Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
File:                     593de0b1-b07b-4d5a-8e80-eec3224dc436.roa (raw, json)
Hash identifier:          L8PokjUKKKEEDy7VdsPXquJvT6CCjU7W2x2oPMbpFcA=
Subject key identifier:   87:D6:A4:B2:56:B8:1F:85:62:2F:EF:61:27:89:B3:59:2D:EA:25:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       586B47A7B2B018B49F2346F66819D6A54891D760
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.128.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:6b:47:a7:b2:b0:18:b4:9f:23:46:f6:68:19:d6:a5:48:91:d7:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: serialNumber=89e381d5caf49049f36b9651c32e92409f8b3595f923f702a9ee1a6903f0cb15, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:68:01:cf:e9:49:b9:31:c2:d1:b9:f3:f6:5a:
                    9d:3f:d1:62:ce:0d:ae:99:63:eb:84:d9:63:a9:22:
                    9c:24:34:87:96:40:c2:6c:87:2f:48:be:b1:42:82:
                    55:b9:18:1c:1b:b7:ac:2d:25:ad:c6:5f:21:5f:55:
                    18:41:c0:b4:2d:f2:37:51:13:54:a9:a1:1a:98:e5:
                    13:6e:5a:66:9a:f2:67:89:7c:2b:8a:67:3c:13:08:
                    33:ef:fd:5b:d2:dd:64:c7:10:39:27:38:5e:65:26:
                    7d:0e:07:74:b9:13:73:16:24:48:8c:f1:da:71:21:
                    48:dc:37:f8:65:e9:04:f1:61:88:f7:a0:2a:2c:a5:
                    68:71:51:83:a0:a6:cb:40:f5:94:43:94:80:2f:3e:
                    d9:99:b5:3d:94:88:f3:d8:9b:f6:66:dc:20:f8:33:
                    eb:4e:d1:c2:90:0e:66:85:89:d0:67:03:af:cb:48:
                    18:48:fa:18:64:af:5c:93:e1:6c:c0:76:91:3d:44:
                    2c:e5:2a:90:0e:a7:a0:75:9e:db:6c:fd:e8:b7:4e:
                    3b:b9:e6:a2:64:96:bf:9a:1c:b1:d9:75:00:c0:6e:
                    b9:ab:66:55:82:51:4d:70:c2:97:f8:ca:67:c5:ad:
                    5b:3c:12:47:80:12:52:de:d2:c2:a2:2d:d0:dd:b4:
                    f3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D6:A4:B2:56:B8:1F:85:62:2F:EF:61:27:89:B3:59:2D:EA:25:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:b7:b8:43:6d:d5:81:20:3e:a6:93:39:3d:37:fc:87:76:5c:
         50:79:eb:f6:2f:24:31:c1:d9:07:c0:1e:81:13:75:89:a3:1e:
         ac:cf:f4:b7:0d:45:61:07:13:22:e6:80:c5:62:05:72:aa:63:
         b9:fd:1f:f5:e5:4e:8a:3b:d4:63:dc:ca:10:bc:c0:d8:0b:9b:
         4a:71:68:cf:41:fc:34:23:e3:1f:79:19:45:0e:dc:a2:6b:3a:
         f4:12:32:4e:fd:99:a3:c5:a3:44:52:63:89:90:99:1e:ee:70:
         9f:21:5f:bf:b1:ba:ce:d9:78:00:df:2a:73:28:5e:60:cc:a8:
         6b:e4:a0:b4:33:0f:75:28:a7:77:7c:9c:00:ec:72:44:39:a9:
         43:25:70:9d:23:ff:ae:5c:b2:50:ba:f5:17:32:91:d2:2a:19:
         dd:b8:f9:8f:77:bf:71:2c:49:d0:e4:a7:b9:be:61:65:4a:07:
         a6:df:ab:a9:8e:3f:41:3b:bf:27:d0:40:73:a9:b7:13:6e:08:
         c0:33:14:fa:d5:34:a9:37:da:c5:76:d0:e1:b3:9b:68:75:aa:
         8e:b0:2a:70:5a:07:a7:10:7f:d5:03:17:e6:05:d2:f6:5e:30:
         fc:5c:ba:de:6f:14:6f:cc:d1:d6:42:c0:35:81:40:a3:35:fd:
         9e:0f:2a:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWGtHp7KwGLSfI0b2aBnWpUiR12AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWUzODFkNWNhZjQ5MDQ5ZjM2Yjk2NTFjMzJlOTI0MDlm
OGIzNTk1ZjkyM2Y3MDJhOWVlMWE2OTAzZjBjYjE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLaAHP6Um5McLRufP2Wp0/0WLODa6ZY+uE2WOpIpwkNIeW
QMJshy9IvrFCglW5GBwbt6wtJa3GXyFfVRhBwLQt8jdRE1SpoRqY5RNuWmaa8meJ
fCuKZzwTCDPv/VvS3WTHEDknOF5lJn0OB3S5E3MWJEiM8dpxIUjcN/hl6QTxYYj3
oCospWhxUYOgpstA9ZRDlIAvPtmZtT2UiPPYm/Zm3CD4M+tO0cKQDmaFidBnA6/L
SBhI+hhkr1yT4WzAdpE9RCzlKpAOp6B1ntts/ei3Tju55qJklr+aHLHZdQDAbrmr
ZlWCUU1wwpf4ymfFrVs8EkeAElLe0sKiLdDdtPMBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh9aksla4H4ViL+9hJ4mzWS3qJccwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5M2RlMGIxLWIwN2ItNGQ1YS04ZTgwLWVlYzMyMjRkYzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOIAwDQYJKoZIhvcNAQELBQADggEBAM23uENt1YEgPqaTOT03/Id2XFB5
6/YvJDHB2QfAHoETdYmjHqzP9LcNRWEHEyLmgMViBXKqY7n9H/XlToo71GPcyhC8
wNgLm0pxaM9B/DQj4x95GUUO3KJrOvQSMk79maPFo0RSY4mQmR7ucJ8hX7+xus7Z
eADfKnMoXmDMqGvkoLQzD3Uop3d8nADsckQ5qUMlcJ0j/65cslC69RcykdIqGd24
+Y93v3EsSdDkp7m+YWVKB6bfq6mOP0E7vyfQQHOptxNuCMAzFPrVNKk32sV20OGz
m2h1qo6wKnBaB6cQf9UDF+YF0vZeMPxcut5vFG/M0dZCwDWBQKM1/Z4PKnk=
-----END CERTIFICATE-----