Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3502ded7-8573-4e30-982c-2061d52b11ee.roa
File:                     3502ded7-8573-4e30-982c-2061d52b11ee.roa (raw, json)
Hash identifier:          oWbJYqcphN77rt/RrtETdEWMsdw836L2O6ucKkyE/p0=
Subject key identifier:   3E:87:16:9A:05:22:70:19:EE:BC:91:86:BA:0E:09:F8:41:3C:C8:22
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A4F46C1FA6A1BE0AEFDCE2A9A8134FF222D5789
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3502ded7-8573-4e30-982c-2061d52b11ee.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        174.129.44.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:4f:46:c1:fa:6a:1b:e0:ae:fd:ce:2a:9a:81:34:ff:22:2d:57:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=9ccd138cf590c32da9d105e3ebba0793e211a93f7095842bb45acde728f6c078, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e2:f1:18:db:97:7d:d3:90:b9:d0:89:13:bc:
                    20:ab:4b:b1:0b:83:ac:42:42:06:0d:e2:73:f7:46:
                    85:01:ac:28:70:40:41:cf:4a:e1:b0:a4:60:18:7a:
                    c2:a5:bd:24:37:75:9a:91:af:ed:e5:66:5c:9e:4a:
                    2f:f5:9a:18:6a:66:88:31:ca:d9:60:e3:f0:d1:9c:
                    f2:12:f5:2b:4a:26:19:f0:68:34:d7:f8:78:93:6d:
                    5a:be:d3:97:f9:81:19:03:7f:d0:3e:29:21:ed:62:
                    ae:66:7b:1f:ab:13:84:a4:29:4d:90:dc:4a:17:fe:
                    e0:80:79:4f:e6:de:3b:d8:1b:4c:fb:1f:c7:3b:2c:
                    37:da:19:3f:11:e0:7f:1f:52:1e:04:a7:fe:dc:f6:
                    b6:15:65:53:cc:2d:ca:83:f9:68:43:62:0b:f1:4b:
                    c3:cf:ed:3a:75:64:c2:b9:3f:e6:b6:5b:7b:01:a6:
                    d8:9d:4d:2f:38:83:f7:a8:d6:b8:91:38:2d:d4:11:
                    d0:9e:f2:11:bb:a0:ff:ba:b7:5b:2f:28:92:c5:38:
                    56:f7:98:b4:03:fd:35:d6:34:aa:d3:2a:fb:47:d3:
                    47:66:2a:e7:86:33:8b:47:b9:e8:23:36:c1:7c:0e:
                    c7:7a:f3:03:86:33:ef:38:40:f2:6e:16:41:c6:18:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:87:16:9A:05:22:70:19:EE:BC:91:86:BA:0E:09:F8:41:3C:C8:22
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3502ded7-8573-4e30-982c-2061d52b11ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:da:b0:af:12:67:31:61:c8:c6:5f:b3:68:1b:82:4a:6d:50:
         6e:c8:d4:c3:14:c1:5c:b8:91:a7:8a:8c:04:c7:47:33:09:02:
         be:19:27:95:cf:a2:99:47:23:47:03:02:73:79:5e:e3:94:f4:
         39:24:bf:26:4e:d7:84:48:69:db:f7:c8:f6:9c:5e:cf:eb:ae:
         59:2a:8d:fd:dd:74:03:a1:04:c6:53:cd:76:60:9f:4b:a8:0e:
         25:5a:39:b4:a8:19:c6:81:87:c4:4f:47:6b:66:a3:79:f5:05:
         46:5c:c5:25:01:53:29:51:42:65:65:38:69:ff:64:75:a6:4d:
         24:c7:71:b9:da:86:ab:88:a7:b5:45:36:89:15:93:f0:dd:e2:
         41:88:5b:d3:fe:72:d3:c9:d1:ad:91:e5:20:98:53:91:4f:58:
         5c:b8:24:0a:ba:c2:b2:7f:a7:de:1c:c3:68:b2:81:9e:a3:b8:
         b1:91:67:ae:c1:58:26:3d:e1:7b:67:ce:e2:ef:a0:ac:2a:26:
         bf:e8:81:ed:fc:13:05:ba:d0:94:80:ed:6e:69:5b:13:a2:96:
         19:ef:c2:c5:a1:6c:16:f6:f2:8d:b5:94:f9:07:d6:af:10:f0:
         0e:94:7e:86:12:51:cf:d1:ae:a1:c1:35:28:f8:e0:d4:02:8f:
         bd:08:25:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUek9GwfpqG+Cu/c4qmoE0/yItV4kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2NkMTM4Y2Y1OTBjMzJkYTlkMTA1ZTNlYmJhMDc5M2Uy
MTFhOTNmNzA5NTg0MmJiNDVhY2RlNzI4ZjZjMDc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDL4vEY25d905C50IkTvCCrS7ELg6xCQgYN4nP3RoUBrChw
QEHPSuGwpGAYesKlvSQ3dZqRr+3lZlyeSi/1mhhqZogxytlg4/DRnPIS9StKJhnw
aDTX+HiTbVq+05f5gRkDf9A+KSHtYq5mex+rE4SkKU2Q3EoX/uCAeU/m3jvYG0z7
H8c7LDfaGT8R4H8fUh4Ep/7c9rYVZVPMLcqD+WhDYgvxS8PP7Tp1ZMK5P+a2W3sB
ptidTS84g/eo1riROC3UEdCe8hG7oP+6t1svKJLFOFb3mLQD/TXWNKrTKvtH00dm
KueGM4tHuegjNsF8Dsd68wOGM+84QPJuFkHGGPCpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPocWmgUicBnuvJGGug4J+EE8yCIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1MDJkZWQ3LTg1NzMtNGUzMC05ODJjLTIwNjFkNTJiMTFlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKugSwwDQYJKoZIhvcNAQELBQADggEBAMfasK8SZzFhyMZfs2gbgkptUG7I
1MMUwVy4kaeKjATHRzMJAr4ZJ5XPoplHI0cDAnN5XuOU9DkkvyZO14RIadv3yPac
Xs/rrlkqjf3ddAOhBMZTzXZgn0uoDiVaObSoGcaBh8RPR2tmo3n1BUZcxSUBUylR
QmVlOGn/ZHWmTSTHcbnahquIp7VFNokVk/Dd4kGIW9P+ctPJ0a2R5SCYU5FPWFy4
JAq6wrJ/p94cw2iygZ6juLGRZ67BWCY94XtnzuLvoKwqJr/oge38EwW60JSA7W5p
WxOilhnvwsWhbBb28o21lPkH1q8Q8A6UfoYSUc/RrqHBNSj44NQCj70IJbg=
-----END CERTIFICATE-----