Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ef99f39-5c5c-4bb6-9e15-9baa9a993e2c.roa
File:                     0ef99f39-5c5c-4bb6-9e15-9baa9a993e2c.roa (raw, json)
Hash identifier:          dsrPeu++HbMfpKngnERIm106ncJsmqf0XXpPQNq1Emk=
Subject key identifier:   68:9A:32:12:ED:0E:49:9B:E9:F3:32:C7:26:04:8B:76:37:48:8C:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13FE4BA1D8FA03E31A976D7ECFAA640AEB48B874
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ef99f39-5c5c-4bb6-9e15-9baa9a993e2c.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.154.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:fe:4b:a1:d8:fa:03:e3:1a:97:6d:7e:cf:aa:64:0a:eb:48:b8:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=dc3183036ebb41dfc6304e253609439a8693a5f56a94346fa891c87ebae2c3e8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:68:a0:1b:35:2a:c2:44:4b:b5:ec:82:76:c2:
                    c9:44:eb:9b:70:ba:7d:df:10:bd:d8:24:8d:8e:9b:
                    40:91:e3:74:90:4e:7f:da:3c:14:1a:34:1f:f5:c9:
                    89:27:a2:28:47:8e:42:57:24:dd:f5:1b:92:49:54:
                    0d:3f:39:51:3c:84:79:8b:fe:92:70:51:3d:39:62:
                    03:95:b2:42:9a:4c:e5:0e:df:da:10:0e:2d:27:31:
                    34:e1:df:6c:e9:73:04:e8:01:a7:6b:09:77:c7:1e:
                    70:e4:74:c3:1a:73:12:5a:92:9c:52:a3:70:4c:77:
                    e8:d7:94:ab:b6:fd:ab:55:b3:01:fa:f8:45:07:82:
                    1a:04:c1:e3:cf:22:bd:7c:bc:8d:0f:ac:af:68:71:
                    17:85:c1:2a:05:f9:7a:62:8f:24:c0:0f:1a:ad:53:
                    12:54:2a:ae:54:7b:80:3d:e8:50:e6:18:21:d9:4d:
                    80:bf:01:8f:b3:51:da:32:32:a6:84:ed:50:ff:f6:
                    b1:68:23:9b:09:0a:c4:f8:7f:03:a8:3f:15:e4:0a:
                    a2:81:ab:e2:d1:35:0e:18:02:a7:0d:26:be:07:00:
                    e8:4c:37:8a:6f:8f:6c:50:33:58:e6:67:89:81:19:
                    4b:c9:5a:4f:2f:b6:31:74:b3:27:08:f2:27:55:26:
                    41:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:9A:32:12:ED:0E:49:9B:E9:F3:32:C7:26:04:8B:76:37:48:8C:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ef99f39-5c5c-4bb6-9e15-9baa9a993e2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:5f:ed:00:b3:61:0d:99:ca:f8:12:83:7d:ea:29:b4:91:f7:
         d6:74:6c:57:12:af:16:46:25:30:f5:83:74:a7:c5:55:2e:20:
         68:cf:fa:5e:3a:b3:8b:5c:70:07:21:be:6a:7f:28:8e:2f:8e:
         c4:1c:0a:14:55:1d:a1:6b:7e:96:a9:04:c6:6a:c7:53:a5:3e:
         82:95:bb:ae:6a:5e:3d:b5:a2:18:b2:e1:d7:c2:96:63:71:8f:
         57:64:29:ca:69:77:a0:57:6e:56:56:a5:ac:b9:52:39:59:9d:
         fa:91:01:75:34:77:5a:fa:d1:b2:48:6b:f9:b1:7a:d2:8e:48:
         a4:40:0d:2d:29:12:71:94:76:73:89:84:e3:9d:e9:34:64:ef:
         93:bf:db:49:d1:19:e2:c9:98:0d:56:7a:24:fd:7d:6f:36:c6:
         de:c2:de:39:7e:84:20:76:2e:00:85:3e:1b:d4:cc:d7:6d:3e:
         b6:22:60:23:b1:19:40:f7:1f:a0:01:bb:06:13:14:fe:81:f7:
         bf:1c:5d:9b:7a:e3:83:e1:c9:bb:f6:21:e4:16:bb:51:bf:24:
         43:e2:8a:7d:27:35:16:f6:94:65:05:20:67:1f:79:84:73:e9:
         8d:7f:ae:74:1d:5d:71:f6:47:41:97:41:a7:fc:b4:a3:74:88:
         72:51:99:c7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE/5Lodj6A+Mal21+z6pkCutIuHQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzMxODMwMzZlYmI0MWRmYzYzMDRlMjUzNjA5NDM5YTg2
OTNhNWY1NmE5NDM0NmZhODkxYzg3ZWJhZTJjM2U4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiaKAbNSrCREu17IJ2wslE65twun3fEL3YJI2Om0CR43SQ
Tn/aPBQaNB/1yYknoihHjkJXJN31G5JJVA0/OVE8hHmL/pJwUT05YgOVskKaTOUO
39oQDi0nMTTh32zpcwToAadrCXfHHnDkdMMacxJakpxSo3BMd+jXlKu2/atVswH6
+EUHghoEwePPIr18vI0PrK9ocReFwSoF+XpijyTADxqtUxJUKq5Ue4A96FDmGCHZ
TYC/AY+zUdoyMqaE7VD/9rFoI5sJCsT4fwOoPxXkCqKBq+LRNQ4YAqcNJr4HAOhM
N4pvj2xQM1jmZ4mBGUvJWk8vtjF0sycI8idVJkEpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaJoyEu0OSZvp8zLHJgSLdjdIjKcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlZjk5ZjM5LTVjNWMtNGJiNi05ZTE1LTliYWE5YTk5M2UyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZowDQYJKoZIhvcNAQELBQADggEBAMJf7QCzYQ2ZyvgSg33qKbSR99Z0
bFcSrxZGJTD1g3SnxVUuIGjP+l46s4tccAchvmp/KI4vjsQcChRVHaFrfpapBMZq
x1OlPoKVu65qXj21ohiy4dfClmNxj1dkKcppd6BXblZWpay5UjlZnfqRAXU0d1r6
0bJIa/mxetKOSKRADS0pEnGUdnOJhOOd6TRk75O/20nRGeLJmA1WeiT9fW82xt7C
3jl+hCB2LgCFPhvUzNdtPrYiYCOxGUD3H6ABuwYTFP6B978cXZt644Phybv2IeQW
u1G/JEPiin0nNRb2lGUFIGcfeYRz6Y1/rnQdXXH2R0GXQaf8tKN0iHJRmcc=
-----END CERTIFICATE-----