Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c3c97fa-c615-46e3-80f0-b7d0b8a094b5.roa
File:                     4c3c97fa-c615-46e3-80f0-b7d0b8a094b5.roa (raw, json)
Hash identifier:          WBX6+8chW7leOMf5mYXzInuawaIspvJC8dNNIw7xEoQ=
Subject key identifier:   4C:6E:67:DD:6B:07:67:BF:7F:4F:7C:54:7E:D0:53:95:3C:2D:25:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68A8F7B26B1B7B00E1FDBE0E96DA62D9F4BADBEC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c3c97fa-c615-46e3-80f0-b7d0b8a094b5.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        77.112.0.0/14 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:a8:f7:b2:6b:1b:7b:00:e1:fd:be:0e:96:da:62:d9:f4:ba:db:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=4c5d375a3163235d128a492f21d6e5156d6457201cd90674e62265cb6d1224ef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9d:9d:17:27:ce:25:c3:9a:e9:5e:7f:e4:ac:
                    0b:b0:d2:3b:15:b8:8d:62:5f:dd:14:d9:2c:6d:71:
                    b6:11:1b:6d:e3:f0:aa:c1:ee:f0:63:b0:ef:66:91:
                    e2:93:5b:18:c6:9c:4b:74:39:42:ad:c7:4b:1f:3a:
                    de:de:e8:6a:0f:fd:31:f0:a2:f6:fd:a7:f5:11:12:
                    6e:1e:6f:5d:6e:51:46:2e:48:c3:31:1f:b9:0f:4b:
                    47:64:00:c3:cb:73:3b:73:55:db:e4:0d:d4:6b:9e:
                    4e:a9:9c:fb:23:5b:6f:9c:a6:29:c0:73:fa:db:eb:
                    34:82:91:5a:00:19:0c:ef:ec:d2:57:b5:00:90:e1:
                    4e:4c:34:cf:04:70:5f:b8:86:9b:22:7d:fc:5f:5b:
                    05:0c:84:79:a4:da:aa:dc:f1:f3:ab:e8:4d:64:8f:
                    e9:1b:df:d2:8d:90:91:bc:6f:be:64:67:46:34:00:
                    92:74:c3:41:a9:7c:df:09:47:f6:f1:67:64:ec:54:
                    4d:2c:a7:db:16:54:ca:d3:a8:7c:e6:6d:7f:e1:1c:
                    0d:64:e6:46:49:ff:d6:27:fc:79:4d:a5:78:10:41:
                    16:2f:60:f5:67:03:57:3a:19:ae:af:ab:98:f5:79:
                    96:a2:bd:93:02:46:5d:8d:b7:55:38:6b:10:90:8d:
                    38:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6E:67:DD:6B:07:67:BF:7F:4F:7C:54:7E:D0:53:95:3C:2D:25:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c3c97fa-c615-46e3-80f0-b7d0b8a094b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.112.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         54:1b:15:5a:ed:71:c4:de:c6:9a:85:16:d0:59:fd:14:0f:1f:
         d2:eb:1c:87:d2:83:59:b5:a9:26:9e:e1:1d:58:c7:8a:b8:5b:
         00:cd:67:7c:e0:e5:c5:34:c3:47:23:04:b2:f1:b4:3d:bb:23:
         8f:47:78:e1:7e:64:5c:1d:63:d1:82:f5:da:b9:a4:15:c9:3a:
         8d:e6:b3:8d:30:f1:2d:a3:dc:9d:cb:3e:ca:ba:79:14:76:95:
         21:c6:41:db:dc:73:2e:28:36:33:a6:c1:d3:49:a9:94:07:4c:
         19:16:df:4d:84:c5:9e:fe:74:43:85:0a:d6:55:9e:98:37:c9:
         71:dc:aa:c0:a4:3d:9e:e2:6e:4f:9a:c2:c6:8d:a1:2e:75:13:
         07:ed:67:bb:c1:26:4c:9a:68:c0:7a:51:da:5f:83:21:9b:61:
         46:9c:09:2d:f2:e6:42:39:c5:0f:71:78:aa:8c:b9:9f:98:0a:
         e6:2f:1d:6f:5f:9e:d0:22:4b:72:e7:52:51:0c:0a:6c:36:ae:
         13:86:5c:d0:96:d0:e4:3b:a9:a9:b9:c6:8d:40:a2:a4:ff:91:
         b4:78:36:2d:77:2e:ad:26:e9:c5:d5:ad:7f:33:6b:fa:60:b0:
         f9:da:fe:19:b1:c4:4d:bf:b6:47:d6:26:e8:63:d9:a3:86:8f:
         5b:cc:dd:0e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaKj3smsbewDh/b4Oltpi2fS62+wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzVkMzc1YTMxNjMyMzVkMTI4YTQ5MmYyMWQ2ZTUxNTZk
NjQ1NzIwMWNkOTA2NzRlNjIyNjVjYjZkMTIyNGVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChnZ0XJ84lw5rpXn/krAuw0jsVuI1iX90U2SxtcbYRG23j
8KrB7vBjsO9mkeKTWxjGnEt0OUKtx0sfOt7e6GoP/THwovb9p/UREm4eb11uUUYu
SMMxH7kPS0dkAMPLcztzVdvkDdRrnk6pnPsjW2+cpinAc/rb6zSCkVoAGQzv7NJX
tQCQ4U5MNM8EcF+4hpsiffxfWwUMhHmk2qrc8fOr6E1kj+kb39KNkJG8b75kZ0Y0
AJJ0w0GpfN8JR/bxZ2TsVE0sp9sWVMrTqHzmbX/hHA1k5kZJ/9Yn/HlNpXgQQRYv
YPVnA1c6Ga6vq5j1eZaivZMCRl2Nt1U4axCQjTjpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTG5n3WsHZ79/T3xUftBTlTwtJfEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjM2M5N2ZhLWM2MTUtNDZlMy04MGYwLWI3ZDBiOGEwOTRiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwJNcDANBgkqhkiG9w0BAQsFAAOCAQEAVBsVWu1xxN7GmoUW0Fn9FA8f0usc
h9KDWbWpJp7hHVjHirhbAM1nfODlxTTDRyMEsvG0Pbsjj0d44X5kXB1j0YL12rmk
Fck6jeazjTDxLaPcncs+yrp5FHaVIcZB29xzLig2M6bB00mplAdMGRbfTYTFnv50
Q4UK1lWemDfJcdyqwKQ9nuJuT5rCxo2hLnUTB+1nu8EmTJpowHpR2l+DIZthRpwJ
LfLmQjnFD3F4qoy5n5gK5i8db1+e0CJLcudSUQwKbDauE4Zc0JbQ5DupqbnGjUCi
pP+RtHg2LXcurSbpxdWtfzNr+mCw+dr+GbHETb+2R9Ym6GPZo4aPW8zdDg==
-----END CERTIFICATE-----