Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6171f77a-1235-4e07-b285-6010c89ce5bc.roa
File:                     6171f77a-1235-4e07-b285-6010c89ce5bc.roa (raw, json)
Hash identifier:          oY5CqmlFsaR132a4Mh5D/XLsSb8S/UTnQKHZBRNQOMc=
Subject key identifier:   A3:9C:9D:71:A3:29:83:F4:02:1C:A5:FA:0F:D2:A8:34:99:4F:35:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3790811313C1DE6E9A59DB6E082DA82CCB8DFA21
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6171f77a-1235-4e07-b285-6010c89ce5bc.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.33.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:90:81:13:13:c1:de:6e:9a:59:db:6e:08:2d:a8:2c:cb:8d:fa:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=7f5d7f270cc533d2a273b83a64b056a0593ca8f93a35a8ef9cd91fa6a311c049, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c9:4d:52:42:a3:7c:66:de:e0:5d:47:23:a6:
                    7b:d6:b9:10:3f:74:f9:69:c8:bc:ab:38:cd:e0:9a:
                    a0:57:f0:72:e2:62:c1:e9:26:6e:f7:f0:f2:1b:bb:
                    75:9c:ad:68:6a:1e:99:84:4d:8f:c0:e9:4a:78:c0:
                    d9:e9:57:a3:42:e1:fe:be:6e:da:3b:f4:6b:c8:e8:
                    eb:83:f9:43:d3:a3:98:03:f9:d5:03:3c:6d:03:b7:
                    3e:65:49:bd:b4:8e:81:e3:74:f9:4b:b3:2a:bf:a9:
                    eb:c9:87:10:b0:a0:4d:7f:df:f1:79:f2:ae:d2:8b:
                    bf:e0:fa:f6:72:a1:a3:ae:82:eb:b2:7d:92:37:4d:
                    6b:9d:61:ef:72:84:ee:90:48:a0:bb:1a:60:b3:64:
                    55:8e:e9:ee:c6:28:a5:00:da:57:78:6c:81:09:7f:
                    9b:06:e3:b3:da:5a:b0:5d:6d:15:39:0c:31:36:08:
                    3b:23:9f:8c:63:1a:0a:95:7b:c6:20:0f:35:2e:34:
                    d2:5c:5b:da:0a:f7:e6:cc:a7:19:40:5b:de:66:25:
                    58:ec:63:b8:2a:32:80:5b:74:58:3e:1b:24:68:b8:
                    4d:12:38:70:6a:53:24:51:0f:39:db:e2:52:06:54:
                    9f:50:51:31:96:1c:5f:d8:0b:cc:8b:b7:9d:d8:42:
                    80:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:9C:9D:71:A3:29:83:F4:02:1C:A5:FA:0F:D2:A8:34:99:4F:35:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6171f77a-1235-4e07-b285-6010c89ce5bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.33.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         27:d1:c8:1f:b1:c7:99:f7:a0:e0:93:e7:a1:59:0d:a9:c3:c4:
         f8:b9:f0:5d:23:6c:43:dd:b4:f1:03:4c:53:da:20:88:2f:34:
         3c:78:42:64:be:3b:ea:89:6c:77:f0:20:13:17:03:49:64:f8:
         f5:ec:02:eb:aa:8b:09:b8:68:66:f5:6f:39:21:50:ea:98:63:
         9b:c2:44:15:33:22:03:7d:54:24:b8:f6:85:c2:f0:29:b6:4f:
         40:61:88:3c:c9:80:da:3a:0b:06:a3:ae:13:6b:24:d8:73:27:
         a0:d7:bc:47:d2:a1:ca:a2:04:df:63:ac:80:0c:42:c7:9a:f1:
         25:e2:e1:d1:83:fb:2a:86:a8:24:ab:6d:11:6d:1d:49:53:03:
         56:ba:1c:2f:e7:cf:35:e1:07:6a:8f:88:25:ed:fa:50:10:51:
         84:f8:f5:bf:5e:03:f0:3c:cd:bf:7a:a0:d7:0b:8e:47:ef:2d:
         c4:70:4f:97:0e:45:72:85:54:e1:0f:a4:ee:41:42:99:13:5d:
         95:1e:89:06:a1:47:e9:86:c0:95:3b:24:07:22:3a:13:5e:77:
         4b:c7:fb:92:4b:54:4f:e1:d9:f8:ad:cf:8b:e6:2a:a9:cd:97:
         b8:22:c2:55:3d:bd:93:f0:04:14:d7:43:1d:05:73:ab:07:99:
         2f:b5:cc:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN5CBExPB3m6aWdtuCC2oLMuN+iEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjVkN2YyNzBjYzUzM2QyYTI3M2I4M2E2NGIwNTZhMDU5
M2NhOGY5M2EzNWE4ZWY5Y2Q5MWZhNmEzMTFjMDQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHyU1SQqN8Zt7gXUcjpnvWuRA/dPlpyLyrOM3gmqBX8HLi
YsHpJm738PIbu3WcrWhqHpmETY/A6Up4wNnpV6NC4f6+bto79GvI6OuD+UPTo5gD
+dUDPG0Dtz5lSb20joHjdPlLsyq/qevJhxCwoE1/3/F58q7Si7/g+vZyoaOuguuy
fZI3TWudYe9yhO6QSKC7GmCzZFWO6e7GKKUA2ld4bIEJf5sG47PaWrBdbRU5DDE2
CDsjn4xjGgqVe8YgDzUuNNJcW9oK9+bMpxlAW95mJVjsY7gqMoBbdFg+GyRouE0S
OHBqUyRRDznb4lIGVJ9QUTGWHF/YC8yLt53YQoCvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo5ydcaMpg/QCHKX6D9KoNJlPNcMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxNzFmNzdhLTEyMzUtNGUwNy1iMjg1LTYwMTBjODljZTViYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcjIYAwDQYJKoZIhvcNAQELBQADggEBACfRyB+xx5n3oOCT56FZDanDxPi5
8F0jbEPdtPEDTFPaIIgvNDx4QmS+O+qJbHfwIBMXA0lk+PXsAuuqiwm4aGb1bzkh
UOqYY5vCRBUzIgN9VCS49oXC8Cm2T0BhiDzJgNo6CwajrhNrJNhzJ6DXvEfSocqi
BN9jrIAMQsea8SXi4dGD+yqGqCSrbRFtHUlTA1a6HC/nzzXhB2qPiCXt+lAQUYT4
9b9eA/A8zb96oNcLjkfvLcRwT5cORXKFVOEPpO5BQpkTXZUeiQahR+mGwJU7JAci
OhNed0vH+5JLVE/h2fitz4vmKqnNl7giwlU9vZPwBBTXQx0Fc6sHmS+1zEo=
-----END CERTIFICATE-----