Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dc2871e-4870-49a7-8242-56cfe0f652d5.roa
File:                     0dc2871e-4870-49a7-8242-56cfe0f652d5.roa (raw, json)
Hash identifier:          /8v3+i+cw9ugfyuDeGkbbzYLF/yej5pJtMGE52c+OAo=
Subject key identifier:   70:83:FE:25:FC:AD:6E:37:4D:F8:94:30:CF:09:0F:19:25:C8:FB:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15E5961634BDEED503B76ED60AE41E718F93CEB5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dc2871e-4870-49a7-8242-56cfe0f652d5.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.168.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:e5:96:16:34:bd:ee:d5:03:b7:6e:d6:0a:e4:1e:71:8f:93:ce:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=432cb6fc57198bb438a41d8c97857958f3e1b0dafa6b5f01d3222b897b54a5bf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:94:24:9a:6a:1b:b5:53:d8:9d:4c:95:b6:bc:
                    89:f4:41:f5:ed:c1:77:a9:8a:e7:43:4a:30:76:63:
                    1e:b9:16:cf:b1:a9:a1:c6:24:b1:27:f8:5f:61:38:
                    2b:e0:b0:d9:1d:81:bf:f1:10:76:35:42:43:4b:c4:
                    fc:fb:8b:0a:ce:95:bc:5a:dd:b8:41:a7:5c:df:7c:
                    4a:ff:11:6f:a2:8d:cc:aa:53:75:1f:1d:96:a6:30:
                    bf:9f:1d:57:13:a0:85:c7:c6:0a:0f:51:fb:ff:ad:
                    b8:41:3f:4c:f2:30:3a:4f:b4:57:76:1b:e8:d7:1f:
                    0e:f5:ab:70:6b:f1:24:c7:97:3e:d5:ea:0c:dc:21:
                    f9:13:52:29:2c:c1:06:e8:41:71:47:b7:b1:e3:48:
                    4e:5e:ba:c8:ce:c3:f1:15:e0:2a:b5:58:84:47:19:
                    4c:90:8a:e0:45:04:9f:6b:50:c9:74:28:92:2f:28:
                    94:c4:cc:7f:79:09:7f:7d:33:ab:b1:36:2f:3b:3d:
                    54:10:96:dc:d7:e0:53:af:49:cb:35:57:c0:8c:98:
                    50:3a:97:e5:39:ab:e4:b4:5b:8f:65:54:7b:fe:00:
                    f5:b6:d2:c5:0d:54:92:7d:a4:03:19:b2:57:94:56:
                    61:8a:d1:a0:a8:bf:c2:bd:b0:a4:6c:32:3d:7a:91:
                    bc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:83:FE:25:FC:AD:6E:37:4D:F8:94:30:CF:09:0F:19:25:C8:FB:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dc2871e-4870-49a7-8242-56cfe0f652d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.168.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         36:7e:e6:ca:c6:06:ef:1e:3e:1c:89:28:df:2e:64:c4:d5:1b:
         86:c4:d3:a0:75:d7:c9:96:5a:bc:55:18:38:1f:ee:9f:77:15:
         5c:8a:fc:c3:3c:23:03:36:fc:71:65:d7:cd:a5:01:4c:0d:dd:
         bc:54:d5:11:da:f7:1b:00:08:5b:14:ac:a1:b7:cf:dd:e4:d4:
         1e:0d:ca:23:18:7d:3f:e7:e0:12:fa:b7:56:e4:4f:f8:cf:9c:
         c6:ce:9a:e7:33:d6:40:8e:e5:c4:5e:07:a2:80:d1:f3:3c:bb:
         ae:b2:24:38:94:3d:a0:f9:b7:c0:04:55:24:32:b2:74:04:b0:
         a2:11:8f:88:6a:16:8b:6f:4b:88:be:aa:6d:be:bf:8a:d5:e4:
         24:4a:d5:8c:81:be:d5:2a:47:f6:44:2a:88:cf:ba:77:b8:17:
         8c:56:30:f8:e1:d5:16:82:a0:3e:6f:a7:2c:85:37:0b:4d:b6:
         16:33:cc:f6:99:72:f3:86:e4:c4:b2:93:de:01:53:cb:c7:2f:
         84:31:6a:d0:29:7f:d3:4a:95:56:34:4c:3f:b0:ea:52:5d:94:
         25:7a:0d:7a:65:cc:0c:bb:3d:33:25:80:85:77:97:6b:a9:a4:
         75:08:b5:50:34:71:2c:44:3c:bb:a7:a2:65:a6:20:be:70:0d:
         35:6e:73:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFeWWFjS97tUDt27WCuQecY+TzrUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzJjYjZmYzU3MTk4YmI0MzhhNDFkOGM5Nzg1Nzk1OGYz
ZTFiMGRhZmE2YjVmMDFkMzIyMmI4OTdiNTRhNWJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDilCSaahu1U9idTJW2vIn0QfXtwXepiudDSjB2Yx65Fs+x
qaHGJLEn+F9hOCvgsNkdgb/xEHY1QkNLxPz7iwrOlbxa3bhBp1zffEr/EW+ijcyq
U3UfHZamML+fHVcToIXHxgoPUfv/rbhBP0zyMDpPtFd2G+jXHw71q3Br8STHlz7V
6gzcIfkTUikswQboQXFHt7HjSE5eusjOw/EV4Cq1WIRHGUyQiuBFBJ9rUMl0KJIv
KJTEzH95CX99M6uxNi87PVQQltzX4FOvScs1V8CMmFA6l+U5q+S0W49lVHv+APW2
0sUNVJJ9pAMZsleUVmGK0aCov8K9sKRsMj16kbynAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcIP+JfytbjdN+JQwzwkPGSXI+z8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkYzI4NzFlLTQ4NzAtNDlhNy04MjQyLTU2Y2ZlMGY2NTJkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoqDANBgkqhkiG9w0BAQsFAAOCAQEANn7mysYG7x4+HIko3y5kxNUbhsTT
oHXXyZZavFUYOB/un3cVXIr8wzwjAzb8cWXXzaUBTA3dvFTVEdr3GwAIWxSsobfP
3eTUHg3KIxh9P+fgEvq3VuRP+M+cxs6a5zPWQI7lxF4HooDR8zy7rrIkOJQ9oPm3
wARVJDKydASwohGPiGoWi29LiL6qbb6/itXkJErVjIG+1SpH9kQqiM+6d7gXjFYw
+OHVFoKgPm+nLIU3C022FjPM9ply84bkxLKT3gFTy8cvhDFq0Cl/00qVVjRMP7Dq
Ul2UJXoNemXMDLs9MyWAhXeXa6mkdQi1UDRxLEQ8u6eiZaYgvnANNW5zfQ==
-----END CERTIFICATE-----