Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/552b517a-5218-4ed2-a892-21426274eafb.roa
File:                     552b517a-5218-4ed2-a892-21426274eafb.roa (raw, json)
Hash identifier:          TkNqp4QkjGh0KCz2uT0plMOx3M8ysImLQ+k98AKD/+E=
Subject key identifier:   4C:B2:D1:EF:E6:95:0E:27:EA:87:DB:92:19:81:16:01:5C:24:9D:F4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       641B1B7F315D9B3120B0648908341D1283A4857E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/552b517a-5218-4ed2-a892-21426274eafb.roa
Signing time:             Thu 09 Jan 2025 00:00:00 +0000
ROA not before:           Thu 09 Jan 2025 00:00:00 +0000
ROA not after:            Thu 13 Feb 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        69.210.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:1b:1b:7f:31:5d:9b:31:20:b0:64:89:08:34:1d:12:83:a4:85:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  9 00:00:00 2025 GMT
            Not After : Feb 13 23:59:59 2025 GMT
        Subject: serialNumber=adcb1256425b22c83b2bfb0b24e0a212e228fb28f7a79cca8ee522d4ba9907ee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:41:04:4b:15:fc:12:f6:aa:93:31:ae:50:2e:
                    04:3e:5b:1d:58:5d:b8:b9:73:73:96:94:d1:0f:65:
                    17:b0:b4:be:c7:d8:6d:84:d0:f7:3b:e8:f7:e3:cf:
                    6d:37:aa:72:2f:88:52:69:20:97:bd:dc:7f:99:1b:
                    84:93:1c:49:e3:f1:24:2a:97:c8:af:cd:d0:f7:ff:
                    d8:78:9b:75:3c:8a:f0:a5:96:b8:4f:84:ed:75:68:
                    d8:37:2f:d2:b5:92:3c:29:95:f8:8e:10:09:8a:e9:
                    4d:c8:bb:cb:39:db:0f:8c:d5:b3:57:77:74:a8:8b:
                    c4:b4:f2:c2:82:35:b8:a4:6e:c0:b8:66:6d:8e:74:
                    e3:df:99:84:89:ed:9d:4f:4a:e6:6e:e9:ea:04:98:
                    b7:68:bd:8b:bb:8e:1d:99:bd:7c:e2:4d:a5:ab:31:
                    8d:f0:3c:85:c4:36:1f:cd:c7:56:59:fe:01:4b:e3:
                    e4:e2:63:01:0a:41:69:5d:01:bc:a1:b4:c2:5c:9a:
                    eb:9c:f5:ff:dd:4c:fb:12:4a:97:0a:38:97:e8:42:
                    52:cd:a8:40:7a:5c:a5:42:73:fe:b8:1c:21:7a:6a:
                    ed:1a:30:03:62:f8:d4:bb:10:f5:ab:4d:55:3f:1f:
                    52:cb:f5:3f:d9:ca:16:60:2c:a0:e7:98:3e:eb:09:
                    8b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B2:D1:EF:E6:95:0E:27:EA:87:DB:92:19:81:16:01:5C:24:9D:F4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/552b517a-5218-4ed2-a892-21426274eafb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.210.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c5:43:69:18:aa:f0:f7:0f:80:a0:a2:d3:a0:8a:be:b6:2e:09:
         12:29:15:f6:02:31:8a:d0:a5:af:08:bf:a2:53:85:7e:89:d5:
         e0:1a:73:14:de:3a:88:17:67:6e:1b:c1:16:b1:41:43:26:2a:
         0c:c4:b9:fe:1d:27:b8:28:6a:65:4a:08:bd:c4:d6:28:d3:7c:
         c8:6f:1d:6c:9e:40:ba:db:4a:30:5a:eb:70:23:6d:42:7d:a6:
         a0:3d:de:a8:b4:56:82:99:ae:c6:80:71:6b:1f:ad:90:fe:25:
         02:e5:66:df:c3:c7:e9:a8:4d:15:52:96:e9:32:83:b1:fd:c6:
         6b:07:c3:57:45:a3:bd:48:a2:a5:0b:06:f7:58:39:ab:1a:ef:
         9c:c3:10:8b:3c:ed:44:2c:c4:14:d6:08:1a:d8:9b:5d:24:e4:
         32:68:8e:35:4d:3f:8f:9b:25:13:53:b6:cc:86:ea:2d:c1:29:
         37:35:ff:7a:f2:4d:64:1e:8a:b3:ed:e9:6c:a6:b5:b5:a9:7e:
         3f:56:d2:f2:8c:bb:21:92:b3:83:8a:59:a2:c8:17:5b:f5:8d:
         56:51:4e:46:74:86:56:f9:23:c1:4f:17:c6:80:1e:18:b0:87:
         38:f3:64:db:11:89:3f:68:2c:01:1d:11:15:53:7f:2c:a0:30:
         88:e9:63:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZBsbfzFdmzEgsGSJCDQdEoOkhX4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA5MDAwMDAwWhcNMjUwMjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZGNiMTI1NjQyNWIyMmM4M2IyYmZiMGIyNGUwYTIxMmUy
MjhmYjI4ZjdhNzljY2E4ZWU1MjJkNGJhOTkwN2VlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnQQRLFfwS9qqTMa5QLgQ+Wx1YXbi5c3OWlNEPZRewtL7H
2G2E0Pc76Pfjz203qnIviFJpIJe93H+ZG4STHEnj8SQql8ivzdD3/9h4m3U8ivCl
lrhPhO11aNg3L9K1kjwplfiOEAmK6U3Iu8s52w+M1bNXd3Soi8S08sKCNbikbsC4
Zm2OdOPfmYSJ7Z1PSuZu6eoEmLdovYu7jh2ZvXziTaWrMY3wPIXENh/Nx1ZZ/gFL
4+TiYwEKQWldAbyhtMJcmuuc9f/dTPsSSpcKOJfoQlLNqEB6XKVCc/64HCF6au0a
MANi+NS7EPWrTVU/H1LL9T/ZyhZgLKDnmD7rCYs1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTLLR7+aVDifqh9uSGYEWAVwknfQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU1MmI1MTdhLTUyMTgtNGVkMi1hODkyLTIxNDI2Mjc0ZWFmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZF0kAwDQYJKoZIhvcNAQELBQADggEBAMVDaRiq8PcPgKCi06CKvrYuCRIp
FfYCMYrQpa8Iv6JThX6J1eAacxTeOogXZ24bwRaxQUMmKgzEuf4dJ7goamVKCL3E
1ijTfMhvHWyeQLrbSjBa63AjbUJ9pqA93qi0VoKZrsaAcWsfrZD+JQLlZt/Dx+mo
TRVSlukyg7H9xmsHw1dFo71IoqULBvdYOasa75zDEIs87UQsxBTWCBrYm10k5DJo
jjVNP4+bJRNTtsyG6i3BKTc1/3ryTWQeirPt6WymtbWpfj9W0vKMuyGSs4OKWaLI
F1v1jVZRTkZ0hlb5I8FPF8aAHhiwhzjzZNsRiT9oLAEdERVTfyygMIjpY40=
-----END CERTIFICATE-----