Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f36eaca-de14-481f-ae4a-55c99b57e524.roa
File:                     8f36eaca-de14-481f-ae4a-55c99b57e524.roa (raw, json)
Hash identifier:          q2DxUrfyOUlamy8NgwgUsGzKmxzk2QthQ1FgZ2tZZEg=
Subject key identifier:   2B:58:21:10:5A:01:9D:D2:19:C0:C0:65:80:F2:50:8C:68:19:89:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7611CD7BE9363000CEFBC6610B0A4B382A2E4753
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f36eaca-de14-481f-ae4a-55c99b57e524.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.66.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:11:cd:7b:e9:36:30:00:ce:fb:c6:61:0b:0a:4b:38:2a:2e:47:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=eea97526008b2a1ffca903a6d0413138dc4ca347c2f0a2327b5642f8bede38ec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f6:3d:ca:88:f6:c4:ed:27:9d:7d:82:b7:2f:
                    9a:dc:49:cb:c1:c0:de:b2:8c:c9:12:5f:8c:4d:c2:
                    9d:3c:b9:80:04:af:fb:55:c8:2c:8a:c5:05:4c:1e:
                    af:e7:d1:6d:f5:52:ca:c1:b2:59:12:0b:14:31:64:
                    9a:e9:d0:2f:83:8c:d5:9f:0d:d2:69:02:9a:e2:bb:
                    b9:e0:5e:dd:e1:7a:a3:dd:f2:a1:99:d6:23:14:47:
                    34:7c:b8:c1:0a:31:4c:82:b4:18:88:c2:eb:b4:8c:
                    4c:01:d5:a9:51:62:ec:80:4d:f5:5e:fd:50:b4:05:
                    1a:f6:17:86:8f:24:12:34:8a:0f:a5:9c:88:c2:39:
                    1c:66:31:6b:d3:93:77:50:e0:ff:8d:d0:32:32:db:
                    d2:94:18:d7:ea:c0:b8:6c:bc:12:ca:13:83:8a:39:
                    5d:77:bb:ce:bd:ce:60:6d:10:06:af:19:37:1a:e4:
                    f4:2a:24:0d:34:63:c5:49:a1:68:08:12:57:1c:9d:
                    b6:28:7c:c6:9c:ab:e8:f9:36:15:aa:f6:5f:e1:26:
                    86:c2:4f:7a:e4:a2:14:73:d2:63:82:d3:ec:14:fb:
                    c6:e3:36:45:aa:e4:4e:89:30:8e:10:91:c5:94:53:
                    58:07:1c:ff:f1:13:c7:c1:88:c7:a8:0e:29:63:48:
                    f1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:58:21:10:5A:01:9D:D2:19:C0:C0:65:80:F2:50:8C:68:19:89:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f36eaca-de14-481f-ae4a-55c99b57e524.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.66.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ad:28:85:00:85:18:86:49:64:af:6a:05:82:a1:67:31:d9:32:
         af:3f:82:f3:e3:0b:af:b2:92:56:9f:b6:7d:66:95:64:76:8e:
         51:f6:44:b2:37:40:a1:7b:b9:b0:8e:86:56:b3:e4:57:25:c5:
         6a:95:1a:fa:07:5b:ff:8d:9e:83:45:17:3c:9f:09:2e:f0:18:
         07:db:b0:e9:df:b9:db:d8:04:d3:bb:54:1e:20:9b:b3:1b:d2:
         af:db:e8:23:d4:ce:5d:64:02:72:46:99:a4:b0:5e:3d:f4:a6:
         45:d6:8d:8e:f8:5f:d2:1d:dd:da:ee:ab:42:bb:4e:fb:7a:19:
         48:69:cb:86:db:59:d5:16:2b:e2:97:0b:d1:0a:20:cf:30:b1:
         d5:ce:9c:04:24:3b:98:29:18:cf:73:4f:d0:65:a5:24:06:be:
         0d:a3:8f:31:6f:70:13:93:fb:0e:ec:48:fc:b7:be:70:0f:ee:
         2a:1b:43:38:37:53:5b:0c:07:23:63:08:3f:34:c4:ec:d5:43:
         4e:ba:f6:2d:1d:d6:78:a4:f7:75:32:08:91:86:e9:08:70:7f:
         c5:a2:61:af:2a:76:2c:04:2e:a5:b7:08:fc:f2:22:94:2d:88:
         bf:64:89:5f:b8:1e:3d:ba:87:f0:8c:ef:7c:43:87:7d:d1:36:
         30:b8:cc:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdhHNe+k2MADO+8ZhCwpLOCouR1MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWE5NzUyNjAwOGIyYTFmZmNhOTAzYTZkMDQxMzEzOGRj
NGNhMzQ3YzJmMGEyMzI3YjU2NDJmOGJlZGUzOGVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDt9j3KiPbE7SedfYK3L5rcScvBwN6yjMkSX4xNwp08uYAE
r/tVyCyKxQVMHq/n0W31UsrBslkSCxQxZJrp0C+DjNWfDdJpApriu7ngXt3heqPd
8qGZ1iMURzR8uMEKMUyCtBiIwuu0jEwB1alRYuyATfVe/VC0BRr2F4aPJBI0ig+l
nIjCORxmMWvTk3dQ4P+N0DIy29KUGNfqwLhsvBLKE4OKOV13u869zmBtEAavGTca
5PQqJA00Y8VJoWgIElccnbYofMacq+j5NhWq9l/hJobCT3rkohRz0mOC0+wU+8bj
NkWq5E6JMI4QkcWUU1gHHP/xE8fBiMeoDiljSPFdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK1ghEFoBndIZwMBlgPJQjGgZiVswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmMzZlYWNhLWRlMTQtNDgxZi1hZTRhLTU1Yzk5YjU3ZTUyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZAQoAwDQYJKoZIhvcNAQELBQADggEBAK0ohQCFGIZJZK9qBYKhZzHZMq8/
gvPjC6+yklaftn1mlWR2jlH2RLI3QKF7ubCOhlaz5FclxWqVGvoHW/+NnoNFFzyf
CS7wGAfbsOnfudvYBNO7VB4gm7Mb0q/b6CPUzl1kAnJGmaSwXj30pkXWjY74X9Id
3druq0K7Tvt6GUhpy4bbWdUWK+KXC9EKIM8wsdXOnAQkO5gpGM9zT9BlpSQGvg2j
jzFvcBOT+w7sSPy3vnAP7iobQzg3U1sMByNjCD80xOzVQ0669i0d1nik93UyCJGG
6Qhwf8WiYa8qdiwELqW3CPzyIpQtiL9kiV+4Hj26h/CM73xDh33RNjC4zJ4=
-----END CERTIFICATE-----