Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a3aefdd-2281-4c50-a86b-248569ce3189.roa
File:                     2a3aefdd-2281-4c50-a86b-248569ce3189.roa (raw, json)
Hash identifier:          0rhFTirkPeF1CFFXACAQUx/PoAAqPm1iRniptT52yfg=
Subject key identifier:   40:96:71:02:68:D3:0B:52:87:05:12:1C:39:1A:82:5E:5C:30:43:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       05F3EDD890EB33FFDA20AC8CD3236793E8A7DD12
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a3aefdd-2281-4c50-a86b-248569ce3189.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.150.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:f3:ed:d8:90:eb:33:ff:da:20:ac:8c:d3:23:67:93:e8:a7:dd:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=a0657dc244baff0594282216597c615e43d1b68f0567f5a806dd7c0e8b3e581c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:79:58:0e:22:9d:d1:06:2d:4b:29:f5:bf:fc:
                    8f:37:d9:6b:a8:1c:16:16:bb:e6:e6:6a:59:b0:95:
                    3d:47:15:74:3f:bf:c1:2b:ff:3c:63:18:d4:63:56:
                    a6:78:16:c5:32:f9:43:0d:be:8f:3f:58:e5:bf:e5:
                    c8:50:42:bb:73:38:30:5d:26:28:60:5c:bd:10:19:
                    7d:54:f6:28:97:6d:b9:ce:c1:ae:c5:c2:06:28:8e:
                    da:e6:75:45:94:aa:9e:4e:29:08:53:c3:1b:65:0d:
                    d9:df:85:2e:dd:ae:31:69:80:aa:4a:63:f5:fd:e0:
                    99:49:98:ed:65:7e:cb:de:64:4d:e5:de:8f:26:39:
                    6d:7f:cd:3c:35:e2:ec:b8:91:df:98:d6:d3:fa:9d:
                    7a:c8:4e:c9:b1:d6:16:e2:f7:77:b6:d3:c7:ce:17:
                    cf:3b:45:9b:f1:3c:e0:8f:ad:fd:c6:da:2a:34:6b:
                    94:a7:6a:af:97:32:c3:da:f5:61:bb:fb:8d:f1:64:
                    c2:a4:21:d2:2e:d9:c6:08:b4:51:4b:8a:fe:47:7a:
                    c1:c0:5a:c5:8b:ad:44:a8:e5:9a:0b:0e:c2:a4:5e:
                    57:89:8e:55:6f:46:7a:12:ba:5a:c8:7f:66:a9:3c:
                    00:b6:99:eb:49:43:b4:c0:81:e5:6c:99:c7:53:30:
                    52:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:96:71:02:68:D3:0B:52:87:05:12:1C:39:1A:82:5E:5C:30:43:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a3aefdd-2281-4c50-a86b-248569ce3189.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c1:7f:a9:d8:26:a5:52:bb:3d:28:24:10:66:80:af:6e:05:0f:
         1d:f3:cb:2a:2b:36:c7:d4:f1:4d:06:fa:86:78:42:1a:67:f4:
         fe:c4:f5:f7:66:33:d1:5c:63:17:a7:d6:b1:af:e1:9e:0b:94:
         b2:c2:02:69:d1:10:86:3f:a6:0b:4f:45:e1:8a:97:12:3a:4c:
         7a:09:cd:f7:19:f7:09:82:a8:f0:bf:b7:91:78:d9:40:2e:2a:
         95:88:7f:dc:0a:37:24:38:64:07:12:a4:e1:b6:af:ba:29:bd:
         96:e2:fb:45:da:6e:bd:77:36:0c:8d:b6:4b:02:b8:58:9f:ce:
         c2:7f:89:8b:58:c4:71:56:a7:48:40:e2:4b:de:d5:e4:c9:c4:
         af:8a:20:f5:f2:05:03:53:de:9a:99:a4:5c:af:47:37:fc:73:
         6f:07:d6:2f:87:53:d7:06:c5:b2:f9:b3:9a:76:77:98:6e:81:
         de:58:a7:57:de:b4:d1:47:1d:03:58:8b:b9:79:c8:b5:90:e2:
         1c:a7:33:36:29:97:4e:6e:66:92:b5:eb:a2:0e:6c:4c:7d:b8:
         0d:66:32:db:66:ca:ed:4a:db:3f:06:be:78:69:85:5b:13:3d:
         77:a6:e1:72:d1:38:fc:c8:3f:0d:08:89:ad:68:7a:ff:bc:1c:
         2b:8d:6e:f7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBfPt2JDrM//aIKyM0yNnk+in3RIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDY1N2RjMjQ0YmFmZjA1OTQyODIyMTY1OTdjNjE1ZTQz
ZDFiNjhmMDU2N2Y1YTgwNmRkN2MwZThiM2U1ODFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXeVgOIp3RBi1LKfW//I832WuoHBYWu+bmalmwlT1HFXQ/
v8Er/zxjGNRjVqZ4FsUy+UMNvo8/WOW/5chQQrtzODBdJihgXL0QGX1U9iiXbbnO
wa7FwgYojtrmdUWUqp5OKQhTwxtlDdnfhS7drjFpgKpKY/X94JlJmO1lfsveZE3l
3o8mOW1/zTw14uy4kd+Y1tP6nXrITsmx1hbi93e208fOF887RZvxPOCPrf3G2io0
a5Snaq+XMsPa9WG7+43xZMKkIdIu2cYItFFLiv5HesHAWsWLrUSo5ZoLDsKkXleJ
jlVvRnoSulrIf2apPAC2metJQ7TAgeVsmcdTMFKLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQJZxAmjTC1KHBRIcORqCXlwwQwEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhM2FlZmRkLTIyODEtNGM1MC1hODZiLTI0ODU2OWNlMzE4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBIljANBgkqhkiG9w0BAQsFAAOCAQEAwX+p2CalUrs9KCQQZoCvbgUPHfPL
Kis2x9TxTQb6hnhCGmf0/sT192Yz0VxjF6fWsa/hnguUssICadEQhj+mC09F4YqX
EjpMegnN9xn3CYKo8L+3kXjZQC4qlYh/3Ao3JDhkBxKk4bavuim9luL7RdpuvXc2
DI22SwK4WJ/Own+Ji1jEcVanSEDiS97V5MnEr4og9fIFA1PempmkXK9HN/xzbwfW
L4dT1wbFsvmzmnZ3mG6B3linV9600UcdA1iLuXnItZDiHKczNimXTm5mkrXrog5s
TH24DWYy22bK7UrbPwa+eGmFWxM9d6bhctE4/Mg/DQiJrWh6/7wcK41u9w==
-----END CERTIFICATE-----