Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09979197-79c0-48b0-823a-0eb71a344290.roa
File:                     09979197-79c0-48b0-823a-0eb71a344290.roa (raw, json)
Hash identifier:          Waobhq4YyaEHKZYr2N6bi27JGUcUenkH/KEfBpehZtI=
Subject key identifier:   9E:C0:39:E6:15:5E:8B:77:6B:63:73:36:1F:D8:67:F1:69:A0:44:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5582B6341753CC580936CB9FAC8113DB7994DEA8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09979197-79c0-48b0-823a-0eb71a344290.roa
Signing time:             Wed 22 Jan 2025 00:00:00 +0000
ROA not before:           Wed 22 Jan 2025 00:00:00 +0000
ROA not after:            Wed 26 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.175.48.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:82:b6:34:17:53:cc:58:09:36:cb:9f:ac:81:13:db:79:94:de:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 22 00:00:00 2025 GMT
            Not After : Feb 26 23:59:59 2025 GMT
        Subject: serialNumber=9c2dd7a7337ad62117419772b9affa9a27f452e3c950613da13b148953319c33, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:eb:a1:2c:e6:c2:70:ef:75:b7:63:81:08:a6:
                    9b:8c:a5:90:76:b3:e5:b0:15:97:3a:ba:ee:d1:92:
                    96:0e:db:53:56:d6:b1:3e:6c:73:53:24:c1:be:32:
                    4d:e2:10:54:36:ac:c8:de:a2:c2:7e:a4:f8:8c:ef:
                    14:c1:06:a1:a9:7e:3b:8c:21:4a:84:c1:12:08:fa:
                    35:3f:3f:bb:76:c4:86:d7:d0:48:cd:7a:32:30:d3:
                    cd:08:0e:3b:0e:a9:0c:bf:2e:c5:39:7d:e9:8b:fb:
                    55:05:7d:1d:4e:de:4b:54:7e:d4:2f:a4:1e:1a:d4:
                    d9:9a:29:fa:cb:22:12:49:c2:33:63:83:4b:cb:8d:
                    64:e7:1d:83:85:d7:8e:de:93:07:97:81:f3:bb:ea:
                    06:b1:5f:ba:da:f2:9a:7b:d8:5a:5d:31:8d:e0:b0:
                    f9:19:6b:23:5e:9c:bd:f4:3a:a1:7c:83:04:12:bb:
                    66:34:cc:9f:f3:2e:f2:31:61:23:a7:74:0d:31:6c:
                    fc:73:cd:72:5b:92:c5:11:0c:ac:b9:b3:16:41:ff:
                    32:ba:4d:2e:70:a4:b0:2b:49:00:d0:e9:8a:4a:80:
                    ad:e1:fc:ca:45:0d:c2:d2:a3:2d:5a:2d:4a:2b:d0:
                    5b:18:b4:f3:aa:94:0b:e8:b8:10:ff:2c:0b:30:db:
                    80:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C0:39:E6:15:5E:8B:77:6B:63:73:36:1F:D8:67:F1:69:A0:44:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09979197-79c0-48b0-823a-0eb71a344290.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.175.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:3d:06:c0:33:44:3f:f9:8f:62:3a:a1:07:c3:c5:de:70:73:
         e8:31:ac:38:f0:7b:8c:e3:ba:00:41:87:84:be:1c:9e:8d:71:
         63:2e:1b:d8:86:a9:43:29:ce:07:4f:10:e9:4a:92:8c:aa:6c:
         29:34:4b:2a:14:cc:60:3d:8c:1f:0e:dc:ec:6f:4c:df:0b:a3:
         19:c0:70:e9:89:89:58:aa:bb:8d:3d:6e:6e:83:f2:09:c1:3d:
         97:cf:9b:36:da:64:a7:75:a2:1c:10:f4:00:10:56:9f:02:4c:
         ea:6f:8e:67:98:ee:fa:eb:0c:20:17:6a:1f:46:97:ac:b5:05:
         dc:9f:30:52:c8:40:e9:ee:53:ba:45:5a:b2:50:ce:2a:ae:cd:
         ce:57:bb:c8:ce:6b:2d:8d:ed:97:58:5d:ae:89:f1:69:f1:28:
         fb:ad:09:78:d9:15:76:58:14:f9:1d:76:51:7b:f1:f0:ec:08:
         99:1b:f4:e8:32:7b:f3:46:ee:40:67:81:3d:3b:a2:68:9a:6c:
         91:9d:d1:66:f3:c0:14:34:5b:de:6f:1a:15:9a:f0:fe:cb:89:
         8f:e1:3e:99:93:1a:a1:11:62:24:3e:59:e3:58:7d:4c:78:ae:
         96:1c:55:5a:4b:c2:d1:a6:b1:44:28:45:cf:ce:f3:22:d1:c3:
         f8:81:3c:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVYK2NBdTzFgJNsufrIET23mU3qgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIyMDAwMDAwWhcNMjUwMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YzJkZDdhNzMzN2FkNjIxMTc0MTk3NzJiOWFmZmE5YTI3
ZjQ1MmUzYzk1MDYxM2RhMTNiMTQ4OTUzMzE5YzMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx66Es5sJw73W3Y4EIppuMpZB2s+WwFZc6uu7RkpYO21NW
1rE+bHNTJMG+Mk3iEFQ2rMjeosJ+pPiM7xTBBqGpfjuMIUqEwRII+jU/P7t2xIbX
0EjNejIw080IDjsOqQy/LsU5femL+1UFfR1O3ktUftQvpB4a1NmaKfrLIhJJwjNj
g0vLjWTnHYOF147ekweXgfO76gaxX7ra8pp72FpdMY3gsPkZayNenL30OqF8gwQS
u2Y0zJ/zLvIxYSOndA0xbPxzzXJbksURDKy5sxZB/zK6TS5wpLArSQDQ6YpKgK3h
/MpFDcLSoy1aLUor0FsYtPOqlAvouBD/LAsw24A5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnsA55hVei3drY3M2H9hn8WmgRIwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5OTc5MTk3LTc5YzAtNDhiMC04MjNhLTBlYjcxYTM0NDI5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsrzAwDQYJKoZIhvcNAQELBQADggEBAIo9BsAzRD/5j2I6oQfDxd5wc+gx
rDjwe4zjugBBh4S+HJ6NcWMuG9iGqUMpzgdPEOlKkoyqbCk0SyoUzGA9jB8O3Oxv
TN8LoxnAcOmJiViqu409bm6D8gnBPZfPmzbaZKd1ohwQ9AAQVp8CTOpvjmeY7vrr
DCAXah9Gl6y1BdyfMFLIQOnuU7pFWrJQziquzc5Xu8jOay2N7ZdYXa6J8WnxKPut
CXjZFXZYFPkddlF78fDsCJkb9Ogye/NG7kBngT07omiabJGd0WbzwBQ0W95vGhWa
8P7LiY/hPpmTGqERYiQ+WeNYfUx4rpYcVVpLwtGmsUQoRc/O8yLRw/iBPOU=
-----END CERTIFICATE-----