Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa
File:                     10e8eaff-a969-4014-aee5-0177cbb5381e.roa (raw, json)
Hash identifier:          MYAQAdkAh0Juxvt3I9ppQHWJThsJEgZwWP3q7CnhMtg=
Subject key identifier:   78:FD:EC:A2:BA:F0:B6:91:5E:9F:37:5F:C7:AD:44:92:1F:7A:4A:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       633D4D5EAB00A9437756B25009E24D4E9B4FCE0E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.162.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:3d:4d:5e:ab:00:a9:43:77:56:b2:50:09:e2:4d:4e:9b:4f:ce:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=784e651fdfd0abbdc032791409a64fe737ac632b0077d332d4404fce68b7945a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:e8:98:23:8d:43:06:66:a3:26:71:05:86:
                    9d:77:24:8a:85:0d:56:31:19:6d:03:3b:0f:a5:d5:
                    4d:63:15:c5:95:13:6b:71:e0:73:5a:d0:6c:8e:b3:
                    85:38:1c:68:33:eb:b9:2e:a7:a0:ff:2b:72:71:c6:
                    c9:f5:81:cc:d6:6b:e1:0c:33:92:75:a2:23:b2:54:
                    bf:ee:fb:c5:5f:f0:82:00:e1:35:ab:2e:68:81:52:
                    66:2c:42:21:6b:40:bc:60:e1:4d:94:8d:82:db:ce:
                    d7:37:87:b4:2e:1d:11:28:97:fb:cd:85:ce:0e:e9:
                    b7:e7:c1:60:83:c6:07:2f:90:68:bc:44:18:c8:0b:
                    6a:5f:f8:a8:36:e9:aa:ef:14:22:a9:4e:bc:ae:3d:
                    a3:0f:7f:71:e1:28:ff:5c:c2:9c:1b:c4:51:c0:c8:
                    47:a7:0f:06:58:6a:18:d3:c7:06:6e:93:76:12:f0:
                    c2:6a:c0:0a:2c:68:07:23:ec:e5:72:40:cd:20:a4:
                    7d:bf:c0:17:a4:c4:f0:c0:b9:21:46:79:92:f0:ec:
                    38:0e:4e:9b:32:43:00:bd:b5:78:91:6e:c4:ba:d8:
                    73:a5:34:8c:70:38:7e:27:e5:52:c0:8f:65:04:a2:
                    bb:1c:ce:09:d9:bf:69:4e:21:bd:52:83:ff:cd:44:
                    44:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:FD:EC:A2:BA:F0:B6:91:5E:9F:37:5F:C7:AD:44:92:1F:7A:4A:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.162.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a1:f8:cb:63:e5:fc:d3:03:57:56:d6:f6:8f:19:46:ce:a5:3d:
         39:ee:1c:02:8b:12:9c:96:b6:b3:68:cb:99:18:70:85:bd:40:
         27:de:39:c1:77:20:1a:f9:a3:82:2a:bc:23:41:14:2b:fc:49:
         43:0d:f6:67:92:71:1c:de:59:bf:40:82:2c:c0:4e:0f:64:61:
         a2:6a:76:be:53:b7:61:df:a3:6d:78:e6:ae:21:bc:ba:e5:b2:
         45:a7:9a:2d:44:be:67:3b:54:6a:43:15:dc:17:19:70:e9:ec:
         74:d9:2d:71:c0:42:2b:49:e9:6a:54:b8:77:4b:36:8d:78:4b:
         97:20:16:99:64:ae:21:5a:02:48:af:4d:85:1b:a7:71:1e:bd:
         cb:88:9a:64:79:b3:7e:a0:2d:ed:86:6f:2f:af:b7:fe:61:96:
         f0:86:e6:95:fd:f2:b6:b2:47:76:eb:db:26:ad:68:92:90:c3:
         dc:a5:36:96:07:d2:32:33:cf:bf:b0:ed:2a:72:50:a1:5e:a0:
         56:06:2a:dc:56:c2:8b:06:45:db:b9:99:78:6f:25:b5:e5:83:
         8b:b6:ee:03:b7:0f:07:64:57:59:b1:24:b9:3e:02:cc:35:2c:
         ea:ca:9b:64:49:b2:d0:ce:d9:73:df:23:2a:55:f6:d1:28:a5:
         24:90:72:a6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYz1NXqsAqUN3VrJQCeJNTptPzg4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODRlNjUxZmRmZDBhYmJkYzAzMjc5MTQwOWE2NGZlNzM3
YWM2MzJiMDA3N2QzMzJkNDQwNGZjZTY4Yjc5NDVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzeuiYI41DBmajJnEFhp13JIqFDVYxGW0DOw+l1U1jFcWV
E2tx4HNa0GyOs4U4HGgz67kup6D/K3Jxxsn1gczWa+EMM5J1oiOyVL/u+8Vf8IIA
4TWrLmiBUmYsQiFrQLxg4U2UjYLbztc3h7QuHREol/vNhc4O6bfnwWCDxgcvkGi8
RBjIC2pf+Kg26arvFCKpTryuPaMPf3HhKP9cwpwbxFHAyEenDwZYahjTxwZuk3YS
8MJqwAosaAcj7OVyQM0gpH2/wBekxPDAuSFGeZLw7DgOTpsyQwC9tXiRbsS62HOl
NIxwOH4n5VLAj2UEorsczgnZv2lOIb1Sg//NREStAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeP3sorrwtpFenzdfx61Ekh96SoYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwZThlYWZmLWE5NjktNDAxNC1hZWU1LTAxNzdjYmI1MzgxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQojANBgkqhkiG9w0BAQsFAAOCAQEAofjLY+X80wNXVtb2jxlGzqU9Oe4c
AosSnJa2s2jLmRhwhb1AJ945wXcgGvmjgiq8I0EUK/xJQw32Z5JxHN5Zv0CCLMBO
D2Rhomp2vlO3Yd+jbXjmriG8uuWyRaeaLUS+ZztUakMV3BcZcOnsdNktccBCK0np
alS4d0s2jXhLlyAWmWSuIVoCSK9NhRuncR69y4iaZHmzfqAt7YZvL6+3/mGW8Ibm
lf3ytrJHduvbJq1okpDD3KU2lgfSMjPPv7DtKnJQoV6gVgYq3FbCiwZF27mZeG8l
teWDi7buA7cPB2RXWbEkuT4CzDUs6sqbZEmy0M7Zc98jKlX20SilJJBypg==
-----END CERTIFICATE-----