Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa
File:                     14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa (raw, json)
Hash identifier:          YG5ZI2hjEXApvGAp9NNw4qaAD8vqImYmr7Ra478FOKM=
Subject key identifier:   50:A9:26:E3:C0:6A:BC:F5:89:FE:70:5E:EC:44:6B:70:D3:15:B7:8D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09D4A9CF97E77DB59EC66F495595814F263ECAB3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa
Signing time:             Wed 29 Jan 2025 00:00:00 +0000
ROA not before:           Wed 29 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.206.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:d4:a9:cf:97:e7:7d:b5:9e:c6:6f:49:55:95:81:4f:26:3e:ca:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 29 00:00:00 2025 GMT
            Not After : Mar  5 23:59:59 2025 GMT
        Subject: serialNumber=7834a58947f5684640a5836adcdc6f7b15663192f8005a1874b714f66fc0c23f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:be:22:dd:d2:ee:a9:99:56:35:88:9f:85:b9:
                    23:3a:7d:b5:ba:56:fb:6d:2a:b4:01:f1:9f:5f:bf:
                    16:4b:be:a7:29:b8:15:85:c3:ee:4d:5c:5c:92:ba:
                    fa:d0:18:c5:8a:63:50:2f:a4:ad:c9:70:c0:47:5b:
                    21:12:82:5a:61:e3:f0:f5:20:03:79:3b:c9:b2:6b:
                    b6:a9:1c:51:8f:39:ab:0a:96:37:27:fc:f6:09:02:
                    92:7e:70:cf:51:8a:18:14:89:04:d0:6c:37:b8:d5:
                    1f:30:dc:9e:cc:e7:48:91:54:53:58:a3:b5:e5:05:
                    de:9f:ff:12:0b:a2:b7:a8:4a:48:e4:49:c1:90:06:
                    f7:36:ef:1e:65:6d:f0:29:5a:ea:2a:da:ed:a9:2b:
                    fd:a3:1b:78:c9:54:75:22:67:52:88:cb:0a:7b:aa:
                    0f:c8:7d:e6:be:7c:0b:99:38:89:5b:08:dd:be:fa:
                    ed:5c:a5:7e:0a:62:20:f5:9e:d6:8f:67:65:05:d2:
                    1c:30:f8:dc:78:a6:82:d3:19:0b:28:aa:af:18:ca:
                    3b:eb:66:9e:39:33:0e:6c:7a:ab:ca:36:1e:c2:31:
                    b1:d9:0b:7c:e4:42:d4:78:67:5d:05:57:06:11:1b:
                    8a:d7:f9:7e:2e:10:da:43:51:4c:8a:8d:af:b2:fc:
                    9d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A9:26:E3:C0:6A:BC:F5:89:FE:70:5E:EC:44:6B:70:D3:15:B7:8D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8c:22:86:b9:09:b3:de:97:46:f3:c4:86:55:5c:cf:f1:a2:84:
         46:02:d3:2a:e7:fe:ad:f7:5f:f8:a5:0e:f1:95:8a:75:dd:75:
         ee:80:1d:74:09:da:48:9b:f8:37:20:aa:f3:e7:8c:78:f4:e8:
         81:bc:87:b3:7a:be:8b:d7:29:59:be:51:41:e6:f2:c7:61:ea:
         22:99:ac:db:9e:f5:3f:ff:e4:df:69:84:7a:ce:5a:39:44:1f:
         7a:9d:07:57:43:b8:3a:b5:47:e8:42:13:e5:d0:b6:36:26:e9:
         4a:c0:dc:f0:25:27:54:88:af:65:30:8e:9b:d5:6c:4d:f2:81:
         49:ab:06:63:e2:71:d1:00:84:8b:ae:22:41:c6:ca:ec:8c:21:
         df:e3:a4:ad:71:64:a0:ef:76:4c:8c:a8:ed:19:a9:ea:1a:06:
         c8:d8:cf:89:1b:41:f1:05:dc:85:45:5d:09:23:db:ae:bb:e6:
         48:6d:f3:7b:36:50:47:fe:8d:03:31:cd:46:28:a9:d2:79:00:
         b6:96:2b:9b:e8:2e:a7:37:5d:d6:a9:5b:bc:96:49:fc:dd:ad:
         da:57:2b:81:6f:5e:a6:2e:08:6b:f8:9b:8c:09:91:28:c0:5f:
         8f:be:25:62:09:9d:47:a1:7e:a6:02:d5:0e:15:91:a4:20:35:
         17:9a:a2:b3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCdSpz5fnfbWexm9JVZWBTyY+yrMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI5MDAwMDAwWhcNMjUwMzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODM0YTU4OTQ3ZjU2ODQ2NDBhNTgzNmFkY2RjNmY3YjE1
NjYzMTkyZjgwMDVhMTg3NGI3MTRmNjZmYzBjMjNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3viLd0u6pmVY1iJ+FuSM6fbW6VvttKrQB8Z9fvxZLvqcp
uBWFw+5NXFySuvrQGMWKY1AvpK3JcMBHWyESglph4/D1IAN5O8mya7apHFGPOasK
ljcn/PYJApJ+cM9RihgUiQTQbDe41R8w3J7M50iRVFNYo7XlBd6f/xILoreoSkjk
ScGQBvc27x5lbfApWuoq2u2pK/2jG3jJVHUiZ1KIywp7qg/Ifea+fAuZOIlbCN2+
+u1cpX4KYiD1ntaPZ2UF0hww+Nx4poLTGQsoqq8YyjvrZp45Mw5seqvKNh7CMbHZ
C3zkQtR4Z10FVwYRG4rX+X4uENpDUUyKja+y/J2LAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUKkm48BqvPWJ/nBe7ERrcNMVt40wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0ZjdiYzY1LTE3N2YtNDFkOS1iM2M2LTg4MmI0NmI3N2FiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCPzjANBgkqhkiG9w0BAQsFAAOCAQEAjCKGuQmz3pdG88SGVVzP8aKERgLT
Kuf+rfdf+KUO8ZWKdd117oAddAnaSJv4NyCq8+eMePTogbyHs3q+i9cpWb5RQeby
x2HqIpms2571P//k32mEes5aOUQfep0HV0O4OrVH6EIT5dC2NibpSsDc8CUnVIiv
ZTCOm9VsTfKBSasGY+Jx0QCEi64iQcbK7Iwh3+OkrXFkoO92TIyo7Rmp6hoGyNjP
iRtB8QXchUVdCSPbrrvmSG3zezZQR/6NAzHNRiip0nkAtpYrm+gupzdd1qlbvJZJ
/N2t2lcrgW9epi4Ia/ibjAmRKMBfj74lYgmdR6F+pgLVDhWRpCA1F5qisw==
-----END CERTIFICATE-----