Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0a77f14-a38d-4604-b636-1ee34be2637a.roa
File:                     d0a77f14-a38d-4604-b636-1ee34be2637a.roa (raw, json)
Hash identifier:          NRfaLD2w0ayh9sX/vS3tkjxJj9ywMLtSnjJAnOzFq20=
Subject key identifier:   DC:AB:36:8A:C5:BB:27:AD:29:FD:3D:1E:63:34:F9:28:29:07:FE:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6DC54350075237628910CED173ACAD344416D53F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0a77f14-a38d-4604-b636-1ee34be2637a.roa
Signing time:             Wed 29 Jan 2025 00:00:00 +0000
ROA not before:           Wed 29 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.10.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c5:43:50:07:52:37:62:89:10:ce:d1:73:ac:ad:34:44:16:d5:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 29 00:00:00 2025 GMT
            Not After : Mar  5 23:59:59 2025 GMT
        Subject: serialNumber=97df388361b7d439419fcac35593fe69382a913c74a311223cdf558795ca8277, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:9c:2a:da:3e:50:ca:5c:5a:23:ad:f3:db:
                    5f:b7:38:1b:03:72:24:f6:3c:a3:1d:c8:a2:98:4b:
                    d9:48:9a:67:58:b2:c2:f7:00:6e:3f:ec:db:fa:f3:
                    92:1c:e9:cb:f3:96:5b:ed:00:6f:cb:db:b3:9d:92:
                    f1:c6:64:09:10:69:91:63:0c:44:52:ce:bb:f5:5e:
                    ed:b6:63:13:ad:76:c0:e0:c1:c3:df:a3:b8:5a:c4:
                    36:4d:b3:ef:95:37:da:3b:b8:98:4c:4c:08:30:8b:
                    3b:87:80:e6:b5:51:f4:d6:3b:61:5f:91:5a:ef:e8:
                    74:a2:34:58:01:87:dc:20:69:91:9f:65:7e:84:85:
                    3b:d0:31:e6:3c:2d:ff:e3:15:7a:4c:28:b2:0a:1b:
                    cf:f9:3a:9b:03:90:2f:0e:18:b7:fd:91:95:7d:70:
                    59:d5:f2:4f:1d:15:66:a0:3f:2b:a3:fc:60:3b:42:
                    78:d0:40:8d:6c:12:91:71:1f:ae:14:03:c5:5b:0c:
                    2c:b5:55:a5:ff:f7:2a:2f:6f:d0:f0:9d:14:fe:b7:
                    8d:34:39:54:f0:b5:42:5f:e7:86:41:91:11:f0:0a:
                    9b:b0:54:c4:92:cb:6e:70:ba:e0:21:06:03:3f:9c:
                    cf:ce:46:d3:e8:be:84:06:6f:48:64:8d:a8:f0:19:
                    c9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:AB:36:8A:C5:BB:27:AD:29:FD:3D:1E:63:34:F9:28:29:07:FE:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0a77f14-a38d-4604-b636-1ee34be2637a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         53:ed:ee:8c:b9:5b:07:a6:69:45:4b:51:2e:74:01:7a:42:bf:
         b6:08:08:ed:52:65:32:36:0e:15:a7:bf:46:94:e8:73:97:86:
         a2:34:b1:59:5d:59:14:c1:ab:50:3c:99:48:40:f0:7c:19:da:
         24:a2:d2:81:85:e4:2a:45:e1:d3:2b:5a:16:ed:f6:34:2b:8f:
         2f:6c:36:29:33:64:08:6c:01:8b:c0:f6:fc:f3:ae:b0:aa:66:
         05:1a:b5:6f:cc:bb:3b:d9:9f:81:c0:e1:51:c5:46:6c:28:85:
         e3:52:4c:20:32:02:93:52:5a:8b:25:60:9c:7e:b9:20:72:6d:
         a2:f4:22:a4:9e:9c:fc:ab:ae:6b:a1:a6:9e:40:50:b0:e9:a0:
         cb:60:77:36:f7:14:41:dd:3a:7c:28:6c:99:b3:1d:ac:9e:cb:
         b6:ad:24:6d:7b:e4:99:da:04:4c:2a:67:3e:8e:b6:14:e9:10:
         47:00:95:a1:4d:e6:51:75:37:f6:1d:e7:74:48:be:71:a6:76:
         bb:6a:5c:86:e2:63:f1:a1:b7:07:54:e6:69:8f:3d:74:96:a2:
         f9:fa:93:b4:a6:38:39:a4:8d:4d:57:64:81:a3:44:4a:e8:2d:
         b3:66:f4:9b:c0:1b:4f:b7:7f:bd:50:b3:b5:b1:1e:c2:8b:0d:
         cd:d0:39:13
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbcVDUAdSN2KJEM7Rc6ytNEQW1T8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI5MDAwMDAwWhcNMjUwMzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2RmMzg4MzYxYjdkNDM5NDE5ZmNhYzM1NTkzZmU2OTM4
MmE5MTNjNzRhMzExMjIzY2RmNTU4Nzk1Y2E4Mjc3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgmJwq2j5QylxaI63z21+3OBsDciT2PKMdyKKYS9lImmdY
ssL3AG4/7Nv685Ic6cvzllvtAG/L27OdkvHGZAkQaZFjDERSzrv1Xu22YxOtdsDg
wcPfo7haxDZNs++VN9o7uJhMTAgwizuHgOa1UfTWO2FfkVrv6HSiNFgBh9wgaZGf
ZX6EhTvQMeY8Lf/jFXpMKLIKG8/5OpsDkC8OGLf9kZV9cFnV8k8dFWagPyuj/GA7
QnjQQI1sEpFxH64UA8VbDCy1VaX/9yovb9DwnRT+t400OVTwtUJf54ZBkRHwCpuw
VMSSy25wuuAhBgM/nM/ORtPovoQGb0hkjajwGclZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3Ks2isW7J60p/T0eYzT5KCkH/tkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwYTc3ZjE0LWEzOGQtNDYwNC1iNjM2LTFlZTM0YmUyNjM3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4CjANBgkqhkiG9w0BAQsFAAOCAQEAU+3ujLlbB6ZpRUtRLnQBekK/tggI
7VJlMjYOFae/RpToc5eGojSxWV1ZFMGrUDyZSEDwfBnaJKLSgYXkKkXh0ytaFu32
NCuPL2w2KTNkCGwBi8D2/POusKpmBRq1b8y7O9mfgcDhUcVGbCiF41JMIDICk1Ja
iyVgnH65IHJtovQipJ6c/Kuua6GmnkBQsOmgy2B3NvcUQd06fChsmbMdrJ7Ltq0k
bXvkmdoETCpnPo62FOkQRwCVoU3mUXU39h3ndEi+caZ2u2pchuJj8aG3B1TmaY89
dJai+fqTtKY4OaSNTVdkgaNESugts2b0m8AbT7d/vVCztbEewosNzdA5Ew==
-----END CERTIFICATE-----