Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/203fa97e-bcf4-49c7-9e30-ad3cb5ce755d.roa
File:                     203fa97e-bcf4-49c7-9e30-ad3cb5ce755d.roa (raw, json)
Hash identifier:          rrw/5Ar97efRhuwtrfDT6QpNQvIBJrCrQJIV9fml05c=
Subject key identifier:   CC:B7:4B:3D:AB:F6:E3:F6:82:00:9C:D8:03:2A:2D:AE:A0:57:81:2C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43614828A176AEBD00F6DDDB9249965B241D97B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/203fa97e-bcf4-49c7-9e30-ad3cb5ce755d.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.132.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:61:48:28:a1:76:ae:bd:00:f6:dd:db:92:49:96:5b:24:1d:97:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=f75d735b47a3971d21e9d6d46602a833f22cf6fd0ef121f82934ab98f8285ece, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d6:ab:58:f8:a3:f2:c1:22:fc:8f:38:f5:a5:
                    44:cc:e8:fd:07:b9:80:76:47:53:96:de:e2:af:63:
                    56:07:d3:2d:0b:55:53:49:67:ad:65:cb:a1:bf:80:
                    8b:76:f2:31:d1:a9:9e:32:6d:c9:b5:79:6e:a0:25:
                    08:c2:c6:5c:15:7c:4b:76:a2:73:99:a0:3a:98:54:
                    2c:1a:0f:26:17:a9:d3:35:99:25:34:38:c4:19:04:
                    d4:c6:6e:a4:ab:0d:59:b9:9a:b3:21:04:ae:9e:80:
                    eb:04:74:da:fb:56:25:0b:7d:f4:46:28:9e:b0:1d:
                    e9:b0:aa:42:c1:05:0e:a8:50:dd:7d:e8:09:50:99:
                    51:45:3f:7c:42:9c:f3:8b:de:7f:f2:ec:b7:e2:ee:
                    7d:de:77:f8:1d:3d:fd:69:27:1a:18:2b:3b:fc:63:
                    c5:2c:83:01:c4:2a:69:1c:74:44:43:cf:da:09:46:
                    b1:0a:2c:17:0c:9b:33:dc:95:43:3f:23:45:43:a4:
                    48:52:61:3f:e0:0b:43:e2:1c:d8:ad:5d:78:67:c5:
                    a8:c0:69:c5:3c:32:9d:8c:dd:bb:99:ec:97:69:da:
                    30:3a:c7:15:3c:4e:7a:46:64:92:aa:fc:f7:15:32:
                    3e:42:01:83:5f:e3:68:ae:f8:64:23:31:d9:49:49:
                    21:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B7:4B:3D:AB:F6:E3:F6:82:00:9C:D8:03:2A:2D:AE:A0:57:81:2C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/203fa97e-bcf4-49c7-9e30-ad3cb5ce755d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c7:7e:2a:1d:15:fc:c5:18:53:bf:ea:61:c3:25:57:ee:38:
         67:b8:00:65:34:c2:23:2f:76:f8:fb:b4:93:32:8d:84:5a:89:
         d2:27:ae:ef:e2:4d:49:61:85:40:ed:ea:12:1a:77:f5:67:21:
         ae:66:76:fd:1d:76:d9:1b:5d:81:1c:ac:86:52:16:20:b0:c3:
         f8:27:b5:fd:cf:f6:ce:1f:1c:cd:45:52:3c:86:cc:70:a5:b8:
         5a:c4:86:03:cd:e6:c9:24:4f:37:c1:2b:37:80:94:81:3b:fc:
         9d:82:68:8d:2b:a3:ca:8c:21:06:4f:79:97:9e:33:32:25:3a:
         2c:30:bc:77:b1:20:43:05:70:51:2e:ce:e4:52:03:cb:df:6a:
         0a:09:54:49:f1:a0:3b:45:6d:d6:25:1a:18:c1:8f:7e:1c:32:
         5e:40:8d:61:0b:d8:a3:a2:55:95:92:b3:9e:a8:c4:55:62:08:
         71:f5:8b:14:c0:b3:d6:ec:2e:18:a8:8e:57:19:8d:c5:51:1b:
         0e:4a:f9:3b:41:f0:83:00:d0:29:33:de:93:0a:4b:e9:83:1f:
         59:0e:d1:5d:09:1b:19:21:57:87:28:00:8e:be:93:f2:a7:49:
         a8:f9:7e:92:e2:92:ba:70:2d:45:f8:fa:5b:5c:1e:d1:5d:0e:
         02:ab:99:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ2FIKKF2rr0A9t3bkkmWWyQdl7AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzVkNzM1YjQ3YTM5NzFkMjFlOWQ2ZDQ2NjAyYTgzM2Yy
MmNmNmZkMGVmMTIxZjgyOTM0YWI5OGY4Mjg1ZWNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz1qtY+KPywSL8jzj1pUTM6P0HuYB2R1OW3uKvY1YH0y0L
VVNJZ61ly6G/gIt28jHRqZ4ybcm1eW6gJQjCxlwVfEt2onOZoDqYVCwaDyYXqdM1
mSU0OMQZBNTGbqSrDVm5mrMhBK6egOsEdNr7ViULffRGKJ6wHemwqkLBBQ6oUN19
6AlQmVFFP3xCnPOL3n/y7Lfi7n3ed/gdPf1pJxoYKzv8Y8UsgwHEKmkcdERDz9oJ
RrEKLBcMmzPclUM/I0VDpEhSYT/gC0PiHNitXXhnxajAacU8Mp2M3buZ7Jdp2jA6
xxU8TnpGZJKq/PcVMj5CAYNf42iu+GQjMdlJSSGfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzLdLPav24/aCAJzYAyotrqBXgSwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwM2ZhOTdlLWJjZjQtNDljNy05ZTMwLWFkM2NiNWNlNzU1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYQwDQYJKoZIhvcNAQELBQADggEBAEbHfiodFfzFGFO/6mHDJVfuOGe4
AGU0wiMvdvj7tJMyjYRaidInru/iTUlhhUDt6hIad/VnIa5mdv0ddtkbXYEcrIZS
FiCww/gntf3P9s4fHM1FUjyGzHCluFrEhgPN5skkTzfBKzeAlIE7/J2CaI0ro8qM
IQZPeZeeMzIlOiwwvHexIEMFcFEuzuRSA8vfagoJVEnxoDtFbdYlGhjBj34cMl5A
jWEL2KOiVZWSs56oxFViCHH1ixTAs9bsLhiojlcZjcVRGw5K+TtB8IMA0Ckz3pMK
S+mDH1kO0V0JGxkhV4coAI6+k/KnSaj5fpLikrpwLUX4+ltcHtFdDgKrmcg=
-----END CERTIFICATE-----