Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/053eb650-9bae-428e-9e11-1465fd0cd03a.roa
File:                     053eb650-9bae-428e-9e11-1465fd0cd03a.roa (raw, json)
Hash identifier:          D9XdKje/Nw7ecsMS7DN8z2OvaW5MxHXVBgSsFQ53MRM=
Subject key identifier:   25:C6:2A:9E:5E:A4:05:B2:CC:A3:F9:61:68:07:F0:9A:21:D7:8C:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B40BF98C991986AE535C174047196C1EFFEB6FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/053eb650-9bae-428e-9e11-1465fd0cd03a.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.56.0.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:40:bf:98:c9:91:98:6a:e5:35:c1:74:04:71:96:c1:ef:fe:b6:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=2ef2de164e948df64af7ca7a3b04166900691944cfc45a319998cf1210eee258, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:fb:30:a1:12:c3:39:52:a2:18:1b:95:44:2a:
                    73:1f:11:bd:52:5e:32:70:a6:d6:a7:4f:54:ef:f1:
                    0c:56:f5:03:c2:d0:24:b8:0b:9a:ba:ad:cc:3b:53:
                    d4:0f:27:1c:7c:3d:ae:24:2c:1c:a6:8b:95:07:20:
                    8a:1e:33:19:d3:9f:5e:99:ed:e2:ba:a2:41:dd:18:
                    ae:90:1e:bb:49:e2:7e:e5:86:d8:cb:44:9f:19:b0:
                    9b:a3:76:3b:b0:40:c2:2b:0b:9b:d7:5b:48:17:d5:
                    27:bc:c2:56:8f:46:98:94:5a:26:7e:05:6c:78:45:
                    ea:2e:7d:17:ab:23:7f:17:3c:bb:59:19:4e:4e:01:
                    63:a4:86:90:58:a2:54:ed:45:1e:7c:e3:be:6c:eb:
                    9a:45:83:93:e3:8b:a4:76:ce:c2:8b:26:99:e6:55:
                    4a:da:be:5c:67:5c:28:4e:8b:5f:63:72:e7:67:99:
                    9b:0a:8c:1b:ab:1f:e8:ed:d2:4f:c3:50:b6:d8:a8:
                    00:06:59:e8:0e:18:8a:c6:c2:40:8b:d0:25:4d:90:
                    2e:cb:df:98:07:0d:e8:67:2a:a1:40:86:5a:6e:bd:
                    3a:83:83:dc:79:3a:ce:bf:e1:41:98:c4:a0:ec:ad:
                    64:4a:13:6b:5f:53:c0:5c:97:5a:04:09:10:4c:44:
                    87:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C6:2A:9E:5E:A4:05:B2:CC:A3:F9:61:68:07:F0:9A:21:D7:8C:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/053eb650-9bae-428e-9e11-1465fd0cd03a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.56.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         53:6d:d1:7a:82:73:5f:e3:56:59:90:5e:99:36:d3:ae:17:1e:
         a9:5e:87:14:f3:f6:c6:b1:96:aa:0c:49:25:39:71:73:af:15:
         78:71:47:15:c3:9d:92:a7:02:93:2a:07:f4:c7:6f:c4:0b:6e:
         47:1d:f3:70:df:e6:a1:1d:7c:37:45:1d:65:3f:3f:4d:b4:52:
         0e:99:bf:89:cc:8d:d1:6d:be:db:5a:1d:34:a9:c3:b9:3b:5b:
         2f:14:7f:5e:07:e4:a4:77:cc:df:27:f7:dc:5c:19:70:94:be:
         2d:91:f1:c2:85:38:ff:f7:12:57:a5:c9:bc:27:62:86:32:36:
         92:44:f0:fb:71:68:d0:66:34:ed:54:a8:ac:61:a0:51:21:36:
         50:78:f4:06:27:a7:f1:9b:4b:91:c4:ad:b4:15:89:43:c6:fd:
         25:e3:39:53:c9:ee:ce:f6:31:32:d2:22:6e:a4:06:c1:2d:91:
         2f:78:4b:f0:ca:a0:bd:d8:61:d3:55:9a:ee:aa:ef:1d:7d:80:
         70:c4:18:5c:b1:05:53:77:ea:63:20:87:ff:59:cd:b2:41:2a:
         f7:ae:3c:cd:21:f9:46:48:78:75:13:7f:00:4d:f4:85:9c:be:
         53:ef:29:9c:31:e3:4c:4c:23:9c:bb:b7:db:43:13:31:4e:26:
         1a:df:78:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS0C/mMmRmGrlNcF0BHGWwe/+tv8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWYyZGUxNjRlOTQ4ZGY2NGFmN2NhN2EzYjA0MTY2OTAw
NjkxOTQ0Y2ZjNDVhMzE5OTk4Y2YxMjEwZWVlMjU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDw+zChEsM5UqIYG5VEKnMfEb1SXjJwptanT1Tv8QxW9QPC
0CS4C5q6rcw7U9QPJxx8Pa4kLBymi5UHIIoeMxnTn16Z7eK6okHdGK6QHrtJ4n7l
htjLRJ8ZsJujdjuwQMIrC5vXW0gX1Se8wlaPRpiUWiZ+BWx4ReoufRerI38XPLtZ
GU5OAWOkhpBYolTtRR58475s65pFg5Pji6R2zsKLJpnmVUravlxnXChOi19jcudn
mZsKjBurH+jt0k/DULbYqAAGWegOGIrGwkCL0CVNkC7L35gHDehnKqFAhlpuvTqD
g9x5Os6/4UGYxKDsrWRKE2tfU8Bcl1oECRBMRIfbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJcYqnl6kBbLMo/lhaAfwmiHXjMwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA1M2ViNjUwLTliYWUtNDI4ZS05ZTExLTE0NjVmZDBjZDAzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUQOAAwDQYJKoZIhvcNAQELBQADggEBAFNt0XqCc1/jVlmQXpk2064XHqle
hxTz9saxlqoMSSU5cXOvFXhxRxXDnZKnApMqB/THb8QLbkcd83Df5qEdfDdFHWU/
P020Ug6Zv4nMjdFtvttaHTSpw7k7Wy8Uf14H5KR3zN8n99xcGXCUvi2R8cKFOP/3
ElelybwnYoYyNpJE8PtxaNBmNO1UqKxhoFEhNlB49AYnp/GbS5HErbQViUPG/SXj
OVPJ7s72MTLSIm6kBsEtkS94S/DKoL3YYdNVmu6q7x19gHDEGFyxBVN36mMgh/9Z
zbJBKveuPM0h+UZIeHUTfwBN9IWcvlPvKZwx40xMI5y7t9tDEzFOJhrfeMI=
-----END CERTIFICATE-----