Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17721a9e-0a8f-4b71-a56e-234b61d375d3.roa
File:                     17721a9e-0a8f-4b71-a56e-234b61d375d3.roa (raw, json)
Hash identifier:          ITumsUK4BSbT6/iv9Sqx6YeuW0AmWl2Wiq8oViCXn/c=
Subject key identifier:   A9:24:F9:92:48:4D:A3:3C:0B:41:46:EB:0F:5E:E8:75:3D:D9:05:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       36667927A70987A7484657D85BE65519F981C8D6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17721a9e-0a8f-4b71-a56e-234b61d375d3.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.142.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:66:79:27:a7:09:87:a7:48:46:57:d8:5b:e6:55:19:f9:81:c8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=3ab1c2997d9511baa2358c03f4d4aafbec3afe01b231da784f2c0ea6b7183e09, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0f:fe:0c:56:43:e2:d0:3f:7d:30:22:eb:5b:
                    25:08:f2:13:9c:19:9e:b9:a4:62:46:fe:73:61:cf:
                    2e:e2:7b:e8:42:18:2d:5a:d0:29:0e:de:13:2a:0a:
                    bd:6b:89:db:b5:44:0e:c2:f1:35:08:42:78:26:17:
                    aa:7a:cd:dd:b0:0f:d6:dd:54:b1:b4:40:47:7f:5c:
                    88:ca:3d:a4:be:79:33:e9:e0:ff:b5:2e:20:4c:e6:
                    49:48:49:20:14:52:9c:0e:ab:10:7a:6e:c9:96:33:
                    a4:58:83:7f:cf:73:01:74:ec:d5:09:74:76:07:98:
                    e5:1a:24:ba:32:f7:58:09:0f:f2:8d:dd:b2:ee:b0:
                    98:f3:9d:de:e3:35:3c:fc:a2:1f:b2:c0:a5:e6:b4:
                    d5:54:36:19:51:fa:7e:1d:f7:63:c4:a6:65:13:4e:
                    28:d7:22:3b:d4:88:e1:36:67:19:32:b6:2b:6e:00:
                    e3:e0:38:be:fe:88:fa:cc:24:5f:a5:6e:c3:d6:70:
                    b7:06:43:3c:c7:23:1e:0a:f8:f1:f5:d4:8a:2d:b8:
                    dc:9a:b6:91:bf:6b:1c:5b:59:8d:0e:f4:65:6e:3a:
                    b6:c6:8c:30:b7:14:95:38:4f:8d:75:c4:32:9c:53:
                    72:a3:3f:d5:ed:08:01:28:6a:66:65:c0:e1:f2:ac:
                    a9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:24:F9:92:48:4D:A3:3C:0B:41:46:EB:0F:5E:E8:75:3D:D9:05:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17721a9e-0a8f-4b71-a56e-234b61d375d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.142.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         99:ec:16:0c:24:39:e6:dd:9a:bb:a3:f1:a2:93:75:cc:ad:ad:
         29:d0:61:9a:f4:06:2d:be:ec:97:99:a3:a0:6b:5d:b6:31:7a:
         0d:bf:b4:e9:32:7d:d0:47:76:30:0c:f8:71:d9:d0:68:7e:57:
         02:d9:17:9c:c8:46:b3:6a:11:99:39:97:09:b8:e7:be:b1:3b:
         e0:f5:3f:0b:c1:a7:09:23:e2:d6:f8:dd:a1:84:eb:51:b8:a8:
         ac:7e:04:e3:c7:79:72:3c:c7:b2:a1:7b:c4:ca:1f:a2:71:c1:
         c7:03:bd:18:44:6d:76:99:69:96:d9:e3:02:26:22:74:ac:8f:
         5a:b3:23:d2:fd:6f:0f:35:3d:1e:c4:69:1c:0d:2c:df:7f:e5:
         24:17:c2:b9:7b:7b:f8:15:0f:83:f9:a7:89:38:6a:51:7d:72:
         da:04:b9:21:35:4a:c0:2f:eb:c6:da:58:4e:46:34:00:93:98:
         3f:19:15:53:45:60:bb:30:2d:fd:2d:0c:5f:b7:5c:d4:1b:ad:
         16:e3:8c:05:fe:20:e3:3f:c4:ca:b7:5b:ba:90:90:58:4a:9a:
         41:ad:ac:fd:ca:4d:f2:ce:6f:6c:81:71:24:c8:a1:0e:d9:01:
         1a:fb:9f:43:26:58:de:50:f8:0a:dc:7f:e1:7f:96:7e:85:b6:
         d6:d6:44:cf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNmZ5J6cJh6dIRlfYW+ZVGfmByNYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYWIxYzI5OTdkOTUxMWJhYTIzNThjMDNmNGQ0YWFmYmVj
M2FmZTAxYjIzMWRhNzg0ZjJjMGVhNmI3MTgzZTA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkD/4MVkPi0D99MCLrWyUI8hOcGZ65pGJG/nNhzy7ie+hC
GC1a0CkO3hMqCr1ridu1RA7C8TUIQngmF6p6zd2wD9bdVLG0QEd/XIjKPaS+eTPp
4P+1LiBM5klISSAUUpwOqxB6bsmWM6RYg3/PcwF07NUJdHYHmOUaJLoy91gJD/KN
3bLusJjznd7jNTz8oh+ywKXmtNVUNhlR+n4d92PEpmUTTijXIjvUiOE2Zxkytitu
AOPgOL7+iPrMJF+lbsPWcLcGQzzHIx4K+PH11IotuNyatpG/axxbWY0O9GVuOrbG
jDC3FJU4T411xDKcU3KjP9XtCAEoamZlwOHyrKmLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqST5kkhNozwLQUbrD17odT3ZBZYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE3NzIxYTllLTBhOGYtNGI3MS1hNTZlLTIzNGI2MWQzNzVkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQjjANBgkqhkiG9w0BAQsFAAOCAQEAmewWDCQ55t2au6PxopN1zK2tKdBh
mvQGLb7sl5mjoGtdtjF6Db+06TJ90Ed2MAz4cdnQaH5XAtkXnMhGs2oRmTmXCbjn
vrE74PU/C8GnCSPi1vjdoYTrUbiorH4E48d5cjzHsqF7xMofonHBxwO9GERtdplp
ltnjAiYidKyPWrMj0v1vDzU9HsRpHA0s33/lJBfCuXt7+BUPg/mniThqUX1y2gS5
ITVKwC/rxtpYTkY0AJOYPxkVU0VguzAt/S0MX7dc1ButFuOMBf4g4z/EyrdbupCQ
WEqaQa2s/cpN8s5vbIFxJMihDtkBGvufQyZY3lD4Ctx/4X+WfoW21tZEzw==
-----END CERTIFICATE-----