                    0b:2e:7c:86:5e:37:c1:fb:e5:b3:96:18:6a:5d:40:
                    03:2b:63:f4:72:dd:17:28:f6:33:fb:18:66:1e:1c:
                    4b:e7:b0:89:f1:27:fc:6d:e4:02:46:f4:b1:fb:e0:
                    b6:1d:39:6b:3a:3c:83:4c:7d:38:d8:84:4e:97:07:
                    28:4d:b7:ec:3c:02:4a:f3:2d:4e:e5:e9:19:5e:03:
                    95:25:18:f0:0e:1e:d4:88:8b:df:6d:6b:73:9b:83:
                    ad:4d:18:e4:b0:f8:4f:a6:03:7b:b9:a2:ec:de:60:
                    df:58:b7:c0:8f:fa:67:cf:55:31:dc:95:ff:2a:11:
                    1f:4a:5b:f3:6d:60:26:2a:da:53:77:a9:1b:11:51:
                    8d:f0:7e:06:3e:55:db:92:9b:1d:19:65:1d:f2:3d:
                    a7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:25:76:31:7F:26:84:A5:08:14:74:DD:CD:4E:80:5A:2F:CB:8D:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ed817bc-fe34-41fd-b5d4-b7805ecd2d73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:2f:d3:ac:d9:c3:ae:c6:4f:1f:78:08:cc:97:6b:6b:66:ea:
         9e:28:9a:47:ff:53:64:46:5b:fd:c5:c6:ef:da:8e:ce:76:4e:
         49:4e:65:31:0f:0f:04:39:36:17:ca:93:27:44:9e:71:c5:91:
         b8:71:f6:61:09:6c:9a:23:d0:4d:e3:d9:15:ac:13:7d:1d:c1:
         df:1b:4b:09:20:1e:5b:06:9e:90:67:6d:ef:05:12:3e:7b:70:
         c0:16:1b:b5:3c:cc:e1:bc:d4:9e:c1:ca:b8:eb:4c:90:cf:a6:
         02:74:6c:32:ac:da:75:28:e0:8f:92:8f:6c:37:e0:98:f6:be:
         18:ab:09:6c:e5:50:f8:d3:cc:47:c3:90:a5:e6:62:3b:f9:db:
         d7:fb:81:10:27:1a:24:69:98:15:d6:0e:7c:0f:25:f5:6a:3f:
         a4:57:81:1a:c0:0f:b5:e4:11:83:ba:fb:92:92:cd:08:d9:c2:
         29:f0:cc:63:27:43:58:7a:97:b4:9e:4a:78:b6:65:fc:89:f2:
         56:af:6b:63:99:e5:8c:6d:f1:59:67:1b:7e:aa:a9:3b:10:3b:
         ce:60:cd:ed:6d:3e:39:63:3a:dc:43:a4:75:18:61:74:21:21:
         19:6e:b0:4a:34:b7:63:e0:af:02:a3:8c:5e:a0:52:9d:2e:ed:
         4c:02:c3:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVqGhX5MGaqgkV+REALQBcnjkpVswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWYxNmYwYmQwZGUzNjhmOGVmOTMwYjg5ZTMzNDlhN2U5
MDVjNDVjYWEwMWYyNTkxYmE3YjYyZWJlZGVmZmFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCFHt4c//s9/W+X/1eF0LNXRyIvmlZ8sOyTl5TbOkmQqYJ1
XU+GeYMomCPKRs3IKtLB6huI3K3QsOElSoY+z48yucbPnTgVBUnE20B/Ak8TVAAq
IAF1D7/0p1i+Hf1IXr/k5gzrSvE6JgsufIZeN8H75bOWGGpdQAMrY/Ry3Rco9jP7
GGYeHEvnsInxJ/xt5AJG9LH74LYdOWs6PINMfTjYhE6XByhNt+w8AkrzLU7l6Rle
A5UlGPAOHtSIi99ta3Obg61NGOSw+E+mA3u5ouzeYN9Yt8CP+mfPVTHclf8qER9K
W/NtYCYq2lN3qRsRUY3wfgY+VduSmx0ZZR3yPafvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtyV2MX8mhKUIFHTdzU6AWi/LjSAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlZDgxN2JjLWZlMzQtNDFmZC1iNWQ0LWI3ODA1ZWNkMmQ3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EYwDQYJKoZIhvcNAQELBQADggEBAF4v06zZw67GTx94CMyXa2tm6p4o
mkf/U2RGW/3Fxu/ajs52TklOZTEPDwQ5NhfKkydEnnHFkbhx9mEJbJoj0E3j2RWs
E30dwd8bSwkgHlsGnpBnbe8FEj57cMAWG7U8zOG81J7ByrjrTJDPpgJ0bDKs2nUo
4I+Sj2w34Jj2vhirCWzlUPjTzEfDkKXmYjv529f7gRAnGiRpmBXWDnwPJfVqP6RX
gRrAD7XkEYO6+5KSzQjZwinwzGMnQ1h6l7SeSni2ZfyJ8lava2OZ5Yxt8VlnG36q
qTsQO85gze1tPjljOtxDpHUYYXQhIRlusEo0t2PgrwKjjF6gUp0u7UwCw6w=
-----END CERTIFICATE-----