Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/466ddae0-395f-40af-ab59-17db1b6352a7.roa
File:                     466ddae0-395f-40af-ab59-17db1b6352a7.roa (raw, json)
Hash identifier:          eKhdMumTGDtHLQe+S3GccATwwYScsiKTEvVuAFYjzCA=
Subject key identifier:   20:88:37:93:0F:87:2D:60:40:5D:E8:8A:93:62:7C:13:F1:D4:2B:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4308DCFC36A3F4983FFE9AFDC4C14AB757D14041
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/466ddae0-395f-40af-ab59-17db1b6352a7.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        108.175.56.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:08:dc:fc:36:a3:f4:98:3f:fe:9a:fd:c4:c1:4a:b7:57:d1:40:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=86f7b0a03b9d244d1debe892db071914b4b05518354fcc4d95bca68af616d995, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c1:74:66:98:21:a3:75:a9:77:ef:76:a7:cf:
                    b7:6d:56:91:65:d9:0b:15:79:8b:12:75:ad:04:6e:
                    3e:04:28:97:83:34:20:22:21:f6:b0:05:19:4b:69:
                    2c:9b:10:04:24:58:60:6b:91:6c:08:8a:36:4b:1a:
                    a4:01:b7:b9:fa:73:67:e0:33:2e:ae:de:22:3a:91:
                    01:94:9b:6c:28:e3:c5:78:cf:72:32:92:9f:98:c4:
                    0a:fb:0a:8b:16:b9:de:16:76:0c:e6:99:34:97:0d:
                    66:c5:0a:7d:ff:93:11:0b:2c:b4:2c:08:9e:89:2b:
                    aa:50:07:8d:c6:4a:b1:5c:32:97:c2:46:a2:80:ec:
                    88:56:32:a9:29:d8:5d:7c:f0:92:4c:9c:cf:b1:58:
                    48:95:32:98:0c:24:e4:a5:ca:3e:0d:97:1c:4c:41:
                    dd:77:62:d5:cc:3a:1b:fb:cc:34:d1:c1:32:0b:63:
                    fe:2f:ce:66:1a:fc:ba:08:19:72:a8:92:9e:f3:67:
                    d2:63:b2:1d:46:77:80:83:38:cf:9d:89:9d:9f:3e:
                    b4:f8:0b:f8:e7:fe:d7:ee:42:79:ca:a0:97:a3:9e:
                    da:b4:85:79:8a:49:df:6c:b8:7e:e4:de:1d:7e:5f:
                    3c:97:a2:66:9d:cf:c7:b1:65:1d:ca:78:82:83:41:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:88:37:93:0F:87:2D:60:40:5D:E8:8A:93:62:7C:13:F1:D4:2B:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/466ddae0-395f-40af-ab59-17db1b6352a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.175.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:33:66:14:05:1f:23:a5:d3:5d:dc:7c:ab:4e:dd:64:e4:0a:
         a0:e8:fb:cf:f8:e3:be:88:85:bd:ff:24:56:a0:ce:43:76:13:
         f4:56:cb:fc:09:27:d9:b6:fe:9d:10:9e:c2:21:fb:71:dd:3f:
         f5:ec:a1:cc:eb:67:a1:75:9c:09:ec:00:fc:20:00:12:18:44:
         99:da:dc:c9:9f:37:e5:ba:57:b0:31:0c:df:e5:c6:f6:aa:bb:
         85:a5:d6:0d:5f:f0:2a:65:5f:1c:68:ee:16:67:ba:aa:65:55:
         73:04:c2:9b:10:4f:62:f4:14:7f:f0:d3:02:b2:93:bb:4e:ad:
         23:b1:1c:b5:33:b1:95:ec:f4:c3:62:a4:9e:03:18:ef:4f:73:
         40:e6:81:fa:30:01:04:37:b9:89:24:5d:c8:0e:be:58:47:f9:
         fa:bf:2d:44:54:aa:00:93:e0:52:c5:01:91:14:77:76:c6:00:
         d3:ae:9b:51:43:b9:ee:30:61:d6:1a:3b:3a:35:93:0b:bc:7a:
         a6:73:f7:d1:25:87:41:de:b6:9a:44:11:cd:9c:9b:64:0a:eb:
         f8:3d:d2:3f:00:a0:6b:f7:e4:1b:00:0d:4b:17:b7:27:5c:c3:
         70:91:ba:0f:84:2b:a9:ef:81:6b:7b:69:9b:f8:d8:d0:7a:f8:
         08:23:08:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQwjc/Daj9Jg//pr9xMFKt1fRQEEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NmY3YjBhMDNiOWQyNDRkMWRlYmU4OTJkYjA3MTkxNGI0
YjA1NTE4MzU0ZmNjNGQ5NWJjYTY4YWY2MTZkOTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnwXRmmCGjdal373anz7dtVpFl2QsVeYsSda0Ebj4EKJeD
NCAiIfawBRlLaSybEAQkWGBrkWwIijZLGqQBt7n6c2fgMy6u3iI6kQGUm2wo48V4
z3Iykp+YxAr7CosWud4WdgzmmTSXDWbFCn3/kxELLLQsCJ6JK6pQB43GSrFcMpfC
RqKA7IhWMqkp2F188JJMnM+xWEiVMpgMJOSlyj4NlxxMQd13YtXMOhv7zDTRwTIL
Y/4vzmYa/LoIGXKokp7zZ9Jjsh1Gd4CDOM+diZ2fPrT4C/jn/tfuQnnKoJejntq0
hXmKSd9suH7k3h1+XzyXomadz8exZR3KeIKDQc/TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIIg3kw+HLWBAXeiKk2J8E/HUK0MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2NmRkYWUwLTM5NWYtNDBhZi1hYjU5LTE3ZGIxYjYzNTJhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsrzgwDQYJKoZIhvcNAQELBQADggEBACEzZhQFHyOl013cfKtO3WTkCqDo
+8/4476Ihb3/JFagzkN2E/RWy/wJJ9m2/p0QnsIh+3HdP/XsoczrZ6F1nAnsAPwg
ABIYRJna3MmfN+W6V7AxDN/lxvaqu4Wl1g1f8CplXxxo7hZnuqplVXMEwpsQT2L0
FH/w0wKyk7tOrSOxHLUzsZXs9MNipJ4DGO9Pc0DmgfowAQQ3uYkkXcgOvlhH+fq/
LURUqgCT4FLFAZEUd3bGANOum1FDue4wYdYaOzo1kwu8eqZz99Elh0HetppEEc2c
m2QK6/g90j8AoGv35BsADUsXtydcw3CRug+EK6nvgWt7aZv42NB6+AgjCJc=
-----END CERTIFICATE-----