Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/550ca0bb-4e09-403b-882c-301eea6f0a9e.roa
File:                     550ca0bb-4e09-403b-882c-301eea6f0a9e.roa (raw, json)
Hash identifier:          D221MMoSz6A/lcC1r+u2l8FBUNsyO1PFp9jnmtHb5Dk=
Subject key identifier:   03:A8:A1:C7:F4:58:96:1E:B0:8C:19:3E:3F:E1:5B:BC:E3:25:25:A0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79C57A593559CDFAACF36B0E69559EB7753D39A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/550ca0bb-4e09-403b-882c-301eea6f0a9e.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.152.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:c5:7a:59:35:59:cd:fa:ac:f3:6b:0e:69:55:9e:b7:75:3d:39:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=63cb66679a9474bcb8d453550ab233e52d3aa2ff3006c456b52cdf92d82e9252, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:cb:fe:74:51:72:fa:f4:bc:96:23:c5:60:c4:
                    63:fd:58:ca:0d:b1:6d:84:64:c9:09:03:28:89:b3:
                    d2:50:aa:73:29:92:76:b8:21:02:a1:0b:62:3c:6d:
                    a6:e2:cd:50:f0:5f:0d:fb:45:82:33:74:8c:31:21:
                    7a:41:b5:52:1e:6b:b1:3b:42:66:06:82:34:33:54:
                    de:c4:56:d0:55:b6:36:ca:60:3f:54:de:8d:d9:a8:
                    01:68:91:75:73:a0:44:4e:c9:39:90:66:3d:01:2e:
                    3e:df:cc:28:f5:41:11:04:29:b9:4c:65:aa:08:83:
                    83:91:0c:df:77:f6:68:29:f5:ea:6b:5e:9a:b5:43:
                    f5:13:23:53:09:fd:c8:2a:59:b2:12:18:93:c2:a6:
                    01:6e:a0:08:6b:ea:c2:ed:ec:6f:d3:68:8b:d2:08:
                    7a:f9:7d:e1:39:cb:2f:82:ef:b0:32:d1:4f:ce:7c:
                    98:99:d8:e6:1c:46:22:7f:5c:de:9c:1e:fa:c3:45:
                    38:8b:7f:50:1e:1a:d4:7d:ab:15:8d:33:69:77:d3:
                    37:53:d5:12:c8:eb:8a:83:83:28:aa:04:73:87:92:
                    58:53:e1:1c:69:c2:cd:bd:d4:c9:ff:9a:57:6e:1c:
                    52:8b:71:21:47:b6:d9:b0:1b:0c:54:64:0d:10:d6:
                    86:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:A8:A1:C7:F4:58:96:1E:B0:8C:19:3E:3F:E1:5B:BC:E3:25:25:A0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/550ca0bb-4e09-403b-882c-301eea6f0a9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         16:b7:91:2b:b0:7e:34:79:a6:ea:6f:f4:1b:99:04:02:69:77:
         6f:0e:bd:9b:4a:24:0a:f8:59:4d:d1:ba:cc:95:e3:94:9f:66:
         16:27:3d:e4:c9:5c:b8:e1:ef:19:e6:c6:2a:42:d7:7e:c8:26:
         69:97:5f:74:77:11:7c:f0:b9:bc:0a:f9:40:f6:b5:4c:21:7a:
         82:83:c0:47:d6:71:8c:de:1d:a1:0d:25:a9:6d:2d:06:dc:2f:
         52:d7:00:53:5d:ec:3a:36:cc:f1:37:6a:af:b0:97:0c:57:e9:
         93:26:ee:1f:c7:3d:ba:49:6d:43:a3:52:e9:a3:6d:b9:3e:88:
         41:f2:8c:dd:9c:07:4f:b6:5d:79:1f:27:6c:47:c9:1d:69:5a:
         ef:1d:43:9f:2c:55:84:ef:e0:30:e2:d4:54:90:78:48:0a:db:
         e0:18:e3:f3:a3:12:af:2e:e3:e7:3b:95:a5:47:f6:4e:2a:83:
         aa:f8:3c:a8:83:a3:c1:fa:63:18:11:ea:0a:67:6e:04:de:fd:
         88:69:f4:11:01:ab:d1:5e:ba:f2:50:12:4c:ea:94:73:99:ab:
         d0:ee:12:ff:f3:ed:e7:c5:24:d8:28:11:af:98:32:2d:e9:16:
         79:ab:4d:dd:e6:a3:1e:f8:6b:ee:95:97:b9:f6:30:9c:90:a0:
         e4:58:84:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUecV6WTVZzfqs82sOaVWet3U9OaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2M2NiNjY2NzlhOTQ3NGJjYjhkNDUzNTUwYWIyMzNlNTJk
M2FhMmZmMzAwNmM0NTZiNTJjZGY5MmQ4MmU5MjUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXy/50UXL69LyWI8VgxGP9WMoNsW2EZMkJAyiJs9JQqnMp
kna4IQKhC2I8babizVDwXw37RYIzdIwxIXpBtVIea7E7QmYGgjQzVN7EVtBVtjbK
YD9U3o3ZqAFokXVzoEROyTmQZj0BLj7fzCj1QREEKblMZaoIg4ORDN939mgp9epr
Xpq1Q/UTI1MJ/cgqWbISGJPCpgFuoAhr6sLt7G/TaIvSCHr5feE5yy+C77Ay0U/O
fJiZ2OYcRiJ/XN6cHvrDRTiLf1AeGtR9qxWNM2l30zdT1RLI64qDgyiqBHOHklhT
4Rxpws291Mn/mlduHFKLcSFHttmwGwxUZA0Q1oanAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUA6ihx/RYlh6wjBk+P+FbvOMlJaAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU1MGNhMGJiLTRlMDktNDAzYi04ODJjLTMwMWVlYTZmMGE5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl5gwDQYJKoZIhvcNAQELBQADggEBABa3kSuwfjR5pupv9BuZBAJpd28O
vZtKJAr4WU3RusyV45SfZhYnPeTJXLjh7xnmxipC137IJmmXX3R3EXzwubwK+UD2
tUwheoKDwEfWcYzeHaENJaltLQbcL1LXAFNd7Do2zPE3aq+wlwxX6ZMm7h/HPbpJ
bUOjUumjbbk+iEHyjN2cB0+2XXkfJ2xHyR1pWu8dQ58sVYTv4DDi1FSQeEgK2+AY
4/OjEq8u4+c7laVH9k4qg6r4PKiDo8H6YxgR6gpnbgTe/Yhp9BEBq9FeuvJQEkzq
lHOZq9DuEv/z7efFJNgoEa+YMi3pFnmrTd3mox74a+6Vl7n2MJyQoORYhNg=
-----END CERTIFICATE-----