Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b75a069-5b51-4aca-802b-2672f514c861.roa
File:                     0b75a069-5b51-4aca-802b-2672f514c861.roa (raw, json)
Hash identifier:          HnGjF1od/rA5HNjnqu//+8ZIQtbZQlIpROSBBvnRJOs=
Subject key identifier:   90:8C:3A:A6:6C:F5:17:0E:56:7F:2C:52:BB:B1:F0:59:40:BB:AE:E7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60FCE446892697F7077EB90005054043035D0407
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b75a069-5b51-4aca-802b-2672f514c861.roa
Signing time:             Wed 22 Jan 2025 00:00:00 +0000
ROA not before:           Wed 22 Jan 2025 00:00:00 +0000
ROA not after:            Wed 26 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.138.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:fc:e4:46:89:26:97:f7:07:7e:b9:00:05:05:40:43:03:5d:04:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 22 00:00:00 2025 GMT
            Not After : Feb 26 23:59:59 2025 GMT
        Subject: serialNumber=ccf1eb2f5659a597bb051358d69bb9d8ff0d960e874bd87ffe64047b3e8eed5e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8b:71:18:1a:75:61:19:db:c8:fe:e7:6a:db:
                    4f:23:9c:3c:40:d8:cc:f1:15:c0:e9:27:fc:73:df:
                    40:1b:4c:99:75:89:eb:af:39:c9:32:1e:a6:c1:77:
                    e9:13:df:59:34:69:7f:3d:4e:9b:c4:4c:bc:92:1f:
                    d8:4b:21:88:93:ca:6b:6a:16:9a:60:65:28:ff:3a:
                    b9:6e:36:5f:43:54:df:3e:53:66:0e:e5:e5:92:16:
                    5d:e9:1f:ef:33:76:b2:c6:95:b5:86:6f:4a:6f:9a:
                    8f:e2:9c:d6:02:7b:22:5c:fd:0d:69:80:e3:41:33:
                    d1:6e:02:c8:13:24:11:c7:ed:c6:d7:ca:97:62:06:
                    59:42:78:55:da:eb:32:0e:bd:72:5c:ca:68:a7:dd:
                    a8:ae:67:83:62:61:e2:55:c1:aa:06:94:a2:50:7c:
                    15:5c:43:ff:00:86:30:36:f1:aa:35:d3:a0:16:84:
                    c9:77:19:56:c6:99:a6:f3:1f:a4:d7:f2:ca:e9:af:
                    f2:4a:1e:15:56:62:cb:bb:ef:23:f5:cb:c6:96:44:
                    22:94:3b:69:ad:9c:4d:bf:54:ce:b0:30:b0:63:89:
                    e9:7d:57:19:37:03:f3:64:f4:34:58:fb:04:52:c4:
                    5c:02:b4:eb:15:91:68:ba:ea:11:d3:9f:a4:7a:80:
                    d3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:8C:3A:A6:6C:F5:17:0E:56:7F:2C:52:BB:B1:F0:59:40:BB:AE:E7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b75a069-5b51-4aca-802b-2672f514c861.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.138.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         bc:a5:85:56:ce:1c:65:72:61:05:48:43:44:58:1d:20:01:98:
         75:19:e2:70:c2:1a:8c:69:00:9f:a8:d6:8e:98:cf:9f:fb:96:
         d6:79:9c:8a:58:46:7a:2d:9d:45:0a:1c:38:27:32:f5:78:0d:
         1e:b9:0f:92:2d:83:62:12:74:68:e8:f4:05:b7:f8:0d:ec:e6:
         ef:99:6e:f1:7b:44:01:c2:1c:c0:cb:c6:82:aa:eb:f3:c2:67:
         3a:c6:99:b0:ca:d5:f3:89:37:7e:97:92:75:60:ff:dd:20:19:
         8c:c5:ac:03:32:23:33:b9:b8:d9:9e:70:8e:8c:f7:83:80:fb:
         9c:8a:e6:07:c1:2a:ff:f7:a4:4e:38:c3:80:09:2c:c7:05:9f:
         c0:0c:4c:0c:05:53:36:5a:79:95:81:ef:ee:dd:67:de:1c:05:
         b3:53:2e:69:2c:c3:b9:c9:6c:f0:4d:25:9b:f2:56:5d:dd:1d:
         92:98:a6:7f:a0:21:c1:d7:c0:dc:d9:43:a0:9f:22:d9:e8:8a:
         6d:55:f3:84:0c:e5:27:98:65:3b:62:ff:5d:39:fa:21:ed:b3:
         6c:1f:c9:2c:b0:7a:7a:64:5d:c5:95:a8:5e:f3:04:60:9d:c4:
         e6:d3:b5:98:ed:e6:de:4d:ce:91:29:18:ff:d8:36:1e:00:07:
         f0:4d:1d:64
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYPzkRokml/cHfrkABQVAQwNdBAcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIyMDAwMDAwWhcNMjUwMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjY2YxZWIyZjU2NTlhNTk3YmIwNTEzNThkNjliYjlkOGZm
MGQ5NjBlODc0YmQ4N2ZmZTY0MDQ3YjNlOGVlZDVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBi3EYGnVhGdvI/udq208jnDxA2MzxFcDpJ/xz30AbTJl1
ieuvOckyHqbBd+kT31k0aX89TpvETLySH9hLIYiTymtqFppgZSj/OrluNl9DVN8+
U2YO5eWSFl3pH+8zdrLGlbWGb0pvmo/inNYCeyJc/Q1pgONBM9FuAsgTJBHH7cbX
ypdiBllCeFXa6zIOvXJcymin3aiuZ4NiYeJVwaoGlKJQfBVcQ/8AhjA28ao106AW
hMl3GVbGmabzH6TX8srpr/JKHhVWYsu77yP1y8aWRCKUO2mtnE2/VM6wMLBjiel9
Vxk3A/Nk9DRY+wRSxFwCtOsVkWi66hHTn6R6gNO7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkIw6pmz1Fw5WfyxSu7HwWUC7rucwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiNzVhMDY5LTViNTEtNGFjYS04MDJiLTI2NzJmNTE0Yzg2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFsijANBgkqhkiG9w0BAQsFAAOCAQEAvKWFVs4cZXJhBUhDRFgdIAGYdRni
cMIajGkAn6jWjpjPn/uW1nmcilhGei2dRQocOCcy9XgNHrkPki2DYhJ0aOj0Bbf4
Dezm75lu8XtEAcIcwMvGgqrr88JnOsaZsMrV84k3fpeSdWD/3SAZjMWsAzIjM7m4
2Z5wjoz3g4D7nIrmB8Eq//ekTjjDgAksxwWfwAxMDAVTNlp5lYHv7t1n3hwFs1Mu
aSzDucls8E0lm/JWXd0dkpimf6AhwdfA3NlDoJ8i2eiKbVXzhAzlJ5hlO2L/XTn6
Ie2zbB/JLLB6emRdxZWoXvMEYJ3E5tO1mO3m3k3OkSkY/9g2HgAH8E0dZA==
-----END CERTIFICATE-----