Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa
File:                     64ebae17-f5e1-463d-899b-7418dd1add2f.roa (raw, json)
Hash identifier:          WHBJUaM8ZwT0TwTZ1XgDzl6BTfB59vDy1gGeG4rbPcI=
Subject key identifier:   15:ED:59:29:8D:57:E5:A9:DC:1E:C9:B7:1A:33:17:B7:65:B2:0C:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13BFF3447ACC2919974747E35B04EF3C36648B86
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.236.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:bf:f3:44:7a:cc:29:19:97:47:47:e3:5b:04:ef:3c:36:64:8b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=538beb3f7c166e5bad92a56c86ecd2bd7ea753d796cbb65e2e30b10c37a1a5a5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:58:dd:d9:e3:eb:63:91:6f:a5:20:40:e4:2a:
                    6e:b6:c3:ca:60:83:4f:cb:00:0c:b9:8f:61:6c:8e:
                    3f:2b:7d:cf:d0:9c:54:97:c3:8a:e1:3f:25:25:a7:
                    eb:e9:47:c6:64:86:41:60:1b:13:1f:8c:9c:d7:06:
                    12:c3:24:cd:f5:57:0b:2d:3a:84:aa:86:87:46:fa:
                    1a:7f:4c:1c:f7:99:a0:e3:db:43:50:fb:0c:19:2d:
                    8d:cf:43:64:9c:f5:e0:e5:6b:9b:3e:c8:f5:0a:0b:
                    38:4f:c0:90:0e:5a:e4:6d:d0:03:68:d1:0f:ad:db:
                    28:a6:82:e8:1d:bb:46:bc:cd:6b:2c:2f:a7:06:a2:
                    91:c5:b9:76:85:ea:b1:59:2a:f5:c0:34:09:2c:39:
                    1d:77:31:bf:4f:54:de:d2:ce:b2:0a:c5:1c:66:7d:
                    4d:c2:71:4d:f4:c2:c1:28:6c:28:63:34:3d:f7:70:
                    5b:ee:0e:b0:d9:72:9a:f6:d5:38:fd:09:1a:34:c2:
                    15:93:4a:f1:15:a6:4d:0b:21:01:60:52:ea:33:ff:
                    ae:dd:f2:a5:67:b3:3c:79:75:9a:b3:4c:80:69:91:
                    bd:3a:41:35:e3:ce:8f:6a:97:21:36:9f:d8:e7:a5:
                    e7:1c:cf:a9:04:f4:f3:6e:0b:94:6e:6c:d5:7f:52:
                    53:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:ED:59:29:8D:57:E5:A9:DC:1E:C9:B7:1A:33:17:B7:65:B2:0C:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.236.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:bb:8c:70:c2:a7:09:cb:3e:fe:46:47:77:16:40:66:47:a4:
         36:49:77:35:05:35:3e:06:15:b5:7a:12:3e:a6:e9:ca:03:d2:
         9d:8d:f2:78:da:4b:59:1f:58:dd:88:01:47:2b:a5:14:f0:69:
         8c:10:a6:f4:77:7d:17:aa:72:46:ca:57:ac:fd:a6:7c:be:f9:
         7e:76:f6:b6:1a:5f:86:13:96:80:1e:a7:c9:b0:96:75:db:51:
         e7:65:35:bf:3e:15:65:19:9f:15:9b:df:26:2c:bf:72:a1:cc:
         c6:1c:b9:be:28:77:ba:8e:0c:d4:84:76:de:05:f4:5a:60:68:
         f9:b5:fb:97:49:05:d0:67:33:0e:64:f2:38:52:e0:c8:3a:d4:
         dc:58:e7:6b:7e:3b:42:05:d4:95:16:2d:fe:80:f9:d0:f1:06:
         b3:c3:4e:c7:72:75:9c:12:3e:a9:57:aa:de:71:4e:2c:38:68:
         dd:e4:7f:24:78:00:33:90:56:a0:9f:77:eb:bf:f3:97:9c:61:
         43:d4:2a:f0:eb:9f:7b:d1:0b:9e:8a:63:52:e0:d3:49:a8:9c:
         5d:34:e2:33:9c:59:1e:b1:c9:6a:a8:bd:1f:b6:46:da:0c:de:
         a6:16:b4:f2:f4:db:e0:e6:0e:af:d3:d6:7b:c5:21:dc:e5:0d:
         d9:0b:b0:56
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE7/zRHrMKRmXR0fjWwTvPDZki4YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzhiZWIzZjdjMTY2ZTViYWQ5MmE1NmM4NmVjZDJiZDdl
YTc1M2Q3OTZjYmI2NWUyZTMwYjEwYzM3YTFhNWE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaWN3Z4+tjkW+lIEDkKm62w8pgg0/LAAy5j2Fsjj8rfc/Q
nFSXw4rhPyUlp+vpR8ZkhkFgGxMfjJzXBhLDJM31VwstOoSqhodG+hp/TBz3maDj
20NQ+wwZLY3PQ2Sc9eDla5s+yPUKCzhPwJAOWuRt0ANo0Q+t2yimgugdu0a8zWss
L6cGopHFuXaF6rFZKvXANAksOR13Mb9PVN7SzrIKxRxmfU3CcU30wsEobChjND33
cFvuDrDZcpr21Tj9CRo0whWTSvEVpk0LIQFgUuoz/67d8qVnszx5dZqzTIBpkb06
QTXjzo9qlyE2n9jnpeccz6kE9PNuC5RubNV/UlNdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFe1ZKY1X5ancHsm3GjMXt2WyDJMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0ZWJhZTE3LWY1ZTEtNDYzZC04OTliLTc0MThkZDFhZGQyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA47DANBgkqhkiG9w0BAQsFAAOCAQEAr7uMcMKnCcs+/kZHdxZAZkekNkl3
NQU1PgYVtXoSPqbpygPSnY3yeNpLWR9Y3YgBRyulFPBpjBCm9Hd9F6pyRspXrP2m
fL75fnb2thpfhhOWgB6nybCWddtR52U1vz4VZRmfFZvfJiy/cqHMxhy5vih3uo4M
1IR23gX0WmBo+bX7l0kF0GczDmTyOFLgyDrU3Fjna347QgXUlRYt/oD50PEGs8NO
x3J1nBI+qVeq3nFOLDho3eR/JHgAM5BWoJ9367/zl5xhQ9Qq8Oufe9ELnopjUuDT
SaicXTTiM5xZHrHJaqi9H7ZG2gzepha08vTb4OYOr9PWe8Uh3OUN2QuwVg==
-----END CERTIFICATE-----