Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a21eb4c-cfd4-4ad0-9e47-448a89527d0b.roa
File:                     2a21eb4c-cfd4-4ad0-9e47-448a89527d0b.roa (raw, json)
Hash identifier:          cEgZx+Iy9FfAaT1CAQaGzkk89tJd/qdoZraLEIpjmZg=
Subject key identifier:   92:88:E3:61:BF:F8:3C:9B:CF:09:E3:D0:46:53:61:D1:DE:E7:ED:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       513EE3050A1C213FD2909A49C77EC246951F07A4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a21eb4c-cfd4-4ad0-9e47-448a89527d0b.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.81.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:3e:e3:05:0a:1c:21:3f:d2:90:9a:49:c7:7e:c2:46:95:1f:07:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=25182772a0d33ff3db0a5b5c77402b0917f74364ab028bca858beebfb629775f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f9:12:fc:58:81:b6:f7:27:e7:70:d3:49:fd:
                    7c:d0:63:f3:70:95:c6:2b:e4:96:2c:0b:3a:f7:a9:
                    e5:0c:67:d0:6b:9f:c3:12:9a:98:5c:b3:ee:8c:11:
                    b0:dd:e9:37:65:75:55:5b:3f:66:7f:d0:b3:60:c8:
                    58:7e:c3:af:90:9e:6c:c7:12:b8:f5:3d:13:fb:f0:
                    a2:d1:84:a9:a5:5b:84:5b:a4:27:8b:6c:c3:df:f7:
                    14:9d:94:4b:5c:53:f2:a1:c4:db:93:23:6a:89:7e:
                    3f:19:97:43:2b:26:ae:e6:d2:cd:73:46:7a:64:45:
                    71:58:7f:42:86:20:da:7a:0b:de:b1:9c:0f:18:00:
                    05:2d:46:de:3e:c9:91:7d:62:e1:f3:40:2f:cc:1f:
                    13:ab:c9:33:e2:d7:8b:1e:8b:a6:a2:cd:af:c1:10:
                    16:36:6c:b8:9c:76:27:93:ca:90:db:3c:05:16:a2:
                    44:62:4d:20:cf:12:ba:06:65:fa:6d:c6:12:66:6c:
                    55:1a:a8:09:80:66:64:2f:31:a7:7c:74:c7:e4:db:
                    05:9c:9d:b1:19:a4:42:64:58:76:9d:f9:36:8d:61:
                    55:72:d3:83:a1:1b:74:bc:57:14:dd:a5:7d:cd:80:
                    80:1d:22:f6:5c:e3:5b:d9:77:17:01:44:b6:67:ca:
                    69:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:88:E3:61:BF:F8:3C:9B:CF:09:E3:D0:46:53:61:D1:DE:E7:ED:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a21eb4c-cfd4-4ad0-9e47-448a89527d0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         93:84:85:e8:57:a1:4c:19:8f:00:f2:16:0a:48:b0:6f:99:21:
         29:9b:ac:76:61:3e:66:dc:83:26:97:ae:4e:1a:1d:2f:32:4b:
         95:d6:f8:50:82:3d:7a:22:21:a2:05:84:0e:bf:3a:bc:b3:85:
         37:d8:80:78:cf:a3:59:99:9c:4a:60:ba:88:54:73:f5:07:18:
         f2:b6:43:36:a5:42:ed:84:db:84:b5:98:66:d3:e0:52:be:d1:
         48:8f:93:9f:06:e9:cf:6e:0c:d2:4f:18:39:36:e7:dc:84:e2:
         49:e8:2f:80:5b:d8:79:d2:01:ee:5f:a0:bf:de:c7:de:88:a8:
         12:60:40:0c:2e:11:e5:23:d8:22:91:de:2d:5e:89:4a:14:64:
         a9:07:a5:fe:c4:6d:19:8e:70:b4:3f:e6:3d:c4:1e:57:35:30:
         be:3f:d7:8d:19:7f:50:77:0d:2d:4f:ca:ad:77:13:fa:1b:0f:
         9d:2d:7c:59:6e:ec:f2:9f:79:ca:16:e9:05:83:0c:ae:e7:f0:
         a2:ce:84:1d:2e:94:5a:bf:ff:d2:eb:9d:9a:15:12:67:17:bc:
         2d:3c:ba:21:99:54:6e:e1:12:f8:8f:8b:0d:b6:da:95:3e:c4:
         d9:3b:d3:66:94:5d:7e:89:ec:0b:8f:59:fd:07:16:6f:fe:8e:
         e2:fe:75:51
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUT7jBQocIT/SkJpJx37CRpUfB6QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTE4Mjc3MmEwZDMzZmYzZGIwYTViNWM3NzQwMmIwOTE3
Zjc0MzY0YWIwMjhiY2E4NThiZWViZmI2Mjk3NzVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv+RL8WIG29yfncNNJ/XzQY/NwlcYr5JYsCzr3qeUMZ9Br
n8MSmphcs+6MEbDd6TdldVVbP2Z/0LNgyFh+w6+QnmzHErj1PRP78KLRhKmlW4Rb
pCeLbMPf9xSdlEtcU/KhxNuTI2qJfj8Zl0MrJq7m0s1zRnpkRXFYf0KGINp6C96x
nA8YAAUtRt4+yZF9YuHzQC/MHxOryTPi14sei6aiza/BEBY2bLicdieTypDbPAUW
okRiTSDPEroGZfptxhJmbFUaqAmAZmQvMad8dMfk2wWcnbEZpEJkWHad+TaNYVVy
04OhG3S8VxTdpX3NgIAdIvZc41vZdxcBRLZnymn/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkojjYb/4PJvPCePQRlNh0d7n7eQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhMjFlYjRjLWNmZDQtNGFkMC05ZTQ3LTQ0OGE4OTUyN2QwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCAUTANBgkqhkiG9w0BAQsFAAOCAQEAk4SF6FehTBmPAPIWCkiwb5khKZus
dmE+ZtyDJpeuThodLzJLldb4UII9eiIhogWEDr86vLOFN9iAeM+jWZmcSmC6iFRz
9QcY8rZDNqVC7YTbhLWYZtPgUr7RSI+Tnwbpz24M0k8YOTbn3ITiSegvgFvYedIB
7l+gv97H3oioEmBADC4R5SPYIpHeLV6JShRkqQel/sRtGY5wtD/mPcQeVzUwvj/X
jRl/UHcNLU/KrXcT+hsPnS18WW7s8p95yhbpBYMMrufwos6EHS6UWr//0uudmhUS
Zxe8LTy6IZlUbuES+I+LDbbalT7E2TvTZpRdfonsC49Z/QcWb/6O4v51UQ==
-----END CERTIFICATE-----