Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48bc02e1-4d2b-4854-9155-d218e2fe0e20.roa
File:                     48bc02e1-4d2b-4854-9155-d218e2fe0e20.roa (raw, json)
Hash identifier:          Y3FwbaHoz0Y1IYUh97XcdY7t3dA1OcjsQvnJsUnLpjs=
Subject key identifier:   8D:75:A3:25:51:B8:A0:95:FD:96:6D:E9:61:FE:F3:BE:CB:BE:00:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09146F4DEA588DBA0ED89BD4AB8CC9D9A07F71E4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48bc02e1-4d2b-4854-9155-d218e2fe0e20.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.159.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:14:6f:4d:ea:58:8d:ba:0e:d8:9b:d4:ab:8c:c9:d9:a0:7f:71:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=88fb2e06420d04fb564059139905458b72d7db5ed82f3b66933148e8f1714326, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c3:a8:b0:0b:fc:22:c6:df:40:6e:79:46:33:
                    3a:a7:00:cd:36:c6:3b:43:b0:f4:ed:97:12:96:5c:
                    ce:10:6c:b4:53:5d:cd:47:9d:78:7b:65:70:d3:7c:
                    8b:c5:d7:0b:51:e7:b0:51:e2:a6:f8:87:93:1d:25:
                    e9:1c:10:53:74:6e:82:b9:37:55:f1:d7:29:f3:0b:
                    ff:99:5f:0f:21:e6:62:0d:3b:1a:3d:de:bd:69:25:
                    38:75:ae:8a:d6:5d:89:f8:ce:48:ed:e1:13:55:81:
                    4e:59:74:3e:e0:5a:e8:b8:e8:ad:c2:46:2a:9c:8b:
                    ae:ba:92:5e:9a:5f:86:ba:31:e8:6c:43:fd:28:8b:
                    9a:d5:dc:2b:80:fb:bc:2c:13:a5:dc:4d:8f:76:42:
                    90:4d:e8:e6:dc:8d:b1:a1:87:0d:1e:78:15:3e:2e:
                    29:05:2d:37:7d:ac:92:8f:e5:ec:c1:31:62:fb:83:
                    45:43:35:c7:74:80:9d:ee:d3:18:ba:7d:5c:fd:44:
                    4f:e3:a1:92:8f:6f:eb:9e:5b:43:22:0c:d8:0e:f0:
                    ef:98:55:27:dd:eb:96:ff:03:74:20:7a:8a:90:a4:
                    af:05:58:6c:2a:f9:d5:50:91:57:3a:7f:86:8f:1e:
                    14:0c:c4:b1:c1:11:6e:8e:8c:89:6c:38:83:7e:3f:
                    1e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:75:A3:25:51:B8:A0:95:FD:96:6D:E9:61:FE:F3:BE:CB:BE:00:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48bc02e1-4d2b-4854-9155-d218e2fe0e20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.159.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         12:63:43:6b:85:97:01:47:62:51:b1:76:50:f9:5d:da:05:96:
         a4:96:5e:af:d0:e8:63:d2:bb:bc:4b:d7:d1:a0:0b:14:b0:72:
         be:81:40:fc:f4:56:e6:52:df:f7:73:7d:94:29:6a:f6:ca:3c:
         2a:43:2b:bc:25:5e:dd:23:e6:f5:c0:85:21:ec:4b:95:1e:3d:
         9d:29:23:47:f2:bd:83:83:37:57:88:75:85:52:de:f2:08:36:
         c5:db:5c:7e:0c:2b:0b:46:61:36:20:06:71:77:ce:0e:c3:fa:
         5a:4e:23:04:d8:35:69:30:9f:dc:f9:0d:7f:f0:e2:66:8a:8d:
         42:ac:49:33:8b:1e:dc:61:33:60:b6:f9:1e:e4:e9:13:89:81:
         c8:9c:52:f2:77:ab:0e:fd:7a:08:60:ab:01:c0:0f:86:86:cb:
         41:ea:78:0d:b1:82:47:b6:44:d4:3a:27:67:77:4c:8e:f3:11:
         e4:b5:68:fb:66:ce:6d:7a:d7:af:32:ff:e1:0a:df:63:c1:dc:
         c8:4a:6d:71:7d:ed:d1:1f:a1:5e:ee:7f:d3:02:b3:68:37:f8:
         26:4b:6d:e0:50:ce:66:e2:ce:4a:f3:74:be:06:41:b7:22:b8:
         67:77:65:38:29:12:73:50:eb:28:1c:93:09:38:8a:59:12:63:
         a5:14:cc:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCRRvTepYjboO2JvUq4zJ2aB/ceQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OGZiMmUwNjQyMGQwNGZiNTY0MDU5MTM5OTA1NDU4Yjcy
ZDdkYjVlZDgyZjNiNjY5MzMxNDhlOGYxNzE0MzI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnw6iwC/wixt9AbnlGMzqnAM02xjtDsPTtlxKWXM4QbLRT
Xc1HnXh7ZXDTfIvF1wtR57BR4qb4h5MdJekcEFN0boK5N1Xx1ynzC/+ZXw8h5mIN
Oxo93r1pJTh1rorWXYn4zkjt4RNVgU5ZdD7gWui46K3CRiqci666kl6aX4a6Mehs
Q/0oi5rV3CuA+7wsE6XcTY92QpBN6ObcjbGhhw0eeBU+LikFLTd9rJKP5ezBMWL7
g0VDNcd0gJ3u0xi6fVz9RE/joZKPb+ueW0MiDNgO8O+YVSfd65b/A3QgeoqQpK8F
WGwq+dVQkVc6f4aPHhQMxLHBEW6OjIlsOIN+Px49AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjXWjJVG4oJX9lm3pYf7zvsu+AOswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4YmMwMmUxLTRkMmItNDg1NC05MTU1LWQyMThlMmZlMGUyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4nzANBgkqhkiG9w0BAQsFAAOCAQEAEmNDa4WXAUdiUbF2UPld2gWWpJZe
r9DoY9K7vEvX0aALFLByvoFA/PRW5lLf93N9lClq9so8KkMrvCVe3SPm9cCFIexL
lR49nSkjR/K9g4M3V4h1hVLe8gg2xdtcfgwrC0ZhNiAGcXfODsP6Wk4jBNg1aTCf
3PkNf/DiZoqNQqxJM4se3GEzYLb5HuTpE4mByJxS8nerDv16CGCrAcAPhobLQep4
DbGCR7ZE1DonZ3dMjvMR5LVo+2bObXrXrzL/4QrfY8HcyEptcX3t0R+hXu5/0wKz
aDf4Jktt4FDOZuLOSvN0vgZBtyK4Z3dlOCkSc1DrKByTCTiKWRJjpRTM6w==
-----END CERTIFICATE-----