Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1eb23eef-99d3-4b22-8f07-bef80007eb58.roa
File:                     1eb23eef-99d3-4b22-8f07-bef80007eb58.roa (raw, json)
Hash identifier:          xQsmy3Akmu9LNltev3PkTMLPbj+RXUxSptczsTUNeqc=
Subject key identifier:   4F:6B:14:EC:64:11:D5:BE:FB:89:E6:20:98:F1:9D:59:CE:F7:F8:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C323E6EB54B22135A6A248C7766B7A6DE557AE5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1eb23eef-99d3-4b22-8f07-bef80007eb58.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.22.160.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:32:3e:6e:b5:4b:22:13:5a:6a:24:8c:77:66:b7:a6:de:55:7a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=ea30d059a6a13fbb46036ba8ca9c6f2e8a988a053d3eeab5c654666f76a1673e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:05:af:7f:31:c5:65:5f:38:9b:e7:ad:5b:05:
                    79:26:a8:69:4b:d8:14:5b:84:01:ec:7f:89:69:fc:
                    51:23:87:c3:3f:01:2b:95:15:31:90:a8:7e:2f:e5:
                    1e:8f:0e:79:8b:19:47:0b:83:45:a7:8e:7a:4b:c7:
                    79:03:71:ba:fe:42:7d:d8:ed:d3:f8:c9:f1:50:f0:
                    b0:c7:cf:74:73:00:ea:e1:e0:2a:83:51:46:12:e7:
                    3e:c1:80:b1:88:bf:d9:83:20:bf:fc:98:e4:9c:40:
                    98:75:0e:d9:e4:ab:63:e5:96:f8:17:f5:8b:a0:96:
                    07:42:90:f0:40:85:96:e3:65:c1:1e:c5:08:88:64:
                    0f:e4:05:a7:04:33:2f:9b:49:cc:0d:d4:9d:b9:2d:
                    bc:d8:38:cc:ca:10:b8:a6:bb:7f:b1:c8:97:5f:03:
                    4f:30:c3:10:38:c2:8b:3f:e7:50:4f:eb:99:00:15:
                    46:3b:22:f9:84:f1:ca:ff:d9:60:c3:c1:5b:40:1b:
                    d3:be:be:fa:d6:4d:17:d9:66:ac:93:97:90:83:f0:
                    20:b8:2d:81:8c:a8:4b:1c:76:e7:48:2c:30:06:e8:
                    ef:19:48:ee:ea:e2:fb:e6:65:64:c2:75:c7:5d:00:
                    f4:52:3c:a3:75:7b:82:4f:24:f4:f2:62:11:54:dc:
                    1e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:6B:14:EC:64:11:D5:BE:FB:89:E6:20:98:F1:9D:59:CE:F7:F8:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1eb23eef-99d3-4b22-8f07-bef80007eb58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6f:8e:50:75:93:bf:6e:a7:e1:37:bc:d0:34:c7:40:7d:89:f0:
         16:fe:ce:11:77:68:49:05:78:fd:25:af:31:f1:d7:96:2e:6e:
         d1:3d:9a:d7:10:31:24:13:c3:96:fa:00:09:86:87:15:a0:28:
         25:20:34:ba:f8:0a:33:d7:0e:53:fc:4d:98:33:dd:2d:63:aa:
         33:71:29:d5:29:31:e2:24:7c:b6:02:aa:ab:e8:46:3c:10:1c:
         d3:d9:a0:c4:65:79:32:7e:11:e9:5e:1b:3d:c8:88:3d:93:3c:
         69:1c:ee:49:37:d5:5b:70:88:6c:ec:6c:db:1d:7e:17:4f:04:
         9d:30:a9:9b:81:5c:a4:33:82:82:08:02:5f:2d:e3:fe:cf:af:
         d5:af:d3:c1:02:0d:c8:62:ff:37:8c:be:5f:5c:c4:85:57:ff:
         bd:e9:de:b6:e9:dd:84:00:59:6f:f5:bd:6a:d9:b3:0a:4a:b0:
         a9:1c:33:16:d4:b1:e6:ff:78:31:64:32:14:44:99:b9:14:bc:
         9d:6e:ee:b3:47:a9:80:06:d6:7c:45:f9:96:ee:47:1d:93:91:
         ef:ce:13:59:54:9e:52:53:77:af:6b:e9:5a:d6:e8:e0:25:8b:
         c5:99:7a:ea:3c:a8:59:80:11:f8:7f:bd:77:25:db:ae:4c:ed:
         27:5c:0b:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULDI+brVLIhNaaiSMd2a3pt5VeuUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTMwZDA1OWE2YTEzZmJiNDYwMzZiYThjYTljNmYyZThh
OTg4YTA1M2QzZWVhYjVjNjU0NjY2Zjc2YTE2NzNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJBa9/McVlXzib561bBXkmqGlL2BRbhAHsf4lp/FEjh8M/
ASuVFTGQqH4v5R6PDnmLGUcLg0WnjnpLx3kDcbr+Qn3Y7dP4yfFQ8LDHz3RzAOrh
4CqDUUYS5z7BgLGIv9mDIL/8mOScQJh1Dtnkq2PllvgX9YuglgdCkPBAhZbjZcEe
xQiIZA/kBacEMy+bScwN1J25LbzYOMzKELimu3+xyJdfA08wwxA4wos/51BP65kA
FUY7IvmE8cr/2WDDwVtAG9O+vvrWTRfZZqyTl5CD8CC4LYGMqEscdudILDAG6O8Z
SO7q4vvmZWTCdcddAPRSPKN1e4JPJPTyYhFU3B7BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT2sU7GQR1b77ieYgmPGdWc73+JQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFlYjIzZWVmLTk5ZDMtNGIyMi04ZjA3LWJlZjgwMDA3ZWI1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVrFqAwDQYJKoZIhvcNAQELBQADggEBAG+OUHWTv26n4Te80DTHQH2J8Bb+
zhF3aEkFeP0lrzHx15YubtE9mtcQMSQTw5b6AAmGhxWgKCUgNLr4CjPXDlP8TZgz
3S1jqjNxKdUpMeIkfLYCqqvoRjwQHNPZoMRleTJ+EeleGz3IiD2TPGkc7kk31Vtw
iGzsbNsdfhdPBJ0wqZuBXKQzgoIIAl8t4/7Pr9Wv08ECDchi/zeMvl9cxIVX/73p
3rbp3YQAWW/1vWrZswpKsKkcMxbUseb/eDFkMhREmbkUvJ1u7rNHqYAG1nxF+Zbu
Rx2Tke/OE1lUnlJTd69r6VrW6OAli8WZeuo8qFmAEfh/vXcl265M7SdcCzY=
-----END CERTIFICATE-----