Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa
File:                     497f0d59-c7e7-4604-a259-3494824b7cae.roa (raw, json)
Hash identifier:          QhkRbZnmPOvGXPsisnZK3crzCjmZfLlBm/NFyZzP9Ec=
Subject key identifier:   33:5E:1C:51:31:46:35:33:A1:9A:32:49:CD:0D:2A:5B:F5:3C:3F:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       470A0FC6C0128FB4004C5642B7EA97CAA38C927B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.193.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:0a:0f:c6:c0:12:8f:b4:00:4c:56:42:b7:ea:97:ca:a3:8c:92:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=bc56d69f5ed642e2c88127329b1893ce46a462830a254a51e6409db200959b2a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:00:0d:9c:5c:99:4f:73:39:3c:dd:24:62:64:
                    77:a5:17:90:8e:79:d8:d1:e5:02:cb:59:5d:d4:a2:
                    e5:14:f3:ed:ca:e0:78:59:e9:79:1c:d6:56:5d:c0:
                    01:02:3a:9b:d9:e4:97:e4:ff:53:4b:6e:a9:7e:1e:
                    06:99:67:1c:bd:4b:71:1c:36:b6:a6:0a:89:eb:48:
                    38:31:35:bc:d3:85:de:c4:94:f2:e4:83:f9:49:e7:
                    6d:da:4a:ef:a9:e5:9e:8b:8f:84:b3:36:cb:56:5a:
                    bd:cd:fd:1c:98:20:69:7d:f2:0f:a6:39:58:25:19:
                    4a:11:c9:0f:00:44:c8:46:fe:7a:9a:55:b1:fb:4c:
                    cc:14:ee:f1:6f:e7:3e:01:1c:bc:60:96:e8:15:f4:
                    db:bd:4d:63:98:95:85:40:2a:1f:6d:41:e3:98:b3:
                    88:be:2c:1d:a9:5d:8f:1e:19:f2:83:d4:fa:0f:8f:
                    8f:7b:88:95:a5:53:99:eb:1b:75:6f:67:ec:75:e1:
                    ec:58:07:f8:6f:84:73:63:2c:38:fd:d8:c5:bd:d7:
                    46:fa:af:b0:19:dd:81:10:52:a0:ad:4a:7f:e8:ef:
                    9f:5a:98:3a:68:9c:db:1e:33:54:d8:ae:c7:30:dd:
                    15:34:4a:94:83:48:15:1a:bf:09:60:da:c5:e0:60:
                    45:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5E:1C:51:31:46:35:33:A1:9A:32:49:CD:0D:2A:5B:F5:3C:3F:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.193.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:d0:67:d7:15:5c:b2:c0:f0:6b:72:7e:1b:e5:30:cd:d5:cf:
         df:7b:62:fa:ca:df:6b:cf:b6:8d:30:cb:b2:cc:af:a2:80:09:
         8b:0e:8f:cc:96:b4:8d:76:51:f0:ba:0b:a0:65:68:87:ec:e4:
         76:31:dc:9c:7d:95:c7:d1:ce:e9:72:d3:4b:bc:db:94:d1:29:
         49:66:b2:b9:d5:39:0a:74:9c:3f:47:74:88:22:36:f4:5c:fc:
         52:dd:ac:27:60:45:82:73:46:ae:bd:b4:18:4f:96:99:1f:40:
         57:51:4c:4a:36:36:2d:8c:2d:a3:53:7f:1d:48:2f:6e:49:a7:
         f4:2c:15:44:45:02:3e:fc:a9:24:76:90:c0:26:40:b6:96:d6:
         83:e8:81:d3:ab:e6:9d:0f:60:3e:8a:02:61:cc:55:aa:c9:af:
         af:23:bf:8d:af:c0:09:66:40:0e:89:73:31:f2:28:2f:ea:b9:
         7b:f4:01:4f:02:74:89:7f:bf:38:85:5b:24:b2:ca:8a:2d:d6:
         6d:b7:d1:7b:94:0f:8a:0e:54:24:f4:ef:5f:77:be:5d:25:4a:
         2b:c8:84:59:a3:61:c5:51:0f:60:11:05:da:7a:85:8a:a1:60:
         24:df:06:9a:b8:5b:c4:d1:3b:88:f1:3a:53:e7:65:20:ab:51:
         9b:97:2c:67
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURwoPxsASj7QATFZCt+qXyqOMknswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzU2ZDY5ZjVlZDY0MmUyYzg4MTI3MzI5YjE4OTNjZTQ2
YTQ2MjgzMGEyNTRhNTFlNjQwOWRiMjAwOTU5YjJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJAA2cXJlPczk83SRiZHelF5COedjR5QLLWV3UouUU8+3K
4HhZ6Xkc1lZdwAECOpvZ5Jfk/1NLbql+HgaZZxy9S3EcNramConrSDgxNbzThd7E
lPLkg/lJ523aSu+p5Z6Lj4SzNstWWr3N/RyYIGl98g+mOVglGUoRyQ8ARMhG/nqa
VbH7TMwU7vFv5z4BHLxglugV9Nu9TWOYlYVAKh9tQeOYs4i+LB2pXY8eGfKD1PoP
j497iJWlU5nrG3VvZ+x14exYB/hvhHNjLDj92MW910b6r7AZ3YEQUqCtSn/o759a
mDponNseM1TYrscw3RU0SpSDSBUavwlg2sXgYEVTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUM14cUTFGNTOhmjJJzQ0qW/U8P9MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5N2YwZDU5LWM3ZTctNDYwNC1hMjU5LTM0OTQ4MjRiN2NhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwChwTANBgkqhkiG9w0BAQsFAAOCAQEAfdBn1xVcssDwa3J+G+UwzdXP33ti
+srfa8+2jTDLssyvooAJiw6PzJa0jXZR8LoLoGVoh+zkdjHcnH2Vx9HO6XLTS7zb
lNEpSWayudU5CnScP0d0iCI29Fz8Ut2sJ2BFgnNGrr20GE+WmR9AV1FMSjY2LYwt
o1N/HUgvbkmn9CwVREUCPvypJHaQwCZAtpbWg+iB06vmnQ9gPooCYcxVqsmvryO/
ja/ACWZADolzMfIoL+q5e/QBTwJ0iX+/OIVbJLLKii3WbbfRe5QPig5UJPTvX3e+
XSVKK8iEWaNhxVEPYBEF2nqFiqFgJN8GmrhbxNE7iPE6U+dlIKtRm5csZw==
-----END CERTIFICATE-----