Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e371c97-5a9d-48b3-9a69-9ee6e8904529.roa
File:                     3e371c97-5a9d-48b3-9a69-9ee6e8904529.roa (raw, json)
Hash identifier:          lJXgAAm891NMZIPs9l+u2+fprgYLDjksLwPwz5AF25A=
Subject key identifier:   F8:90:D3:FC:8B:78:FF:C7:F3:3D:95:3E:5C:EC:99:D3:53:44:17:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       174D1FB742FC633A60B5F745A78E5597CECF7EBF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e371c97-5a9d-48b3-9a69-9ee6e8904529.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.157.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4d:1f:b7:42:fc:63:3a:60:b5:f7:45:a7:8e:55:97:ce:cf:7e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=66b56a242088ac3a44e0c30f2d420cc08c85cd957470c4b4fc13e6d12c09186f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:e6:66:15:78:c2:dc:8d:64:89:8e:d8:81:
                    8f:dc:8f:0c:70:c5:ac:d8:60:cf:c4:0a:93:a7:3a:
                    b8:7f:00:de:42:1d:90:d8:68:4f:ba:7c:68:3e:e0:
                    15:46:fb:65:d0:d4:9d:a5:b8:85:02:67:97:fd:6d:
                    2f:fc:87:65:a2:30:b6:38:a1:10:44:3e:52:9d:69:
                    4d:8e:1d:ca:24:78:29:a4:ef:9c:cc:59:a2:16:20:
                    36:86:fb:6a:60:4e:d5:8c:5d:e5:50:3a:0b:a6:f4:
                    28:db:c8:0a:a5:dd:e2:ba:1f:4e:27:56:65:ea:e0:
                    64:92:40:8a:5c:5e:8d:71:51:fc:b0:ba:f2:f7:b7:
                    ed:a5:c2:4a:f4:98:b7:49:48:2e:c1:4c:9e:d1:bc:
                    96:e0:77:80:21:09:37:2f:b1:fd:03:ff:0d:83:fd:
                    a1:6a:e7:03:b0:ad:19:33:ae:16:12:42:5c:7d:84:
                    21:ed:20:3b:be:4f:2b:43:a0:f0:34:05:a7:f1:39:
                    b6:25:cd:f5:5f:9b:bf:fb:11:5e:f4:e1:dc:e7:1e:
                    04:b3:bb:55:09:08:78:17:9c:8b:12:92:8d:4a:1f:
                    5e:ad:4a:30:bf:dd:d5:d9:e6:29:78:94:10:4d:0c:
                    4b:f2:b1:51:07:7e:ba:99:04:2b:25:ed:33:7f:eb:
                    f0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:90:D3:FC:8B:78:FF:C7:F3:3D:95:3E:5C:EC:99:D3:53:44:17:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e371c97-5a9d-48b3-9a69-9ee6e8904529.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c6:79:d1:f9:50:00:d2:eb:74:e0:5a:fa:f7:84:c0:e3:50:20:
         f5:11:a3:cc:5e:76:3e:95:a4:92:64:58:92:83:55:c0:30:40:
         fe:de:b5:da:a6:14:79:83:5d:6c:c9:95:2d:dd:42:01:37:34:
         f3:a2:41:bb:f7:d1:94:cb:d0:c2:56:3f:95:55:49:17:2d:21:
         f7:bd:c1:0d:8c:68:0b:fd:5a:0e:21:23:45:69:9c:37:f9:26:
         cc:bb:2b:23:08:72:a2:c9:3d:bd:0e:2c:cc:f3:f9:2f:87:4a:
         5e:dd:a1:93:94:0c:e2:a7:27:9a:43:81:37:db:11:35:bb:76:
         9d:0c:ae:42:f4:21:ca:68:cb:41:54:fe:65:62:ee:c2:92:21:
         9f:ad:1a:ef:88:e5:22:4a:7b:27:d8:4f:5e:e8:d5:65:df:5b:
         40:69:0c:ca:cb:0e:f0:0e:71:34:c7:4c:91:de:d7:d1:e6:7b:
         f3:ae:dc:5c:11:9e:42:ea:8b:b4:93:6a:29:94:d7:46:c2:9a:
         fb:b9:03:f5:aa:9d:42:0b:0d:b8:38:91:20:20:2f:92:7e:70:
         37:1b:4c:0e:0d:e1:8d:2d:b8:9e:d8:4a:c3:c5:9f:30:86:bc:
         12:df:c1:99:bf:96:c1:73:60:4b:38:d6:32:60:1a:08:db:e6:
         5f:2b:bc:5a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF00ft0L8YzpgtfdFp45Vl87Pfr8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NmI1NmEyNDIwODhhYzNhNDRlMGMzMGYyZDQyMGNjMDhj
ODVjZDk1NzQ3MGM0YjRmYzEzZTZkMTJjMDkxODZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXOeZmFXjC3I1kiY7YgY/cjwxwxazYYM/ECpOnOrh/AN5C
HZDYaE+6fGg+4BVG+2XQ1J2luIUCZ5f9bS/8h2WiMLY4oRBEPlKdaU2OHcokeCmk
75zMWaIWIDaG+2pgTtWMXeVQOgum9CjbyAql3eK6H04nVmXq4GSSQIpcXo1xUfyw
uvL3t+2lwkr0mLdJSC7BTJ7RvJbgd4AhCTcvsf0D/w2D/aFq5wOwrRkzrhYSQlx9
hCHtIDu+TytDoPA0BafxObYlzfVfm7/7EV704dznHgSzu1UJCHgXnIsSko1KH16t
SjC/3dXZ5il4lBBNDEvysVEHfrqZBCsl7TN/6/CvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+JDT/It4/8fzPZU+XOyZ01NEF0gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlMzcxYzk3LTVhOWQtNDhiMy05YTY5LTllZTZlODkwNDUyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwConTANBgkqhkiG9w0BAQsFAAOCAQEAxnnR+VAA0ut04Fr694TA41Ag9RGj
zF52PpWkkmRYkoNVwDBA/t612qYUeYNdbMmVLd1CATc086JBu/fRlMvQwlY/lVVJ
Fy0h973BDYxoC/1aDiEjRWmcN/kmzLsrIwhyosk9vQ4szPP5L4dKXt2hk5QM4qcn
mkOBN9sRNbt2nQyuQvQhymjLQVT+ZWLuwpIhn60a74jlIkp7J9hPXujVZd9bQGkM
yssO8A5xNMdMkd7X0eZ7867cXBGeQuqLtJNqKZTXRsKa+7kD9aqdQgsNuDiRICAv
kn5wNxtMDg3hjS24nthKw8WfMIa8Et/Bmb+WwXNgSzjWMmAaCNvmXyu8Wg==
-----END CERTIFICATE-----