Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d11215b-7a3d-4d28-b06b-d5e3ea095007.roa
File:                     0d11215b-7a3d-4d28-b06b-d5e3ea095007.roa (raw, json)
Hash identifier:          /kn9QOnbbtNbbhrcnoMNOmEhX/3KKqJWHsSft4AVcqw=
Subject key identifier:   D0:08:5C:C4:4C:46:E4:C2:4C:69:C2:47:6B:74:E3:F9:6B:2E:AA:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DA09105DD878A95B980FBCAAA202D0D6994F704
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d11215b-7a3d-4d28-b06b-d5e3ea095007.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     19047
IP address blocks:        70.130.205.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:a0:91:05:dd:87:8a:95:b9:80:fb:ca:aa:20:2d:0d:69:94:f7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=f1bb3edde8455b5638262bc27c1b6f94ed70ca33158ec5b2ab8f3be6e8aa7c6f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:19:12:2e:f7:7e:15:81:72:dc:89:2e:92:48:
                    cb:fd:33:8a:f9:65:d9:26:f5:03:19:7a:f8:54:d8:
                    32:99:d5:c5:50:47:e9:e2:b4:1b:81:67:c2:e0:8b:
                    cb:78:fa:6f:7a:86:e6:ee:6d:e9:77:15:eb:da:cb:
                    e1:0a:31:8b:0a:22:f0:48:56:69:a0:c9:d2:f1:c5:
                    f4:8a:a3:1b:08:c9:b2:fc:18:a8:db:10:0b:05:6f:
                    a8:a6:34:16:aa:23:10:92:5a:78:7b:70:2b:58:6a:
                    26:f4:18:fd:2a:f9:07:c3:d3:2a:5d:11:11:2b:e9:
                    22:6e:6d:54:cc:e1:9e:72:44:19:e7:ae:6d:f2:59:
                    2a:27:89:15:5e:4d:a5:13:7b:14:de:5e:d4:b3:d2:
                    c8:91:ec:30:f0:f0:c0:84:ce:71:4d:f2:0c:3d:fd:
                    4b:ec:01:13:30:ff:cb:52:b8:5b:08:b0:b3:11:a7:
                    0c:ea:87:b8:32:95:c2:08:19:fe:6d:68:3e:76:f8:
                    c0:2d:98:a7:d4:05:6a:d9:1a:1d:8e:bf:1e:88:50:
                    0c:76:ce:26:2c:32:ab:a3:48:76:38:24:f0:1a:64:
                    14:23:d4:67:ef:de:c9:91:b6:14:a1:8d:a0:44:1d:
                    f7:2f:da:3e:9b:dd:3e:5d:47:03:ab:96:4e:89:da:
                    a0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:08:5C:C4:4C:46:E4:C2:4C:69:C2:47:6B:74:E3:F9:6B:2E:AA:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d11215b-7a3d-4d28-b06b-d5e3ea095007.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.130.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:2c:ae:a7:c6:c9:4d:ff:25:e0:59:cf:b2:28:d5:79:87:ce:
         22:b7:25:cb:4b:69:a9:66:59:c2:61:8a:86:df:7f:2b:f2:d7:
         f2:24:f6:f0:25:a8:a0:f3:c3:f4:60:7c:d2:60:d3:fb:d7:86:
         cd:ca:6c:47:18:31:8e:c3:83:d2:30:11:e8:7b:51:1d:11:3a:
         ff:5e:64:e5:21:02:12:65:55:52:bd:ce:70:7c:54:a7:e3:9f:
         ce:93:1e:92:c3:4b:f8:6a:22:d1:7f:3b:cd:db:98:c7:84:42:
         b5:2a:49:cc:72:97:9a:0e:d7:59:b3:39:76:ae:72:39:bf:c8:
         4d:40:84:36:d3:e7:1b:3d:6e:87:8f:78:d4:fe:85:ab:8c:1e:
         0f:3b:96:2c:ba:19:cb:74:41:f6:a8:24:78:3c:ca:15:80:63:
         34:47:f8:71:6e:31:34:d5:f4:9e:8a:69:d2:76:f9:c1:c4:47:
         0d:df:a2:26:9b:a3:76:8f:81:33:ee:18:ff:38:0f:85:83:01:
         ae:fb:d5:ad:1f:c8:5f:59:6c:0d:37:35:47:45:d5:a8:af:10:
         e7:46:f0:f0:98:d4:e6:6c:a7:65:0d:90:f3:38:c3:c1:ae:30:
         94:29:49:5a:0b:6e:1f:e6:8c:a5:ee:8d:da:00:06:3a:bf:bc:
         1a:45:27:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTaCRBd2HipW5gPvKqiAtDWmU9wQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWJiM2VkZGU4NDU1YjU2MzgyNjJiYzI3YzFiNmY5NGVk
NzBjYTMzMTU4ZWM1YjJhYjhmM2JlNmU4YWE3YzZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6GRIu934VgXLciS6SSMv9M4r5Zdkm9QMZevhU2DKZ1cVQ
R+nitBuBZ8Lgi8t4+m96hububel3Fevay+EKMYsKIvBIVmmgydLxxfSKoxsIybL8
GKjbEAsFb6imNBaqIxCSWnh7cCtYaib0GP0q+QfD0ypdEREr6SJubVTM4Z5yRBnn
rm3yWSoniRVeTaUTexTeXtSz0siR7DDw8MCEznFN8gw9/UvsARMw/8tSuFsIsLMR
pwzqh7gylcIIGf5taD52+MAtmKfUBWrZGh2Ovx6IUAx2ziYsMqujSHY4JPAaZBQj
1Gfv3smRthShjaBEHfcv2j6b3T5dRwOrlk6J2qC/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0AhcxExG5MJMacJHa3Tj+WsuqjMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkMTEyMTViLTdhM2QtNGQyOC1iMDZiLWQ1ZTNlYTA5NTAwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGgs0wDQYJKoZIhvcNAQELBQADggEBAGQsrqfGyU3/JeBZz7Io1XmHziK3
JctLaalmWcJhiobffyvy1/Ik9vAlqKDzw/RgfNJg0/vXhs3KbEcYMY7Dg9IwEeh7
UR0ROv9eZOUhAhJlVVK9znB8VKfjn86THpLDS/hqItF/O83bmMeEQrUqScxyl5oO
11mzOXaucjm/yE1AhDbT5xs9boePeNT+hauMHg87liy6Gct0QfaoJHg8yhWAYzRH
+HFuMTTV9J6KadJ2+cHERw3foiabo3aPgTPuGP84D4WDAa771a0fyF9ZbA03NUdF
1aivEOdG8PCY1OZsp2UNkPM4w8GuMJQpSVoLbh/mjKXujdoABjq/vBpFJ6Y=
-----END CERTIFICATE-----