Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44d84e76-eaa5-443c-a974-424c96b51ff4.roa
File:                     44d84e76-eaa5-443c-a974-424c96b51ff4.roa (raw, json)
Hash identifier:          Mh2zqmyXNy1myUk8gUNUZ+VAvvg/cY29is5/f+Q4DpA=
Subject key identifier:   4D:36:FC:E9:87:8E:4F:61:0B:2D:59:C0:9C:C6:0B:7E:1D:65:85:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       211D65CB3499565EAF2F6CF0E444AF82D458262D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44d84e76-eaa5-443c-a974-424c96b51ff4.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     19047
IP address blocks:        70.130.193.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:1d:65:cb:34:99:56:5e:af:2f:6c:f0:e4:44:af:82:d4:58:26:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=abd811c9eb9eb6c6626a43932354f5048d953a370d6de09761bbc4093cb0f229, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d3:48:6f:4d:e5:e6:2c:28:a1:73:75:6f:2c:
                    a1:cb:cc:f0:24:f1:69:bd:5e:a5:5a:3c:c7:18:2c:
                    a7:29:42:59:53:ec:b4:05:7a:bb:f4:d6:a3:cb:a9:
                    72:2a:21:91:ff:0b:75:eb:6b:79:e2:52:4b:59:8f:
                    69:2a:03:59:8c:72:91:20:a0:47:60:c7:89:0d:9b:
                    cb:d9:47:79:00:77:81:f5:0a:1d:3e:87:70:89:dc:
                    13:ed:0b:70:75:71:5e:92:85:aa:1f:9b:d6:48:bf:
                    ee:72:69:68:f4:a0:19:e2:d5:0a:5c:39:87:60:a5:
                    be:10:18:26:a2:f8:f8:7b:23:8f:82:75:3c:f9:ca:
                    69:4e:a6:49:a9:de:eb:72:5c:78:fc:a8:f2:75:cb:
                    6f:01:1a:69:0d:70:1e:29:1e:8b:49:69:ed:bf:b5:
                    50:91:21:4e:da:54:ef:0c:0c:ad:67:39:f0:f8:ca:
                    8e:70:f3:d6:20:07:19:53:df:82:08:ee:16:fd:51:
                    fa:3e:3b:08:11:85:e9:d0:8c:3e:ce:fd:d6:f1:1b:
                    12:a2:d5:3f:e6:32:3a:ef:8e:08:a0:39:90:2c:c0:
                    01:3a:87:f7:59:1b:0f:ed:b1:df:00:91:99:ff:e8:
                    05:27:e7:1f:5c:4c:ac:45:3e:91:ce:a9:af:26:94:
                    4f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:36:FC:E9:87:8E:4F:61:0B:2D:59:C0:9C:C6:0B:7E:1D:65:85:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44d84e76-eaa5-443c-a974-424c96b51ff4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.130.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:76:23:b2:24:d2:b6:ce:bc:3c:29:9a:3f:e1:ef:5d:a0:bd:
         13:bc:93:af:f6:57:bc:8b:37:5f:14:99:2b:2f:f2:eb:b4:8d:
         f9:d1:77:6e:fe:02:4c:3e:61:e1:09:09:89:2f:a3:32:32:39:
         3c:41:21:ef:90:2d:b4:e1:71:e9:08:de:f2:15:3f:c0:f8:8f:
         27:1f:5d:e2:95:87:f9:5f:f0:15:37:42:e7:07:27:0d:1a:34:
         cd:df:3b:cd:a2:3f:b4:9f:4b:89:4e:c2:64:61:f1:3d:73:1e:
         e6:7c:89:94:f7:a1:87:d9:24:80:0e:9f:ff:7b:27:04:3b:e0:
         24:38:96:4a:e2:cf:15:78:00:42:d8:65:a5:96:bd:8d:c8:54:
         04:5e:65:ea:43:48:b5:06:03:7f:0d:28:14:93:99:4a:89:55:
         a1:38:cc:38:1a:0c:91:17:1b:9d:1d:e6:23:4e:33:4e:b8:01:
         86:9a:31:de:49:20:ec:9c:14:9b:c0:e9:1e:92:31:a8:8b:cd:
         7f:36:ab:90:8e:64:dc:93:c1:d7:6d:12:fe:6c:18:0d:ea:44:
         f4:dc:13:72:d5:bb:5f:95:74:fa:96:84:85:56:82:a1:f0:ce:
         53:a5:1f:8e:10:21:75:a8:b6:08:92:3f:18:4f:eb:cc:58:9e:
         33:98:f8:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIR1lyzSZVl6vL2zw5ESvgtRYJi0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYmQ4MTFjOWViOWViNmM2NjI2YTQzOTMyMzU0ZjUwNDhk
OTUzYTM3MGQ2ZGUwOTc2MWJiYzQwOTNjYjBmMjI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCG00hvTeXmLCihc3VvLKHLzPAk8Wm9XqVaPMcYLKcpQllT
7LQFerv01qPLqXIqIZH/C3Xra3niUktZj2kqA1mMcpEgoEdgx4kNm8vZR3kAd4H1
Ch0+h3CJ3BPtC3B1cV6Shaofm9ZIv+5yaWj0oBni1QpcOYdgpb4QGCai+Ph7I4+C
dTz5ymlOpkmp3utyXHj8qPJ1y28BGmkNcB4pHotJae2/tVCRIU7aVO8MDK1nOfD4
yo5w89YgBxlT34II7hb9Ufo+OwgRhenQjD7O/dbxGxKi1T/mMjrvjgigOZAswAE6
h/dZGw/tsd8AkZn/6AUn5x9cTKxFPpHOqa8mlE/1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTTb86YeOT2ELLVnAnMYLfh1lheYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ0ZDg0ZTc2LWVhYTUtNDQzYy1hOTc0LTQyNGM5NmI1MWZmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGgsEwDQYJKoZIhvcNAQELBQADggEBACx2I7Ik0rbOvDwpmj/h712gvRO8
k6/2V7yLN18UmSsv8uu0jfnRd27+Akw+YeEJCYkvozIyOTxBIe+QLbThcekI3vIV
P8D4jycfXeKVh/lf8BU3QucHJw0aNM3fO82iP7SfS4lOwmRh8T1zHuZ8iZT3oYfZ
JIAOn/97JwQ74CQ4lkrizxV4AELYZaWWvY3IVAReZepDSLUGA38NKBSTmUqJVaE4
zDgaDJEXG50d5iNOM064AYaaMd5JIOycFJvA6R6SMaiLzX82q5COZNyTwddtEv5s
GA3qRPTcE3LVu1+VdPqWhIVWgqHwzlOlH44QIXWotgiSPxhP68xYnjOY+GA=
-----END CERTIFICATE-----