Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/557ead45-b1a7-4106-be3c-6b610ae5759c.roa
File:                     557ead45-b1a7-4106-be3c-6b610ae5759c.roa (raw, json)
Hash identifier:          I+EICB957ZxXtIcPirP7iNPjBVM7ANduukgN+Wb075E=
Subject key identifier:   01:0D:19:BD:F1:BA:DB:24:9F:35:61:06:8F:C8:43:DA:7F:7C:04:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       120DCF2928A12EDAE39B99AAC10330F9114C1FD4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/557ead45-b1a7-4106-be3c-6b610ae5759c.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.131.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:0d:cf:29:28:a1:2e:da:e3:9b:99:aa:c1:03:30:f9:11:4c:1f:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=93d7dba516564211251237789f4dde0efc97cdad016d5bff8235a569ec2bbe9e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:70:31:57:97:3a:ff:ce:7f:6d:2d:be:8c:
                    fe:94:ff:76:4b:32:8d:86:ee:c9:57:f1:c6:11:56:
                    29:20:1c:13:a1:82:cc:ad:ca:62:56:52:9d:e3:05:
                    d3:32:88:21:d0:a1:ea:3c:25:84:49:26:aa:d8:77:
                    46:3b:5f:a4:18:84:45:09:23:7f:0f:ef:ed:6a:46:
                    5c:75:d0:4a:5c:ae:7c:68:90:21:9b:62:f8:13:1d:
                    70:94:2c:d0:11:ed:d5:16:80:b2:91:7d:c9:c4:97:
                    71:19:fd:57:05:3c:57:e9:ea:a8:d3:c2:9a:ec:c1:
                    47:5c:ff:ed:8e:83:91:9d:b9:57:6d:b3:dc:34:28:
                    13:26:ce:f5:31:55:52:ff:ca:32:4d:95:3a:5c:1e:
                    3a:2c:ee:d6:07:24:e0:a3:94:ef:73:c1:32:9e:58:
                    93:12:09:3a:fe:f1:63:7c:8f:5c:10:18:50:9c:38:
                    7f:e8:99:fd:9b:e3:0f:f6:17:a2:14:2d:ab:cf:01:
                    c0:f0:b7:23:9c:11:8a:7f:90:b7:d2:39:66:14:83:
                    22:ef:79:15:73:6b:69:45:96:e9:8f:f0:6d:88:ba:
                    cc:0a:b5:83:37:30:97:9e:b4:a6:ef:ff:64:1b:c7:
                    4a:e3:ce:8e:5b:78:d2:cf:c1:c0:7d:dd:99:9b:dc:
                    94:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:0D:19:BD:F1:BA:DB:24:9F:35:61:06:8F:C8:43:DA:7F:7C:04:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/557ead45-b1a7-4106-be3c-6b610ae5759c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         13:3f:c8:75:a1:50:2a:5b:ec:86:6c:cc:f1:5e:d6:df:7b:3c:
         37:da:77:f3:97:57:a9:e4:66:57:13:0f:68:62:06:12:b4:b1:
         ed:33:15:05:1d:e3:80:52:c7:af:59:ec:a3:d2:c2:af:19:a7:
         26:da:ae:71:50:3e:d5:67:f8:20:4c:ee:cf:5c:6e:39:c7:8c:
         af:cc:df:53:9d:7b:2a:3a:4f:e2:37:c1:0a:16:47:0f:e0:70:
         16:a4:e1:08:f0:1c:6e:73:b3:6d:5a:1d:b8:ed:09:50:7d:55:
         b9:60:44:44:32:27:1f:a2:4a:99:5e:d0:0f:03:af:f2:30:89:
         f2:be:15:ef:b9:8a:27:a7:22:91:a4:1f:7c:c3:81:ae:ad:ed:
         4e:84:32:dd:d3:a9:a2:0b:9f:e0:78:b4:dd:22:39:33:dc:7e:
         5e:42:9d:b6:9a:ab:0e:68:c5:94:b1:1b:9e:72:d6:7b:ae:17:
         68:23:e0:47:73:6c:a2:72:15:74:1d:6f:44:15:52:1c:f2:f0:
         f8:66:f1:d2:10:97:70:ca:17:f8:30:ae:ab:50:ba:54:0e:22:
         86:d0:cc:a7:ec:f9:ca:c7:45:8f:23:98:a6:4c:57:4b:53:22:
         18:24:fa:c9:3a:12:b4:52:27:51:3e:3f:b3:f1:f2:18:08:22:
         41:e2:e5:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEg3PKSihLtrjm5mqwQMw+RFMH9QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2Q3ZGJhNTE2NTY0MjExMjUxMjM3Nzg5ZjRkZGUwZWZj
OTdjZGFkMDE2ZDViZmY4MjM1YTU2OWVjMmJiZTllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrZ3AxV5c6/85/bS2+jP6U/3ZLMo2G7slX8cYRVikgHBOh
gsytymJWUp3jBdMyiCHQoeo8JYRJJqrYd0Y7X6QYhEUJI38P7+1qRlx10Epcrnxo
kCGbYvgTHXCULNAR7dUWgLKRfcnEl3EZ/VcFPFfp6qjTwprswUdc/+2Og5GduVdt
s9w0KBMmzvUxVVL/yjJNlTpcHjos7tYHJOCjlO9zwTKeWJMSCTr+8WN8j1wQGFCc
OH/omf2b4w/2F6IULavPAcDwtyOcEYp/kLfSOWYUgyLveRVza2lFlumP8G2IuswK
tYM3MJeetKbv/2Qbx0rjzo5beNLPwcB93Zmb3JRJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUAQ0ZvfG62ySfNWEGj8hD2n98BMUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU1N2VhZDQ1LWIxYTctNDEwNi1iZTNjLTZiNjEwYWU1NzU5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBigzANBgkqhkiG9w0BAQsFAAOCAQEAEz/IdaFQKlvshmzM8V7W33s8N9p3
85dXqeRmVxMPaGIGErSx7TMVBR3jgFLHr1nso9LCrxmnJtqucVA+1Wf4IEzuz1xu
OceMr8zfU517KjpP4jfBChZHD+BwFqThCPAcbnOzbVoduO0JUH1VuWBERDInH6JK
mV7QDwOv8jCJ8r4V77mKJ6cikaQffMOBrq3tToQy3dOpoguf4Hi03SI5M9x+XkKd
tpqrDmjFlLEbnnLWe64XaCPgR3NsonIVdB1vRBVSHPLw+Gbx0hCXcMoX+DCuq1C6
VA4ihtDMp+z5ysdFjyOYpkxXS1MiGCT6yToStFInUT4/s/HyGAgiQeLlqQ==
-----END CERTIFICATE-----