Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59637748-f9e2-4c44-86a6-89a1c02f3f23.roa
File:                     59637748-f9e2-4c44-86a6-89a1c02f3f23.roa (raw, json)
Hash identifier:          bQsbMKpr53YuJxouaOzolVsrr1wlXt1s2h4cApycLD0=
Subject key identifier:   CF:60:14:3C:74:A1:F4:EB:E1:87:F7:80:DA:24:8A:5C:37:98:DD:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54DD15CE824AAEB915A59F831B7EB5A3545707B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59637748-f9e2-4c44-86a6-89a1c02f3f23.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.203.128.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:dd:15:ce:82:4a:ae:b9:15:a5:9f:83:1b:7e:b5:a3:54:57:07:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=96448fdc3084ccca40983b3c9dffba315c6177147e89062b51581889c715c0c0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:21:98:7b:e5:31:fb:db:2d:ac:98:94:d4:de:
                    83:48:37:f3:5f:19:e8:23:dd:17:72:46:1d:40:93:
                    fe:4e:21:81:af:71:19:c9:a9:0e:57:0a:a9:6d:a5:
                    b1:6a:b6:50:a6:9e:a1:b3:34:09:f0:2c:61:41:73:
                    67:0d:08:90:7c:51:0c:a1:88:f2:1a:69:46:58:8a:
                    6d:c9:70:95:76:aa:d6:36:9f:d5:cb:f3:5a:ff:2c:
                    6b:80:f9:ae:b7:43:73:ec:0e:c3:bc:a9:b6:95:29:
                    ce:bf:0e:26:0d:e7:ca:52:17:a2:c8:a6:c5:42:23:
                    2a:4f:84:c2:37:63:18:0c:b7:1f:94:21:3f:81:ab:
                    c8:0b:79:07:0b:c7:ea:06:74:c0:68:31:a7:3e:b6:
                    5a:41:b1:b8:ea:fb:e0:e2:95:e3:33:8e:c4:90:79:
                    0a:ed:24:7d:81:e0:bf:73:48:97:ca:7b:41:cb:8e:
                    ee:ab:b0:3d:e6:68:fb:ac:b8:c8:f6:b3:3f:4f:5d:
                    bc:55:66:79:e4:a5:72:d5:9e:06:f1:fa:c7:f5:72:
                    02:13:16:f4:fd:b3:4f:3a:c8:69:1f:4e:38:87:99:
                    8f:03:ea:9f:b1:0e:34:5b:36:de:2d:4b:95:11:ed:
                    74:83:1a:d8:a3:d6:91:86:2c:34:10:f8:2a:7a:bd:
                    11:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:60:14:3C:74:A1:F4:EB:E1:87:F7:80:DA:24:8A:5C:37:98:DD:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59637748-f9e2-4c44-86a6-89a1c02f3f23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.203.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:6c:9e:69:de:86:68:61:bf:1d:a2:4f:84:53:a8:b9:f9:8b:
         e3:80:ca:2e:c3:94:03:4a:5b:5e:bc:3b:3a:49:c5:43:0c:1f:
         da:28:ec:3d:e0:79:59:e3:b4:17:31:cf:a4:e0:67:a7:37:83:
         fb:49:9b:e2:45:73:25:ac:7e:87:7d:7c:21:a2:55:aa:fb:c3:
         d1:e5:9a:2f:54:9e:18:25:39:c9:9e:8f:05:9d:3e:a7:59:f3:
         c8:4f:a0:17:e7:57:dc:c0:8b:b4:67:73:e4:b5:74:c3:60:c6:
         2a:5d:12:8e:8f:5c:db:9c:7f:a9:7c:2a:e3:0c:08:4f:e2:62:
         ea:99:3f:51:2c:08:20:c4:ef:e0:3a:8d:5e:e9:b1:3c:7e:81:
         0b:d8:e4:fe:70:cb:97:f6:e1:f1:ef:90:62:fb:6f:75:10:fb:
         2b:73:a6:ec:06:e7:fe:0e:ad:7e:db:55:3b:4a:b7:dc:0f:95:
         07:de:c5:d0:74:50:21:2f:30:a1:d3:e8:ae:6d:69:90:27:c2:
         e3:00:16:88:43:2b:0f:d2:06:20:ee:ee:5a:f3:4f:4a:32:dd:
         ec:87:71:d5:7b:c3:d0:b5:8e:48:a1:29:72:33:2b:08:d5:84:
         ce:5d:54:56:e2:af:48:cf:1d:79:21:3f:8d:6f:ad:57:f8:62:
         57:a6:c6:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVN0VzoJKrrkVpZ+DG361o1RXB7AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjQ0OGZkYzMwODRjY2NhNDA5ODNiM2M5ZGZmYmEzMTVj
NjE3NzE0N2U4OTA2MmI1MTU4MTg4OWM3MTVjMGMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnIZh75TH72y2smJTU3oNIN/NfGegj3RdyRh1Ak/5OIYGv
cRnJqQ5XCqltpbFqtlCmnqGzNAnwLGFBc2cNCJB8UQyhiPIaaUZYim3JcJV2qtY2
n9XL81r/LGuA+a63Q3PsDsO8qbaVKc6/DiYN58pSF6LIpsVCIypPhMI3YxgMtx+U
IT+Bq8gLeQcLx+oGdMBoMac+tlpBsbjq++DileMzjsSQeQrtJH2B4L9zSJfKe0HL
ju6rsD3maPusuMj2sz9PXbxVZnnkpXLVngbx+sf1cgITFvT9s086yGkfTjiHmY8D
6p+xDjRbNt4tS5UR7XSDGtij1pGGLDQQ+Cp6vREnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz2AUPHSh9Ovhh/eA2iSKXDeY3VAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5NjM3NzQ4LWY5ZTItNGM0NC04NmE2LTg5YTFjMDJmM2YyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEsy4AwDQYJKoZIhvcNAQELBQADggEBAE5snmnehmhhvx2iT4RTqLn5i+OA
yi7DlANKW168OzpJxUMMH9oo7D3geVnjtBcxz6TgZ6c3g/tJm+JFcyWsfod9fCGi
Var7w9Hlmi9UnhglOcmejwWdPqdZ88hPoBfnV9zAi7Rnc+S1dMNgxipdEo6PXNuc
f6l8KuMMCE/iYuqZP1EsCCDE7+A6jV7psTx+gQvY5P5wy5f24fHvkGL7b3UQ+ytz
puwG5/4OrX7bVTtKt9wPlQfexdB0UCEvMKHT6K5taZAnwuMAFohDKw/SBiDu7lrz
T0oy3eyHcdV7w9C1jkihKXIzKwjVhM5dVFbir0jPHXkhP41vrVf4YlemxvM=
-----END CERTIFICATE-----