Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b78eb9-3900-423b-9232-5f508710c51b.roa
File:                     16b78eb9-3900-423b-9232-5f508710c51b.roa (raw, json)
Hash identifier:          /EeL9/rTTuuK4byEq94kLbnhx6/nB+p+5ihvgXtvX9o=
Subject key identifier:   3F:EA:A2:DF:FB:7F:5B:C9:1C:DD:64:22:DD:BC:E9:AA:F6:87:96:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A70FA48847C719EB7EA27CDD58D9D8D2134A8C3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b78eb9-3900-423b-9232-5f508710c51b.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.107.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:70:fa:48:84:7c:71:9e:b7:ea:27:cd:d5:8d:9d:8d:21:34:a8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=b3c8a11661ac47105b29936ee1c01266c0d122fb6bd40d9cbfd216507da9891a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ab:a1:ab:5e:a3:26:94:08:c1:72:5a:1f:55:
                    41:9c:4d:d8:09:4f:75:28:fc:58:98:c6:7e:9f:27:
                    07:5f:c3:86:11:46:23:ed:87:8a:19:b5:ae:97:90:
                    5e:db:20:49:3b:ad:98:30:82:7d:35:9d:39:52:56:
                    e3:43:75:a2:5c:8c:11:78:79:68:62:91:c8:1b:11:
                    46:e4:a8:0a:29:48:66:9f:9e:0e:68:c8:28:00:fc:
                    62:b1:62:04:0a:78:dd:10:af:da:0d:28:36:e5:31:
                    30:98:1b:78:de:59:31:13:60:5e:33:ae:f2:a5:3f:
                    49:b0:98:72:88:e4:75:23:1a:df:df:63:ed:8b:b8:
                    50:aa:fc:4f:0f:fd:ea:bd:f1:c5:e2:ec:36:4b:46:
                    db:b0:78:6e:42:1c:6d:17:4d:25:f5:ca:69:2f:90:
                    1a:05:ce:5a:a2:09:7c:e3:4b:f3:1c:73:71:3d:67:
                    08:dd:de:5c:0a:f4:32:a0:ed:34:1a:e4:a8:a4:22:
                    3f:72:c3:95:db:22:0b:5e:27:32:79:12:a9:a6:bc:
                    88:26:28:44:e1:c8:cd:d1:a5:4b:13:2e:c6:55:15:
                    9c:cd:2c:17:ea:95:ec:cb:21:05:de:07:08:0b:29:
                    e6:cf:a3:88:93:72:f9:44:41:16:86:4a:fa:a8:0b:
                    07:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:EA:A2:DF:FB:7F:5B:C9:1C:DD:64:22:DD:BC:E9:AA:F6:87:96:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b78eb9-3900-423b-9232-5f508710c51b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:46:43:5f:65:bd:4f:b7:b7:d9:06:6a:de:bc:6c:9e:9c:9f:
         50:02:c3:6f:36:39:6d:9a:f7:b7:1f:07:21:a4:62:11:9f:8a:
         60:86:4b:d4:89:bc:41:ef:bc:50:c6:c1:7d:b2:7c:36:ef:8d:
         90:14:ae:16:c8:86:65:95:af:43:b6:4c:ac:f9:05:86:78:6f:
         75:b2:62:d3:01:c1:d3:b0:3c:29:0d:7d:ab:37:a6:c2:5a:10:
         30:cc:6b:f6:06:42:9f:f6:ba:89:eb:a5:9a:37:af:fc:da:26:
         0d:b6:24:95:cf:08:03:0d:fb:92:9f:27:42:ae:14:f6:d9:ea:
         16:2f:4e:83:93:b1:9a:78:89:13:4c:73:f0:fe:76:ea:f4:55:
         27:cf:d5:dc:94:27:2f:bc:b9:e0:38:49:c9:0b:2b:ac:dd:13:
         40:c5:18:14:60:75:6a:fa:96:79:c1:8b:93:4d:19:94:cc:91:
         53:eb:32:2c:58:15:ad:7e:b8:12:57:c1:bf:df:8b:61:cf:81:
         03:63:2e:71:37:6b:5d:0a:d4:48:ba:ff:0c:87:f4:59:e1:75:
         33:78:bf:98:7c:e3:a7:50:cc:e4:81:55:43:81:d5:8d:d0:4a:
         bf:4f:be:89:fb:6b:25:eb:6f:67:ed:3c:eb:81:74:40:13:82:
         4e:3e:ab:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSnD6SIR8cZ636ifN1Y2djSE0qMMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2M4YTExNjYxYWM0NzEwNWIyOTkzNmVlMWMwMTI2NmMw
ZDEyMmZiNmJkNDBkOWNiZmQyMTY1MDdkYTk4OTFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRq6GrXqMmlAjBclofVUGcTdgJT3Uo/FiYxn6fJwdfw4YR
RiPth4oZta6XkF7bIEk7rZgwgn01nTlSVuNDdaJcjBF4eWhikcgbEUbkqAopSGaf
ng5oyCgA/GKxYgQKeN0Qr9oNKDblMTCYG3jeWTETYF4zrvKlP0mwmHKI5HUjGt/f
Y+2LuFCq/E8P/eq98cXi7DZLRtuweG5CHG0XTSX1ymkvkBoFzlqiCXzjS/Mcc3E9
Zwjd3lwK9DKg7TQa5KikIj9yw5XbIgteJzJ5EqmmvIgmKEThyM3RpUsTLsZVFZzN
LBfqlezLIQXeBwgLKebPo4iTcvlEQRaGSvqoCweNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP+qi3/t/W8kc3WQi3bzpqvaHltgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE2Yjc4ZWI5LTM5MDAtNDIzYi05MjMyLTVmNTA4NzEwYzUxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GswDQYJKoZIhvcNAQELBQADggEBAK9GQ19lvU+3t9kGat68bJ6cn1AC
w282OW2a97cfByGkYhGfimCGS9SJvEHvvFDGwX2yfDbvjZAUrhbIhmWVr0O2TKz5
BYZ4b3WyYtMBwdOwPCkNfas3psJaEDDMa/YGQp/2uonrpZo3r/zaJg22JJXPCAMN
+5KfJ0KuFPbZ6hYvToOTsZp4iRNMc/D+dur0VSfP1dyUJy+8ueA4SckLK6zdE0DF
GBRgdWr6lnnBi5NNGZTMkVPrMixYFa1+uBJXwb/fi2HPgQNjLnE3a10K1Ei6/wyH
9FnhdTN4v5h846dQzOSBVUOB1Y3QSr9Pvon7ayXrb2ftPOuBdEATgk4+q28=
-----END CERTIFICATE-----