Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3819daa1-d9d8-4229-a37a-3c8fa9024396.roa
File:                     3819daa1-d9d8-4229-a37a-3c8fa9024396.roa (raw, json)
Hash identifier:          xuGjWnZrglNMyeNwFLlNIPt+/jK21DtflPJs33u/L3E=
Subject key identifier:   52:5E:63:39:85:BA:EA:C0:1B:04:E6:3C:55:AC:03:AF:4D:F7:27:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       62C4CEF5741314B7023BDA1402B1E2FC1565D012
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3819daa1-d9d8-4229-a37a-3c8fa9024396.roa
Signing time:             Mon 20 Jan 2025 00:00:00 +0000
ROA not before:           Mon 20 Jan 2025 00:00:00 +0000
ROA not after:            Mon 24 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        144.142.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:c4:ce:f5:74:13:14:b7:02:3b:da:14:02:b1:e2:fc:15:65:d0:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 20 00:00:00 2025 GMT
            Not After : Feb 24 23:59:59 2025 GMT
        Subject: serialNumber=cc18f3b3111d87ba15cfb6012c8ce8b299e6a838a7b467c83be18299e73c34cb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2b:1a:90:1b:f7:44:85:f9:12:b8:c8:2e:e4:
                    5c:40:83:f5:86:0f:a6:00:d5:78:53:7d:81:49:8b:
                    48:03:79:03:be:a9:9d:74:d4:c3:ac:f7:17:c0:36:
                    b3:df:37:14:70:e7:f6:1b:ec:45:1b:b8:73:73:90:
                    27:43:b1:83:55:32:31:91:60:f4:ba:19:0f:fb:43:
                    cb:fe:d5:ac:bd:79:23:56:de:94:8c:11:0b:ef:35:
                    42:23:1e:8f:d3:80:89:7b:d2:93:a9:0f:04:cb:15:
                    41:44:a2:6a:d0:5b:82:10:25:77:2e:e6:66:51:58:
                    33:e7:cc:2f:06:3f:66:04:4e:94:46:9d:4d:ac:97:
                    a2:41:13:88:7a:86:3f:e2:0e:dc:7c:3e:2f:cf:d3:
                    98:b2:a5:eb:dd:e6:ad:f0:fd:bd:6f:fb:60:fe:82:
                    8b:f5:5e:91:0f:fa:de:9b:aa:54:7c:9c:8f:28:5f:
                    53:bf:d1:cf:7c:d4:b3:81:83:35:00:e6:4b:41:18:
                    80:5f:3c:20:ae:58:fb:a0:bf:39:53:37:0c:0f:b3:
                    e6:8c:e0:f8:7b:9a:12:80:bc:21:d6:24:33:f4:63:
                    ca:3a:64:14:39:87:c7:29:4b:74:70:e1:cf:e0:aa:
                    57:b9:ef:9e:ae:e1:a4:11:8f:b4:81:ed:05:6f:05:
                    82:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5E:63:39:85:BA:EA:C0:1B:04:E6:3C:55:AC:03:AF:4D:F7:27:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3819daa1-d9d8-4229-a37a-3c8fa9024396.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.142.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6e:d4:8c:24:18:e6:94:e9:13:4a:b8:f0:a6:0e:39:43:4c:1c:
         60:46:1d:ee:0e:2b:25:01:f7:bc:63:93:7d:3d:27:8a:a5:45:
         98:54:ec:e3:3e:42:40:6d:b4:7b:29:c0:0d:c7:a3:1f:db:dd:
         10:3e:ee:43:7e:42:46:35:05:6c:e2:96:aa:28:39:e4:51:d4:
         2a:e2:f6:ff:cd:a3:bd:47:d6:00:f4:f0:7b:8b:7f:d3:6c:d2:
         5d:f7:da:65:8c:57:d9:ea:7d:12:7f:7d:55:dc:5c:fa:5e:a4:
         66:54:07:aa:44:f5:b0:f9:97:d0:00:ce:f4:d1:cb:0d:ee:1a:
         fa:59:69:73:70:32:ac:9a:52:09:de:7c:ea:2d:00:84:80:79:
         9f:4a:f5:7d:a7:c7:95:1a:92:de:76:a4:7c:13:e3:a5:61:44:
         ee:5a:b3:9b:12:62:e8:05:ee:1a:1a:ba:80:07:e9:3f:f0:61:
         01:fe:05:fa:dc:fc:49:ee:0c:f8:62:02:f9:dd:5e:4c:03:59:
         f8:80:f0:3e:56:f1:6e:b5:83:8c:0b:06:b4:ed:1d:a9:96:d5:
         ad:6a:c9:28:fb:ff:bb:f6:fb:7a:29:4c:1c:92:29:db:0f:ec:
         b2:0e:4b:62:85:18:6b:45:d1:59:e6:34:79:c2:9d:41:f5:8d:
         9c:d7:21:f6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYsTO9XQTFLcCO9oUArHi/BVl0BIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIwMDAwMDAwWhcNMjUwMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzE4ZjNiMzExMWQ4N2JhMTVjZmI2MDEyYzhjZThiMjk5
ZTZhODM4YTdiNDY3YzgzYmUxODI5OWU3M2MzNGNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1KxqQG/dEhfkSuMgu5FxAg/WGD6YA1XhTfYFJi0gDeQO+
qZ101MOs9xfANrPfNxRw5/Yb7EUbuHNzkCdDsYNVMjGRYPS6GQ/7Q8v+1ay9eSNW
3pSMEQvvNUIjHo/TgIl70pOpDwTLFUFEomrQW4IQJXcu5mZRWDPnzC8GP2YETpRG
nU2sl6JBE4h6hj/iDtx8Pi/P05iypevd5q3w/b1v+2D+gov1XpEP+t6bqlR8nI8o
X1O/0c981LOBgzUA5ktBGIBfPCCuWPugvzlTNwwPs+aM4Ph7mhKAvCHWJDP0Y8o6
ZBQ5h8cpS3Rw4c/gqle5756u4aQRj7SB7QVvBYL1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUl5jOYW66sAbBOY8VawDr033J/owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4MTlkYWExLWQ5ZDgtNDIyOS1hMzdhLTNjOGZhOTAyNDM5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCQjjANBgkqhkiG9w0BAQsFAAOCAQEAbtSMJBjmlOkTSrjwpg45Q0wcYEYd
7g4rJQH3vGOTfT0niqVFmFTs4z5CQG20eynADcejH9vdED7uQ35CRjUFbOKWqig5
5FHUKuL2/82jvUfWAPTwe4t/02zSXffaZYxX2ep9En99Vdxc+l6kZlQHqkT1sPmX
0ADO9NHLDe4a+llpc3AyrJpSCd586i0AhIB5n0r1fafHlRqS3nakfBPjpWFE7lqz
mxJi6AXuGhq6gAfpP/BhAf4F+tz8Se4M+GIC+d1eTANZ+IDwPlbxbrWDjAsGtO0d
qZbVrWrJKPv/u/b7eilMHJIp2w/ssg5LYoUYa0XRWeY0ecKdQfWNnNch9g==
-----END CERTIFICATE-----