Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/528b6591-3aae-49d5-aecd-8320249f6d0e.roa
File:                     528b6591-3aae-49d5-aecd-8320249f6d0e.roa (raw, json)
Hash identifier:          wOxbLimlC3RNugkjI947ogocWgfJbe+okNv5kC5zRIQ=
Subject key identifier:   B8:08:74:81:36:FD:45:20:39:90:D2:C6:71:1D:73:2B:B0:13:28:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7BC54EC86A7CF8E74E57FBC09E7DB612887D0991
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/528b6591-3aae-49d5-aecd-8320249f6d0e.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.17.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:c5:4e:c8:6a:7c:f8:e7:4e:57:fb:c0:9e:7d:b6:12:88:7d:09:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=43ac51ef05e865c94d16be49649fa2f6a00e9b24d36fa2012833f60b0edc25b1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:45:36:d5:5c:ac:9c:9e:c1:05:21:f6:18:47:
                    9b:d3:f7:9b:fc:22:6e:cd:de:be:ac:59:fc:97:4e:
                    3f:09:ec:78:6e:0d:44:ad:96:68:cb:ac:f0:36:1e:
                    ca:1a:33:cf:ea:38:e5:8c:59:8d:89:28:02:fd:ac:
                    0d:34:46:80:1b:50:49:62:0f:b6:39:16:b3:2f:11:
                    42:69:a2:88:03:7f:fe:7b:6c:b1:58:2f:9a:5a:89:
                    d1:c4:05:31:11:d0:f1:74:94:80:7f:e3:b2:d9:fd:
                    92:17:3d:05:05:dd:dd:af:dc:a4:d6:d5:c7:5d:27:
                    37:7b:13:6e:3e:3c:34:50:f8:f9:3d:72:09:7b:23:
                    8d:af:cc:43:a7:56:e6:c9:87:c5:75:f1:8f:7f:d8:
                    4c:eb:eb:8b:36:42:83:bc:93:32:04:7f:5f:ee:af:
                    c1:d1:c2:7c:bc:c8:02:f2:74:6f:b1:87:8f:4e:1d:
                    7b:20:14:84:7d:14:e9:fc:cc:e4:f7:b7:87:e1:6e:
                    60:4c:dd:99:59:17:c1:9b:ba:2e:47:2d:80:80:c1:
                    fb:9d:f8:03:c8:73:c5:9f:4a:65:20:f0:7e:0e:a5:
                    36:50:f0:21:86:eb:8b:9f:40:04:f1:ca:3e:06:6d:
                    f8:5b:a0:6c:d7:52:8c:92:be:9a:66:8b:5a:c1:37:
                    c0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:08:74:81:36:FD:45:20:39:90:D2:C6:71:1D:73:2B:B0:13:28:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/528b6591-3aae-49d5-aecd-8320249f6d0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:6b:85:f2:f7:8f:33:b2:d9:02:b5:5d:de:89:da:93:b4:bd:
         2b:e2:30:7a:9f:cc:7c:4e:7d:8c:df:18:dc:f3:30:81:fe:32:
         0b:32:a4:47:cd:52:90:91:68:38:40:86:59:a6:b9:0a:f5:72:
         a2:b7:b2:b5:51:c1:4d:f8:26:a5:12:ce:62:2d:e5:0f:b1:82:
         5a:de:b2:8b:c9:50:cb:44:44:42:aa:c8:ba:d9:1b:af:3f:e2:
         82:4e:28:16:16:af:c8:49:c1:1f:40:f3:ac:74:2a:af:40:74:
         6b:98:35:c4:8b:c5:c4:26:eb:5a:92:3e:89:8c:40:51:7e:71:
         ee:ba:d3:18:33:0c:ab:e3:8c:ba:88:5d:00:19:29:d8:f0:a4:
         3c:97:9a:da:73:2d:de:5e:5a:b0:28:38:9a:18:2e:72:3d:ef:
         40:79:dc:ce:05:52:cd:b6:6d:2a:b4:ed:78:10:29:46:ce:a5:
         ca:9c:72:e9:cd:f9:2f:e2:15:2d:3e:96:31:4f:c6:36:31:66:
         31:41:8a:39:6a:00:3d:2f:33:56:a7:5a:55:6b:bb:87:92:1f:
         3c:e6:70:86:6a:ba:17:6f:63:28:3a:e7:3f:a4:4d:76:c3:ba:
         f2:e4:27:83:dd:51:f8:11:2a:42:aa:e3:31:e8:c3:72:59:38:
         5d:bf:ee:6d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUe8VOyGp8+OdOV/vAnn22Eoh9CZEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2FjNTFlZjA1ZTg2NWM5NGQxNmJlNDk2NDlmYTJmNmEw
MGU5YjI0ZDM2ZmEyMDEyODMzZjYwYjBlZGMyNWIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7RTbVXKycnsEFIfYYR5vT95v8Im7N3r6sWfyXTj8J7Hhu
DUStlmjLrPA2HsoaM8/qOOWMWY2JKAL9rA00RoAbUEliD7Y5FrMvEUJpoogDf/57
bLFYL5paidHEBTER0PF0lIB/47LZ/ZIXPQUF3d2v3KTW1cddJzd7E24+PDRQ+Pk9
cgl7I42vzEOnVubJh8V18Y9/2Ezr64s2QoO8kzIEf1/ur8HRwny8yALydG+xh49O
HXsgFIR9FOn8zOT3t4fhbmBM3ZlZF8Gbui5HLYCAwfud+APIc8WfSmUg8H4OpTZQ
8CGG64ufQATxyj4GbfhboGzXUoySvppmi1rBN8C9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUuAh0gTb9RSA5kNLGcR1zK7ATKDIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyOGI2NTkxLTNhYWUtNDlkNS1hZWNkLTgzMjAyNDlmNmQwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQETANBgkqhkiG9w0BAQsFAAOCAQEAamuF8vePM7LZArVd3onak7S9K+Iw
ep/MfE59jN8Y3PMwgf4yCzKkR81SkJFoOECGWaa5CvVyoreytVHBTfgmpRLOYi3l
D7GCWt6yi8lQy0REQqrIutkbrz/igk4oFhavyEnBH0DzrHQqr0B0a5g1xIvFxCbr
WpI+iYxAUX5x7rrTGDMMq+OMuohdABkp2PCkPJea2nMt3l5asCg4mhgucj3vQHnc
zgVSzbZtKrTteBApRs6lypxy6c35L+IVLT6WMU/GNjFmMUGKOWoAPS8zVqdaVWu7
h5IfPOZwhmq6F29jKDrnP6RNdsO68uQng91R+BEqQqrjMejDclk4Xb/ubQ==
-----END CERTIFICATE-----