Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c9c880a-889c-409b-82ab-805149005072.roa
File:                     1c9c880a-889c-409b-82ab-805149005072.roa (raw, json)
Hash identifier:          GtHdZwFZHeM4JVVy1ywL/Ao6kz1O14DNPpBZsUe29qk=
Subject key identifier:   BD:EE:5A:A5:02:2C:AB:BA:78:65:3E:74:84:36:A7:DA:1D:9D:0A:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       603C3ED083F29303B94C01F665ABE0D8A7264B32
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c9c880a-889c-409b-82ab-805149005072.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.3.0.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:3c:3e:d0:83:f2:93:03:b9:4c:01:f6:65:ab:e0:d8:a7:26:4b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=80f45c3c60bf87069e601a80315d8eeaa2691699d3919f27c95168d1000d99bc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4d:af:bb:52:e1:b1:34:e5:b3:11:e1:be:44:
                    39:53:69:09:b3:1b:e5:24:a8:11:11:9c:66:70:56:
                    f3:19:4e:16:16:bd:22:f0:7f:96:2e:93:2c:4a:9a:
                    e6:62:ac:c2:b5:97:bd:ce:15:ab:46:8d:81:54:54:
                    62:9e:87:ca:a5:0c:91:bf:b4:64:16:f7:b2:af:63:
                    02:6b:45:99:bb:a9:d8:48:5e:7b:12:ba:96:0f:c3:
                    9b:6d:ee:eb:35:bd:96:0d:87:e8:1b:f2:9a:f9:58:
                    8d:41:fd:47:d4:a0:5a:6a:b8:3d:af:0e:c6:8e:c8:
                    74:12:43:ae:a9:13:9e:f2:07:40:06:aa:5c:59:03:
                    4d:74:9c:1d:84:39:99:b1:3b:ca:24:d0:4f:c2:14:
                    a9:15:ae:dc:58:f0:44:d7:50:76:9f:d3:30:c3:c8:
                    88:bd:84:5a:9f:49:2d:bb:a3:3d:48:b6:16:ab:e7:
                    b5:e2:bb:8b:21:6d:fc:48:fa:b6:20:89:66:4b:c6:
                    26:3f:6a:7c:b3:d0:7b:41:c2:20:4f:03:5d:c4:60:
                    9c:4c:81:83:a2:84:c9:a8:a4:94:1d:03:29:16:19:
                    ac:69:88:4d:83:d8:73:d1:2c:76:b5:79:b7:77:8a:
                    89:7d:32:23:b4:f1:aa:47:fa:b1:76:0b:b8:68:62:
                    89:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EE:5A:A5:02:2C:AB:BA:78:65:3E:74:84:36:A7:DA:1D:9D:0A:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c9c880a-889c-409b-82ab-805149005072.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.3.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         15:3d:b1:54:ec:b1:b0:2c:65:75:e8:a3:ca:a3:d7:69:61:91:
         33:ef:cc:ee:df:f0:2b:3d:92:e4:9d:07:53:05:a3:f7:ec:08:
         da:7b:5c:54:17:cd:24:cc:39:bb:29:15:22:d6:29:98:28:f6:
         06:eb:3c:c0:d6:b1:b0:66:00:51:aa:94:f8:51:53:e3:0e:e0:
         2b:20:86:49:8d:0a:76:22:6a:7a:70:74:b1:04:9b:ca:ea:c2:
         a0:78:6b:e3:28:0c:eb:13:ea:22:b8:cf:63:d7:d1:b7:61:f5:
         a0:6d:6c:82:82:a8:87:26:df:db:16:31:22:38:9c:36:96:df:
         e1:de:65:b2:ed:67:d2:e0:42:20:98:b9:8b:c1:a5:4f:55:41:
         1b:fa:e6:78:79:87:d9:28:dc:4f:f5:14:bb:15:50:29:4b:84:
         9b:f4:4f:3a:2f:43:5b:ab:8a:fe:5c:4e:43:1c:cf:f6:38:1b:
         57:15:58:dc:2f:ee:d4:c3:48:ea:92:80:34:ff:8c:c6:46:ab:
         99:6a:0b:04:fa:b3:2a:9c:d1:71:74:39:e5:30:57:68:c1:be:
         93:3b:5e:8a:f5:95:9c:8f:0e:e2:38:64:15:b3:25:64:d8:5d:
         83:37:bc:50:a0:7b:ef:15:a9:eb:3e:86:59:fb:12:7d:fa:b4:
         bf:c8:0d:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYDw+0IPykwO5TAH2Zavg2KcmSzIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MGY0NWMzYzYwYmY4NzA2OWU2MDFhODAzMTVkOGVlYWEy
NjkxNjk5ZDM5MTlmMjdjOTUxNjhkMTAwMGQ5OWJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKTa+7UuGxNOWzEeG+RDlTaQmzG+UkqBERnGZwVvMZThYW
vSLwf5YukyxKmuZirMK1l73OFatGjYFUVGKeh8qlDJG/tGQW97KvYwJrRZm7qdhI
XnsSupYPw5tt7us1vZYNh+gb8pr5WI1B/UfUoFpquD2vDsaOyHQSQ66pE57yB0AG
qlxZA010nB2EOZmxO8ok0E/CFKkVrtxY8ETXUHaf0zDDyIi9hFqfSS27oz1Ithar
57Xiu4shbfxI+rYgiWZLxiY/anyz0HtBwiBPA13EYJxMgYOihMmopJQdAykWGaxp
iE2D2HPRLHa1ebd3iol9MiO08apH+rF2C7hoYonXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUve5apQIsq7p4ZT50hDan2h2dCn4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFjOWM4ODBhLTg4OWMtNDA5Yi04MmFiLTgwNTE0OTAwNTA3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVLAwAwDQYJKoZIhvcNAQELBQADggEBABU9sVTssbAsZXXoo8qj12lhkTPv
zO7f8Cs9kuSdB1MFo/fsCNp7XFQXzSTMObspFSLWKZgo9gbrPMDWsbBmAFGqlPhR
U+MO4CsghkmNCnYianpwdLEEm8rqwqB4a+MoDOsT6iK4z2PX0bdh9aBtbIKCqIcm
39sWMSI4nDaW3+HeZbLtZ9LgQiCYuYvBpU9VQRv65nh5h9ko3E/1FLsVUClLhJv0
TzovQ1uriv5cTkMcz/Y4G1cVWNwv7tTDSOqSgDT/jMZGq5lqCwT6syqc0XF0OeUw
V2jBvpM7Xor1lZyPDuI4ZBWzJWTYXYM3vFCge+8Vqes+hln7En36tL/IDZ0=
-----END CERTIFICATE-----