Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/334bc486-65fe-46fa-a302-04508210ecdb.roa
File:                     334bc486-65fe-46fa-a302-04508210ecdb.roa (raw, json)
Hash identifier:          QTyDqKuQaN6/ME0/ttKdVTJzJvXtcsutyXuNP3Azc0c=
Subject key identifier:   85:57:9E:93:8A:5F:04:B0:6E:99:82:50:3F:30:B6:B2:BA:3D:8C:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       A6DEED64E4F0A74B027613E571453860050780
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/334bc486-65fe-46fa-a302-04508210ecdb.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.157.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a6:de:ed:64:e4:f0:a7:4b:02:76:13:e5:71:45:38:60:05:07:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=f9443d73e8d1d1ef49dd943c79a4b51dceb357a1249b5f92e5a41b6d4079136c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:97:11:a6:48:35:08:82:ac:c3:db:4c:1f:d0:
                    42:ba:bf:3b:db:87:56:42:7f:ba:05:06:dd:b9:7e:
                    58:b5:5b:1d:6b:c7:68:6c:82:aa:d1:34:59:0e:42:
                    2a:22:30:35:8b:7d:4f:8d:c5:17:b2:58:80:5f:98:
                    8d:5d:bc:a7:ff:a6:1d:0e:4e:20:df:25:e6:c1:c5:
                    5f:38:e5:52:7c:a6:17:32:69:00:a8:d6:c8:21:07:
                    db:5a:35:c2:9e:69:33:16:29:f4:dd:2c:0b:5d:6d:
                    5d:38:44:1c:de:71:98:9f:ea:26:f1:1a:2c:04:55:
                    75:36:f3:eb:3c:6b:0e:5e:34:34:03:4a:0a:36:0b:
                    11:45:6d:84:dd:23:33:92:6c:dc:aa:78:32:65:01:
                    1c:1c:69:82:48:a2:f9:05:49:b5:9b:c8:70:5a:b3:
                    36:93:5b:ff:a7:4a:09:b1:c5:5a:d4:03:33:b3:0a:
                    61:3d:f9:7f:ed:bf:2d:20:3d:4c:4f:6d:e3:2b:cf:
                    82:4a:4a:90:46:9e:0c:c5:44:b0:47:c5:4e:80:27:
                    55:3d:19:a5:09:2b:82:f5:d5:dc:15:09:d8:35:b4:
                    3e:aa:d2:99:66:57:d0:0a:b3:16:ab:11:df:32:9b:
                    a2:45:0a:5a:ae:58:1b:18:4d:c2:4f:1e:1e:4c:ac:
                    17:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:57:9E:93:8A:5F:04:B0:6E:99:82:50:3F:30:B6:B2:BA:3D:8C:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/334bc486-65fe-46fa-a302-04508210ecdb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:c9:09:4f:e9:01:71:41:d2:44:1d:a1:84:f2:e8:a6:d5:68:
         a1:0e:6b:68:0f:c6:cf:92:9e:ca:46:e0:b5:57:b0:67:75:36:
         bd:9c:da:40:00:21:a6:b4:2d:71:fc:17:81:0a:c4:35:38:83:
         1b:f0:68:92:17:4d:97:b2:e2:21:a4:f0:84:58:ae:ac:3d:26:
         79:a4:6d:44:b4:71:c6:2a:7b:90:76:80:bb:31:16:0b:d0:40:
         00:2f:0e:77:41:8d:ff:92:70:34:08:ec:4b:41:e7:03:dc:a1:
         e5:0b:a6:17:5d:02:2a:5c:dc:73:e9:ef:b7:e7:4b:0d:2e:ed:
         ef:03:04:1c:44:63:4c:3b:a2:e6:e1:a3:e7:b7:95:7e:7c:7e:
         04:43:14:17:81:32:2a:78:71:df:dd:34:60:7b:8a:32:14:b0:
         bc:29:f8:61:e9:60:b2:92:1e:6a:97:99:cc:e5:fa:95:6f:04:
         15:37:82:26:c3:3b:89:77:7d:0a:78:82:17:7c:ae:44:76:93:
         c1:55:8a:0e:c5:80:36:87:00:67:a2:f2:ee:b3:d7:f1:90:21:
         06:d3:a6:62:39:34:7e:2e:37:dd:a4:bb:ab:94:07:97:79:97:
         07:3d:53:d9:2a:79:8a:f5:68:7e:8f:e4:d8:49:29:e5:67:95:
         3c:2e:5c:0e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAKbe7WTk8KdLAnYT5XFFOGAFB4AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTQ0M2Q3M2U4ZDFkMWVmNDlkZDk0M2M3OWE0YjUxZGNl
YjM1N2ExMjQ5YjVmOTJlNWE0MWI2ZDQwNzkxMzZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCslxGmSDUIgqzD20wf0EK6vzvbh1ZCf7oFBt25fli1Wx1r
x2hsgqrRNFkOQioiMDWLfU+NxReyWIBfmI1dvKf/ph0OTiDfJebBxV845VJ8phcy
aQCo1sghB9taNcKeaTMWKfTdLAtdbV04RBzecZif6ibxGiwEVXU28+s8aw5eNDQD
Sgo2CxFFbYTdIzOSbNyqeDJlARwcaYJIovkFSbWbyHBaszaTW/+nSgmxxVrUAzOz
CmE9+X/tvy0gPUxPbeMrz4JKSpBGngzFRLBHxU6AJ1U9GaUJK4L11dwVCdg1tD6q
0plmV9AKsxarEd8ym6JFClquWBsYTcJPHh5MrBfPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhVeek4pfBLBumYJQPzC2sro9jHMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzNGJjNDg2LTY1ZmUtNDZmYS1hMzAyLTA0NTA4MjEwZWNkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCfnTANBgkqhkiG9w0BAQsFAAOCAQEAGckJT+kBcUHSRB2hhPLoptVooQ5r
aA/Gz5KeykbgtVewZ3U2vZzaQAAhprQtcfwXgQrENTiDG/BokhdNl7LiIaTwhFiu
rD0meaRtRLRxxip7kHaAuzEWC9BAAC8Od0GN/5JwNAjsS0HnA9yh5QumF10CKlzc
c+nvt+dLDS7t7wMEHERjTDui5uGj57eVfnx+BEMUF4EyKnhx3900YHuKMhSwvCn4
YelgspIeapeZzOX6lW8EFTeCJsM7iXd9CniCF3yuRHaTwVWKDsWANocAZ6Ly7rPX
8ZAhBtOmYjk0fi433aS7q5QHl3mXBz1T2Sp5ivVofo/k2Ekp5WeVPC5cDg==
-----END CERTIFICATE-----