Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/559c4b87-7029-431d-9016-293dbfd25de5.roa
File:                     559c4b87-7029-431d-9016-293dbfd25de5.roa (raw, json)
Hash identifier:          mnJKn3Q++TDxT9nmqkte/IFqjpsjtGhK05Tr3FSDq/A=
Subject key identifier:   DF:56:67:30:80:C8:82:E6:0A:75:5E:E2:7B:93:D7:3D:86:C1:5F:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       701B13BAC8B88CB825C31D180533C013FEE90C40
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/559c4b87-7029-431d-9016-293dbfd25de5.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.144.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:1b:13:ba:c8:b8:8c:b8:25:c3:1d:18:05:33:c0:13:fe:e9:0c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=1414905620e0d85053c29c8fd33c6d8aa19e43fd760f2872067afd225ee7e7ae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:cb:3a:2f:f6:f9:1b:a2:31:90:c9:52:63:86:
                    47:e4:ac:25:e3:14:33:44:89:d9:ef:0e:72:b6:91:
                    b2:1a:4a:07:a9:cc:dd:82:7d:43:d6:18:5f:94:ef:
                    73:18:24:4e:42:71:d8:ce:23:f6:f7:2b:f3:d5:bf:
                    4f:ac:09:56:3f:99:b2:8d:92:e4:4b:79:b6:77:c0:
                    06:51:1a:38:ca:8a:c7:0c:c6:9a:08:86:a6:01:94:
                    1c:28:62:65:39:89:fc:33:99:a5:ee:c5:c9:8f:32:
                    e7:4a:b0:c6:ed:36:82:91:9c:55:84:0b:7b:9a:24:
                    f5:d0:61:d7:ff:5e:42:69:1c:51:42:3e:bb:80:d4:
                    d7:79:71:b1:47:af:d5:56:33:8e:69:57:13:4b:c6:
                    fb:a3:84:18:28:9d:93:57:9c:d3:a1:99:1f:83:b9:
                    42:96:72:f2:a3:67:63:60:67:4d:1d:41:61:77:06:
                    66:39:de:c2:df:3f:37:bf:e6:bf:f1:96:0b:a2:a6:
                    f3:85:91:a0:bf:83:1f:7f:0b:5d:28:af:b9:f7:13:
                    77:41:5c:0e:50:43:d5:f0:1d:50:be:e5:4b:d4:be:
                    c2:ec:1a:e1:43:19:28:80:8f:2f:ff:6d:8e:d7:ad:
                    55:44:ff:6a:bb:53:b2:0c:0a:e0:47:c3:24:86:12:
                    25:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:56:67:30:80:C8:82:E6:0A:75:5E:E2:7B:93:D7:3D:86:C1:5F:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/559c4b87-7029-431d-9016-293dbfd25de5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c6:3e:6e:c7:b4:8f:a5:a4:df:a7:3e:7b:5e:e7:27:08:40:13:
         ea:98:7e:4d:eb:b3:a9:e7:0e:a5:da:10:cd:a8:af:91:74:99:
         86:06:55:10:b5:1d:20:44:b0:a7:e5:21:68:60:07:ad:38:17:
         c4:e5:d4:27:07:18:93:4c:a3:48:84:1b:db:7a:03:95:72:b3:
         9e:da:9c:c6:5d:37:ad:7b:b3:8c:03:4c:69:e3:21:b5:96:8f:
         ea:85:1d:0f:34:0c:af:b4:30:cd:32:74:3f:be:cc:f2:76:1f:
         52:03:cb:e1:3f:f3:fc:0e:47:08:a3:68:b1:03:cf:f8:f1:c5:
         89:49:fe:5e:30:fb:89:6a:05:ec:50:db:fe:55:af:de:37:ac:
         0e:82:c5:bb:6f:ac:1f:fa:a2:cd:d0:4f:b4:11:dc:d4:01:2b:
         95:b0:f3:f8:c1:12:a6:ff:00:ef:c8:6a:5f:af:c3:af:23:41:
         58:c1:92:60:dc:59:88:50:18:79:55:bf:dc:03:b0:a8:4e:df:
         67:38:bd:04:c1:33:20:12:54:f3:a0:0f:c0:0a:6e:ae:a7:4b:
         15:6c:bb:e0:18:c3:e3:8f:39:6a:ce:cf:6a:8f:cd:d7:f1:f7:
         a2:0b:ff:f3:32:96:75:aa:cc:c2:ec:b5:8d:c0:88:f5:7e:79:
         8b:63:f2:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcBsTusi4jLglwx0YBTPAE/7pDEAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDE0OTA1NjIwZTBkODUwNTNjMjljOGZkMzNjNmQ4YWEx
OWU0M2ZkNzYwZjI4NzIwNjdhZmQyMjVlZTdlN2FlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxyzov9vkbojGQyVJjhkfkrCXjFDNEidnvDnK2kbIaSgep
zN2CfUPWGF+U73MYJE5CcdjOI/b3K/PVv0+sCVY/mbKNkuRLebZ3wAZRGjjKiscM
xpoIhqYBlBwoYmU5ifwzmaXuxcmPMudKsMbtNoKRnFWEC3uaJPXQYdf/XkJpHFFC
PruA1Nd5cbFHr9VWM45pVxNLxvujhBgonZNXnNOhmR+DuUKWcvKjZ2NgZ00dQWF3
BmY53sLfPze/5r/xlguipvOFkaC/gx9/C10or7n3E3dBXA5QQ9XwHVC+5UvUvsLs
GuFDGSiAjy//bY7XrVVE/2q7U7IMCuBHwySGEiW3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU31ZnMIDIguYKdV7ie5PXPYbBXzkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU1OWM0Yjg3LTcwMjktNDMxZC05MDE2LTI5M2RiZmQyNWRlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARrFJAwDQYJKoZIhvcNAQELBQADggEBAMY+bse0j6Wk36c+e17nJwhAE+qY
fk3rs6nnDqXaEM2or5F0mYYGVRC1HSBEsKflIWhgB604F8Tl1CcHGJNMo0iEG9t6
A5Vys57anMZdN617s4wDTGnjIbWWj+qFHQ80DK+0MM0ydD++zPJ2H1IDy+E/8/wO
RwijaLEDz/jxxYlJ/l4w+4lqBexQ2/5Vr943rA6CxbtvrB/6os3QT7QR3NQBK5Ww
8/jBEqb/AO/Ial+vw68jQVjBkmDcWYhQGHlVv9wDsKhO32c4vQTBMyASVPOgD8AK
bq6nSxVsu+AYw+OPOWrOz2qPzdfx96IL//MylnWqzMLstY3AiPV+eYtj8iI=
-----END CERTIFICATE-----