Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d351095-e533-4b12-b92a-8fc885911708.roa
File:                     5d351095-e533-4b12-b92a-8fc885911708.roa (raw, json)
Hash identifier:          aVfMMtfRjzW8j3QhKIfiXy4ZJjovCo9SL9iiA5no6kY=
Subject key identifier:   63:3A:0D:C4:B9:F4:0C:B8:34:3F:3B:8D:AB:19:B5:95:2F:B8:1D:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DB863E6B5B8D9023A1A4DA798173C7BB3453461
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d351095-e533-4b12-b92a-8fc885911708.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        100.20.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:b8:63:e6:b5:b8:d9:02:3a:1a:4d:a7:98:17:3c:7b:b3:45:34:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=24f02af36c587846841b15c0c4178a954007b62bde1faffc3e54ffb97633c35c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5a:6c:96:51:82:f5:89:94:3a:31:bf:8a:6a:
                    ec:7d:8d:10:b7:af:f1:52:45:39:60:06:10:9b:92:
                    60:fc:b4:56:10:df:d6:d2:b9:f2:00:be:4e:94:c0:
                    08:dd:cb:ea:1b:59:8b:bc:cc:43:d2:25:d4:f1:bd:
                    e9:9a:7b:e0:69:80:ad:a8:36:e3:b3:f9:a9:72:f8:
                    55:0c:5a:ed:77:8f:6b:9b:c5:72:fc:db:da:1e:94:
                    5b:b5:b3:a8:2d:16:df:ca:00:fd:0e:2c:33:16:c8:
                    6d:22:4a:d7:67:08:6a:e6:2c:cf:23:42:84:6c:e9:
                    25:b0:2e:d7:d8:90:97:54:92:ac:d0:86:7c:1f:33:
                    8b:a4:9d:d4:d1:7a:e1:00:c8:ef:84:af:02:05:97:
                    8f:ed:42:68:a6:6e:db:cc:47:d1:09:fb:f3:2b:70:
                    a5:bf:86:b5:eb:ad:41:4e:93:03:1d:80:07:e3:c6:
                    fd:a3:e8:4f:6b:6c:ca:7e:a0:b4:47:6c:68:32:1c:
                    ce:fb:f2:7d:86:9e:db:40:00:2a:6a:88:1a:43:6b:
                    58:aa:94:bf:72:8f:4c:db:26:14:eb:11:cc:61:00:
                    92:08:5f:cb:99:c3:eb:c3:b7:9a:44:89:f6:f9:3e:
                    b1:90:2f:cd:87:11:f4:69:c8:0f:46:10:24:19:2a:
                    d2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:3A:0D:C4:B9:F4:0C:B8:34:3F:3B:8D:AB:19:B5:95:2F:B8:1D:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d351095-e533-4b12-b92a-8fc885911708.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  100.20.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         b1:b9:6d:fa:d0:9e:1c:5c:57:7e:a4:76:29:97:7e:57:34:ed:
         74:eb:d1:58:30:03:5c:e6:3e:0e:4f:7d:65:08:76:a0:19:6c:
         26:5d:5c:5e:ab:61:53:52:96:dd:76:c7:1e:c9:0f:c2:88:ce:
         55:ff:5a:66:83:35:de:4a:c3:49:19:3b:74:eb:8c:86:90:d8:
         1d:3c:39:e0:f6:e3:db:c3:5e:7f:14:7e:0b:b1:02:0c:50:8c:
         0f:5f:50:0e:5b:25:27:8b:99:93:1d:14:b6:ba:e5:6a:de:2b:
         81:55:3b:74:a0:78:1a:da:c8:60:70:0f:aa:75:03:c2:80:a4:
         e7:e0:1b:ed:e1:ea:8b:2a:29:0c:ce:a2:61:60:a4:ec:dd:c1:
         11:d8:c9:2d:67:49:4e:fa:40:07:0a:99:10:1b:5d:ce:2f:8c:
         e1:27:f0:22:6a:2f:07:a0:94:2d:ba:14:07:ff:f1:5e:77:ab:
         e7:ce:95:c3:9b:8f:5e:91:35:b0:d9:09:f6:65:ad:50:25:e6:
         08:07:6d:f2:f9:63:08:d1:18:0d:62:84:c1:dd:f2:e4:58:77:
         50:07:67:9c:65:4b:c6:ec:96:b7:7c:20:38:27:58:83:0f:f3:
         be:c0:7d:cf:d5:93:f4:f1:b2:b9:1e:71:65:ac:81:5b:9b:e9:
         7d:5a:13:50
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTbhj5rW42QI6Gk2nmBc8e7NFNGEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGYwMmFmMzZjNTg3ODQ2ODQxYjE1YzBjNDE3OGE5NTQw
MDdiNjJiZGUxZmFmZmMzZTU0ZmZiOTc2MzNjMzVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8WmyWUYL1iZQ6Mb+Kaux9jRC3r/FSRTlgBhCbkmD8tFYQ
39bSufIAvk6UwAjdy+obWYu8zEPSJdTxvemae+BpgK2oNuOz+aly+FUMWu13j2ub
xXL829oelFu1s6gtFt/KAP0OLDMWyG0iStdnCGrmLM8jQoRs6SWwLtfYkJdUkqzQ
hnwfM4ukndTReuEAyO+ErwIFl4/tQmimbtvMR9EJ+/MrcKW/hrXrrUFOkwMdgAfj
xv2j6E9rbMp+oLRHbGgyHM778n2GnttAACpqiBpDa1iqlL9yj0zbJhTrEcxhAJII
X8uZw+vDt5pEifb5PrGQL82HEfRpyA9GECQZKtKLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYzoNxLn0DLg0PzuNqxm1lS+4HW4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkMzUxMDk1LWU1MzMtNGIxMi1iOTJhLThmYzg4NTkxMTcwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwJkFDANBgkqhkiG9w0BAQsFAAOCAQEAsblt+tCeHFxXfqR2KZd+VzTtdOvR
WDADXOY+Dk99ZQh2oBlsJl1cXqthU1KW3XbHHskPwojOVf9aZoM13krDSRk7dOuM
hpDYHTw54Pbj28NefxR+C7ECDFCMD19QDlslJ4uZkx0Utrrlat4rgVU7dKB4GtrI
YHAPqnUDwoCk5+Ab7eHqiyopDM6iYWCk7N3BEdjJLWdJTvpABwqZEBtdzi+M4Sfw
ImovB6CULboUB//xXner586Vw5uPXpE1sNkJ9mWtUCXmCAdt8vljCNEYDWKEwd3y
5Fh3UAdnnGVLxuyWt3wgOCdYgw/zvsB9z9WT9PGyuR5xZayBW5vpfVoTUA==
-----END CERTIFICATE-----