Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/603d26d7-c121-42e1-817f-ef0a806e3d69.roa
File:                     603d26d7-c121-42e1-817f-ef0a806e3d69.roa (raw, json)
Hash identifier:          pNVYBh1A+C0zVPqOq7LLrH/h0ZF8ai6l2/wP7UkVqzA=
Subject key identifier:   6A:42:E8:AC:BB:25:28:74:12:57:06:8C:B9:29:5F:B5:4A:63:35:79
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F0D0C7A21A363B486928110C38BCEC84C7E4B6B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/603d26d7-c121-42e1-817f-ef0a806e3d69.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        185.212.200.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:0d:0c:7a:21:a3:63:b4:86:92:81:10:c3:8b:ce:c8:4c:7e:4b:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=e81135e5f6f325532f1b2890e2a6334c945a10f0342c5226f9d684e3d77d5bd8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ee:88:0f:79:db:dd:c1:f9:90:a1:fb:7e:19:
                    56:ea:7d:9b:ac:07:0e:ea:7c:57:9c:80:97:2e:97:
                    8a:cd:ee:0d:26:78:17:50:45:8a:25:5a:7e:d2:c3:
                    0f:80:2c:9d:91:64:47:02:c5:d1:7f:0d:13:c4:28:
                    fa:ab:ef:90:e9:a1:bd:5a:a2:e3:74:0e:ad:d3:c0:
                    12:2f:e7:db:eb:96:f2:95:37:53:df:e1:52:3e:a8:
                    f7:e2:20:ef:2d:ef:9a:92:09:f2:98:6d:f6:2a:af:
                    13:ad:15:c9:87:a6:e7:46:9f:59:89:4f:bd:7c:e2:
                    2e:ec:d5:98:4b:44:da:c8:08:7a:d8:f0:7c:71:fd:
                    90:52:f4:e5:17:f6:b9:57:72:5d:02:c3:0f:13:b7:
                    26:25:d0:8b:f1:ad:1c:c1:f9:ac:42:27:0b:ad:7c:
                    90:76:3a:7a:82:fb:b5:74:2f:61:e2:f5:ce:ce:b7:
                    20:c2:cf:20:e5:58:db:bc:ae:27:46:87:57:5f:c8:
                    9a:7f:f9:49:1c:77:41:e3:b1:e9:8b:be:7f:cf:dc:
                    60:42:f1:bf:a0:6b:c5:fd:ee:12:8d:1f:37:a6:08:
                    1e:a1:2a:8e:68:fa:15:eb:f2:38:37:63:0b:2e:4e:
                    19:8a:ad:f1:fc:ea:1d:b2:f1:b9:f0:89:e7:36:67:
                    f2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:42:E8:AC:BB:25:28:74:12:57:06:8C:B9:29:5F:B5:4A:63:35:79
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/603d26d7-c121-42e1-817f-ef0a806e3d69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:55:3a:e2:82:fd:bf:d8:51:7b:68:0d:75:29:2e:fd:5c:2d:
         d6:97:01:60:42:69:fe:e3:93:70:2b:22:1b:95:73:29:c3:43:
         3d:04:6e:08:d4:f9:2a:d1:78:8c:e1:c5:d9:86:a1:a6:5f:78:
         9f:83:ad:a6:90:34:bf:de:a6:89:9c:82:d1:64:c5:c8:b2:99:
         bb:e0:44:fb:44:1a:63:f5:70:32:59:13:c5:aa:8e:54:41:ad:
         31:67:2c:fc:81:37:6c:00:f4:da:3d:bc:3d:57:03:db:d8:9b:
         e1:ea:68:2d:c2:12:e7:e5:2d:52:1f:54:76:65:12:ce:19:81:
         1a:5a:c6:00:88:2c:ca:13:a9:84:f9:c0:c5:88:4d:b6:65:72:
         cd:05:74:be:56:9f:8e:5d:41:4d:05:8d:a2:d9:bc:0e:e6:a9:
         c9:16:38:d4:66:ce:56:a7:14:32:16:10:b7:5b:b1:23:90:95:
         7f:18:2e:a7:74:e1:9b:f5:8f:51:c3:27:07:ec:ae:63:2d:e4:
         29:bf:0b:9e:8f:94:85:ed:f2:3d:b5:e1:85:d3:fd:02:3a:67:
         8a:ed:a2:36:bb:f9:d9:b4:c0:68:44:4e:c0:6f:0a:cb:21:c6:
         ec:2b:6e:55:85:64:02:3c:03:97:ff:7a:0e:9b:2a:ef:46:2a:
         8c:08:f5:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHw0MeiGjY7SGkoEQw4vOyEx+S2swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODExMzVlNWY2ZjMyNTUzMmYxYjI4OTBlMmE2MzM0Yzk0
NWExMGYwMzQyYzUyMjZmOWQ2ODRlM2Q3N2Q1YmQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+7ogPedvdwfmQoft+GVbqfZusBw7qfFecgJcul4rN7g0m
eBdQRYolWn7Sww+ALJ2RZEcCxdF/DRPEKPqr75Dpob1aouN0Dq3TwBIv59vrlvKV
N1Pf4VI+qPfiIO8t75qSCfKYbfYqrxOtFcmHpudGn1mJT7184i7s1ZhLRNrICHrY
8Hxx/ZBS9OUX9rlXcl0Cww8TtyYl0IvxrRzB+axCJwutfJB2OnqC+7V0L2Hi9c7O
tyDCzyDlWNu8ridGh1dfyJp/+Ukcd0HjsemLvn/P3GBC8b+ga8X97hKNHzemCB6h
Ko5o+hXr8jg3YwsuThmKrfH86h2y8bnwiec2Z/LpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUakLorLslKHQSVwaMuSlftUpjNXkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwM2QyNmQ3LWMxMjEtNDJlMS04MTdmLWVmMGE4MDZlM2Q2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAK51MgwDQYJKoZIhvcNAQELBQADggEBAJJVOuKC/b/YUXtoDXUpLv1cLdaX
AWBCaf7jk3ArIhuVcynDQz0EbgjU+SrReIzhxdmGoaZfeJ+DraaQNL/epomcgtFk
xciymbvgRPtEGmP1cDJZE8WqjlRBrTFnLPyBN2wA9No9vD1XA9vYm+HqaC3CEufl
LVIfVHZlEs4ZgRpaxgCILMoTqYT5wMWITbZlcs0FdL5Wn45dQU0FjaLZvA7mqckW
ONRmzlanFDIWELdbsSOQlX8YLqd04Zv1j1HDJwfsrmMt5Cm/C56PlIXt8j214YXT
/QI6Z4rtoja7+dm0wGhETsBvCsshxuwrblWFZAI8A5f/eg6bKu9GKowI9Tg=
-----END CERTIFICATE-----