Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4581aa7e-3662-4d82-8138-62b3ca3230ac.roa
File:                     4581aa7e-3662-4d82-8138-62b3ca3230ac.roa (raw, json)
Hash identifier:          0R4BntkysA7IUzgkATcwDo1nSIo+FBLt/xg2smXOkvM=
Subject key identifier:   5B:3A:18:63:4D:B7:DC:35:82:DF:A0:6D:28:DA:38:D8:3E:7C:80:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       51220C93FF5AAB89A4010226A2078779497E6C95
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4581aa7e-3662-4d82-8138-62b3ca3230ac.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        31.220.252.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:22:0c:93:ff:5a:ab:89:a4:01:02:26:a2:07:87:79:49:7e:6c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=f484d986b8b5cb588cff91310384296961734675a2cd22d81ceac4ddcb61b413, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1e:40:cf:c4:2f:51:81:3a:3c:ec:de:33:63:
                    45:69:81:bb:94:8a:dc:4b:26:fe:e5:09:a8:06:56:
                    7d:7a:9f:27:ae:de:1e:cc:95:33:8c:3f:59:dc:f3:
                    71:56:6a:aa:c5:53:3c:c4:f7:5e:2a:48:2c:51:69:
                    36:f3:58:ae:ad:39:d6:26:ac:c2:5c:f4:5d:11:2e:
                    41:49:67:e2:76:55:2b:32:00:b5:21:a5:15:f5:64:
                    5b:b6:2b:7a:a1:4e:67:ed:a8:5a:20:1b:f1:9f:58:
                    99:07:95:8a:21:80:fb:8c:77:00:3f:4c:a9:01:f0:
                    a1:14:38:fe:5e:54:5b:7c:f9:92:fb:fd:59:9e:d2:
                    ef:24:7d:be:9a:b5:71:4d:37:8a:27:a1:a4:fd:d0:
                    8b:eb:97:24:e6:36:2f:a1:3e:38:f8:bf:40:07:ff:
                    7b:0c:5a:ae:b8:a3:ff:e0:07:8e:6a:45:79:36:7f:
                    13:c3:1d:41:64:14:97:b8:f5:27:dd:d5:41:0d:6e:
                    4f:1b:44:a6:28:b1:db:8d:e4:9b:8c:f2:41:90:ed:
                    e3:62:34:8b:8b:93:7e:d0:63:34:88:0a:ae:dc:72:
                    5d:7c:3c:7a:6d:cd:86:88:0b:c1:61:be:1e:f5:47:
                    5e:d7:4b:ec:61:78:28:1f:9c:cf:3a:47:66:89:e0:
                    87:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:3A:18:63:4D:B7:DC:35:82:DF:A0:6D:28:DA:38:D8:3E:7C:80:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4581aa7e-3662-4d82-8138-62b3ca3230ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:63:a5:c1:11:af:7d:6d:f2:35:50:3b:8b:5e:1c:41:bb:12:
         3b:dc:1a:e3:e6:58:23:09:58:4d:65:33:da:37:66:46:6b:4d:
         6e:c9:8a:4c:29:0e:52:59:29:2d:cc:61:b8:04:2b:b7:b5:c3:
         8b:81:f9:e5:2a:af:10:28:0e:ac:85:14:a6:ec:d9:b7:aa:08:
         cf:a2:96:0f:26:3d:ab:d8:3f:38:51:20:f6:27:fb:aa:39:28:
         39:5a:c9:b4:45:d6:64:47:33:2f:12:95:f4:98:02:72:33:8b:
         77:0d:18:8f:9a:8c:0d:85:b3:db:f8:9e:c7:a1:0b:9d:a6:ce:
         03:4f:2a:4f:4c:97:01:c2:a6:59:99:db:9e:a7:5f:33:83:52:
         b0:22:90:fa:32:6f:c6:bc:31:76:32:d1:50:4b:94:27:1f:17:
         1d:5f:12:6c:a8:f2:87:15:b5:56:7a:67:f5:4b:19:5f:30:f8:
         a7:fc:b0:25:71:a1:a7:38:77:8d:9f:c3:60:c8:0f:96:fe:48:
         74:f1:dd:6e:76:ad:c4:4a:ec:8f:f4:3f:1f:23:86:76:2a:c3:
         10:fe:cf:6e:82:1a:5e:42:a5:eb:6b:4c:23:ee:af:b9:fd:a6:
         d7:c9:57:c6:7f:05:66:76:2d:40:eb:26:c2:f0:c3:e7:e8:fb:
         84:f1:77:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUSIMk/9aq4mkAQImogeHeUl+bJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDg0ZDk4NmI4YjVjYjU4OGNmZjkxMzEwMzg0Mjk2OTYx
NzM0Njc1YTJjZDIyZDgxY2VhYzRkZGNiNjFiNDEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqHkDPxC9RgTo87N4zY0VpgbuUitxLJv7lCagGVn16nyeu
3h7MlTOMP1nc83FWaqrFUzzE914qSCxRaTbzWK6tOdYmrMJc9F0RLkFJZ+J2VSsy
ALUhpRX1ZFu2K3qhTmftqFogG/GfWJkHlYohgPuMdwA/TKkB8KEUOP5eVFt8+ZL7
/Vme0u8kfb6atXFNN4onoaT90IvrlyTmNi+hPjj4v0AH/3sMWq64o//gB45qRXk2
fxPDHUFkFJe49Sfd1UENbk8bRKYosduN5JuM8kGQ7eNiNIuLk37QYzSICq7ccl18
PHptzYaIC8Fhvh71R17XS+xheCgfnM86R2aJ4IeBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWzoYY0233DWC36BtKNo42D58gKkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1ODFhYTdlLTM2NjItNGQ4Mi04MTM4LTYyYjNjYTMyMzBhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAf3PwwDQYJKoZIhvcNAQELBQADggEBACljpcERr31t8jVQO4teHEG7Ejvc
GuPmWCMJWE1lM9o3ZkZrTW7JikwpDlJZKS3MYbgEK7e1w4uB+eUqrxAoDqyFFKbs
2beqCM+ilg8mPavYPzhRIPYn+6o5KDlaybRF1mRHMy8SlfSYAnIzi3cNGI+ajA2F
s9v4nsehC52mzgNPKk9MlwHCplmZ256nXzODUrAikPoyb8a8MXYy0VBLlCcfFx1f
Emyo8ocVtVZ6Z/VLGV8w+Kf8sCVxoac4d42fw2DID5b+SHTx3W52rcRK7I/0Px8j
hnYqwxD+z26CGl5CpetrTCPur7n9ptfJV8Z/BWZ2LUDrJsLww+fo+4TxdzA=
-----END CERTIFICATE-----