Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca9077da-6c69-41b8-b08a-c3dba5a251d5.roa
File:                     ca9077da-6c69-41b8-b08a-c3dba5a251d5.roa (raw, json)
Hash identifier:          BqnimAzIIy+6shUfkhqyPk6j/AMHASs4s17XBcHkvbU=
Subject key identifier:   6C:4B:CB:19:38:BB:96:63:A1:96:8D:47:7A:75:40:81:2D:90:4B:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3775D3C228F392CCBB06C9D3908F310E7AEAD5E1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca9077da-6c69-41b8-b08a-c3dba5a251d5.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        139.56.10.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:75:d3:c2:28:f3:92:cc:bb:06:c9:d3:90:8f:31:0e:7a:ea:d5:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=f5b6f3bb3008bdf80c4539beaa09e863bf7de89aaf8d6916b1b8710193328ed4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:58:c8:41:43:4a:a7:99:58:1c:ca:9c:20:cf:
                    03:51:aa:8a:19:9c:6e:02:a5:a0:e3:c3:9f:11:bf:
                    6a:51:f8:43:2a:d0:81:d9:a6:88:ae:b5:7c:74:4b:
                    f0:77:df:23:35:3c:c3:d4:70:a7:c4:ad:08:9a:72:
                    43:a8:cb:ff:a9:f4:e6:12:20:46:de:0a:5d:d4:12:
                    83:89:cd:4d:cd:ee:09:10:0b:67:b3:f0:d9:52:ae:
                    81:3a:b2:87:b1:43:68:80:35:ba:5b:c8:ce:1a:46:
                    f7:63:60:ba:cd:74:f5:35:61:9d:46:75:66:3c:11:
                    1b:61:92:b8:2a:3a:ba:d8:9f:38:99:c3:f8:3f:37:
                    cb:69:56:aa:48:6c:f5:2e:6c:f4:17:67:51:76:22:
                    6f:ba:20:63:9e:b1:13:00:ad:95:41:aa:99:91:91:
                    57:16:50:d3:f7:0d:cc:3a:71:da:13:ed:58:44:0b:
                    ab:14:df:aa:e4:39:13:af:79:31:d8:2b:35:43:25:
                    f6:2e:87:04:0d:8c:a4:39:87:b2:23:2d:8e:e3:0a:
                    7e:47:e8:43:16:98:77:11:26:a8:02:bc:33:d0:7c:
                    cd:da:d2:a7:5e:48:85:e3:bc:81:5a:03:85:c0:9e:
                    1c:ad:74:22:a3:9a:4c:04:e2:b8:4b:9b:fa:e2:3b:
                    29:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:4B:CB:19:38:BB:96:63:A1:96:8D:47:7A:75:40:81:2D:90:4B:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca9077da-6c69-41b8-b08a-c3dba5a251d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:06:f2:40:a5:59:d1:be:ee:69:86:97:55:90:0f:4f:1a:5d:
         a9:ec:3e:aa:2b:28:a4:54:49:0a:69:60:8e:a0:3f:64:4f:3e:
         99:89:72:3d:ef:63:29:5b:28:b3:c9:51:2f:15:1a:39:c1:09:
         f1:f8:8e:92:e0:73:a2:6e:c9:5a:bf:e6:91:22:99:a5:fe:9e:
         a0:c9:29:c0:18:bc:2f:5b:b3:9d:b0:c6:04:6e:22:7d:34:e7:
         9e:c5:87:53:30:0f:ba:59:8b:2c:71:8e:1d:e0:29:be:23:08:
         ba:ac:f1:46:32:cf:f9:f8:78:e8:53:83:95:93:dc:2c:42:f9:
         df:6d:04:57:8c:ca:f2:95:49:41:ed:7c:1a:67:0a:6c:44:fd:
         3e:2c:04:86:0d:01:1e:45:52:b0:de:48:01:71:3f:c6:bc:eb:
         9b:c0:e5:6c:83:72:70:2d:10:10:a3:91:28:13:c6:a4:80:3e:
         0a:22:7a:75:51:b9:8f:b8:73:15:6a:d9:54:2b:b9:42:c1:48:
         58:c5:7e:b5:48:ee:ad:a8:3c:d9:85:12:bb:33:fa:24:0c:21:
         1e:59:b1:a7:84:25:25:20:31:b6:86:41:68:30:2a:96:94:86:
         a9:01:32:b2:0e:38:0d:39:58:56:d7:18:86:c7:f3:47:14:ad:
         21:2b:da:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN3XTwijzksy7BsnTkI8xDnrq1eEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNWI2ZjNiYjMwMDhiZGY4MGM0NTM5YmVhYTA5ZTg2M2Jm
N2RlODlhYWY4ZDY5MTZiMWI4NzEwMTkzMzI4ZWQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAWMhBQ0qnmVgcypwgzwNRqooZnG4CpaDjw58Rv2pR+EMq
0IHZpoiutXx0S/B33yM1PMPUcKfErQiackOoy/+p9OYSIEbeCl3UEoOJzU3N7gkQ
C2ez8NlSroE6soexQ2iANbpbyM4aRvdjYLrNdPU1YZ1GdWY8ERthkrgqOrrYnziZ
w/g/N8tpVqpIbPUubPQXZ1F2Im+6IGOesRMArZVBqpmRkVcWUNP3Dcw6cdoT7VhE
C6sU36rkOROveTHYKzVDJfYuhwQNjKQ5h7IjLY7jCn5H6EMWmHcRJqgCvDPQfM3a
0qdeSIXjvIFaA4XAnhytdCKjmkwE4rhLm/riOyn1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbEvLGTi7lmOhlo1HenVAgS2QSzkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhOTA3N2RhLTZjNjktNDFiOC1iMDhhLWMzZGJhNWEyNTFkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGLOAowDQYJKoZIhvcNAQELBQADggEBAJwG8kClWdG+7mmGl1WQD08aXans
PqorKKRUSQppYI6gP2RPPpmJcj3vYylbKLPJUS8VGjnBCfH4jpLgc6JuyVq/5pEi
maX+nqDJKcAYvC9bs52wxgRuIn00557Fh1MwD7pZiyxxjh3gKb4jCLqs8UYyz/n4
eOhTg5WT3CxC+d9tBFeMyvKVSUHtfBpnCmxE/T4sBIYNAR5FUrDeSAFxP8a865vA
5WyDcnAtEBCjkSgTxqSAPgoienVRuY+4cxVq2VQruULBSFjFfrVI7q2oPNmFErsz
+iQMIR5ZsaeEJSUgMbaGQWgwKpaUhqkBMrIOOA05WFbXGIbH80cUrSEr2qg=
-----END CERTIFICATE-----