Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/641b68cf-d9ca-474c-bec7-4a74387333c1.roa
File:                     641b68cf-d9ca-474c-bec7-4a74387333c1.roa (raw, json)
Hash identifier:          XQC8wjardTQfxQngXuU06iBh6jWdaUYl1yRrlSOzc1k=
Subject key identifier:   8F:46:87:ED:BE:A4:25:84:96:0E:C8:FC:1E:94:E6:74:20:B1:6C:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5981C710C349B85C95D21026EE6784E7F003F122
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/641b68cf-d9ca-474c-bec7-4a74387333c1.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.241.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:81:c7:10:c3:49:b8:5c:95:d2:10:26:ee:67:84:e7:f0:03:f1:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=0ab4b835468465eba2a753b36911daeab61e89ffb9dfade1052e8b9192958edd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:aa:50:2f:1f:bc:22:23:7a:be:0b:de:73:c9:
                    bc:fd:81:3e:f2:70:a8:6f:e4:51:9d:74:92:fa:d8:
                    09:ba:31:37:26:c2:5b:c4:d1:a2:e2:35:59:b9:87:
                    e6:39:83:7f:26:eb:db:dd:87:40:9d:ae:2c:5f:4e:
                    cd:5c:9c:ac:16:d9:f7:88:be:a5:5e:8d:36:7c:ed:
                    ef:47:68:c0:8f:e7:4c:c4:ec:2a:08:2c:ff:16:7c:
                    8e:3d:4d:d9:be:99:60:f1:c7:ea:f5:55:0e:d6:5d:
                    43:e4:d0:6d:97:60:9d:90:12:de:dc:97:67:6f:03:
                    b7:11:ef:f3:fe:54:60:73:63:51:ba:8f:2a:87:03:
                    62:88:35:71:da:5d:41:df:df:bf:5c:db:9c:ce:70:
                    df:f7:ab:f5:17:67:5e:c7:29:ed:63:e7:e0:2d:2a:
                    70:e4:dd:11:6a:d6:60:ab:eb:78:d3:1b:e5:c7:ad:
                    67:fb:73:63:29:9d:a0:2f:d4:c0:a5:93:e7:9d:9a:
                    28:0f:e6:85:c8:a1:4e:87:17:78:1e:94:19:39:c7:
                    79:8c:6d:db:78:b3:ca:15:97:da:e5:9a:ec:cc:c7:
                    b2:48:0b:79:66:a4:e0:37:c6:a1:aa:17:8f:bf:2e:
                    86:59:cb:70:5a:fd:08:4b:b0:50:57:d8:2a:66:0c:
                    71:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:46:87:ED:BE:A4:25:84:96:0E:C8:FC:1E:94:E6:74:20:B1:6C:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/641b68cf-d9ca-474c-bec7-4a74387333c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.241.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:5a:52:e8:24:53:2a:12:f7:39:80:4e:48:57:ab:36:5a:6f:
         9e:b8:e7:ad:c0:20:9e:6f:eb:7e:ad:eb:00:36:fd:3f:f7:dd:
         8c:b6:83:6f:c6:c6:be:58:01:1d:59:cd:ce:2b:f2:1e:2b:fb:
         aa:ff:31:93:eb:26:fd:3e:ab:60:08:b8:50:b7:bd:d9:d5:c3:
         2c:ce:a1:02:a7:62:60:5b:f4:29:e2:61:8d:81:0e:4b:1e:c9:
         c4:f7:e4:fb:1e:1c:ea:da:8f:63:d2:90:0c:e6:6e:4c:d0:e5:
         d0:89:70:f0:9e:14:9a:11:2c:98:cd:ad:51:4d:72:6d:75:e6:
         15:fd:4c:e9:f3:9c:e4:c8:72:8e:7d:41:c8:6e:78:da:e4:66:
         6a:32:39:9d:dc:90:47:f4:5e:f8:74:44:7f:b2:f4:c7:17:27:
         c7:4b:4f:de:3a:0f:91:55:23:8b:86:b1:3c:92:cb:70:e6:1e:
         5a:06:5d:4e:ef:66:7c:95:a3:95:da:ae:4e:c6:29:13:6e:44:
         4d:6c:53:9b:0e:c9:ce:d8:da:7b:3e:10:f7:a8:27:40:14:f2:
         22:c2:bf:44:22:fb:b5:94:1e:a4:3d:de:6c:4c:7c:10:8d:0c:
         89:78:a8:3b:35:e8:cc:81:a2:b0:9f:17:58:c1:97:80:7f:cd:
         a2:b8:e8:d3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWYHHEMNJuFyV0hAm7meE5/AD8SIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWI0YjgzNTQ2ODQ2NWViYTJhNzUzYjM2OTExZGFlYWI2
MWU4OWZmYjlkZmFkZTEwNTJlOGI5MTkyOTU4ZWRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkqlAvH7wiI3q+C95zybz9gT7ycKhv5FGddJL62Am6MTcm
wlvE0aLiNVm5h+Y5g38m69vdh0CdrixfTs1cnKwW2feIvqVejTZ87e9HaMCP50zE
7CoILP8WfI49Tdm+mWDxx+r1VQ7WXUPk0G2XYJ2QEt7cl2dvA7cR7/P+VGBzY1G6
jyqHA2KINXHaXUHf379c25zOcN/3q/UXZ17HKe1j5+AtKnDk3RFq1mCr63jTG+XH
rWf7c2MpnaAv1MClk+edmigP5oXIoU6HF3gelBk5x3mMbdt4s8oVl9rlmuzMx7JI
C3lmpOA3xqGqF4+/LoZZy3Ba/QhLsFBX2CpmDHFZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUj0aH7b6kJYSWDsj8HpTmdCCxbGwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0MWI2OGNmLWQ5Y2EtNDc0Yy1iZWM3LTRhNzQzODczMzNjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP8TANBgkqhkiG9w0BAQsFAAOCAQEAL1pS6CRTKhL3OYBOSFerNlpvnrjn
rcAgnm/rfq3rADb9P/fdjLaDb8bGvlgBHVnNzivyHiv7qv8xk+sm/T6rYAi4ULe9
2dXDLM6hAqdiYFv0KeJhjYEOSx7JxPfk+x4c6tqPY9KQDOZuTNDl0Ilw8J4UmhEs
mM2tUU1ybXXmFf1M6fOc5Mhyjn1ByG542uRmajI5ndyQR/Re+HREf7L0xxcnx0tP
3joPkVUji4axPJLLcOYeWgZdTu9mfJWjldquTsYpE25ETWxTmw7Jztjaez4Q96gn
QBTyIsK/RCL7tZQepD3ebEx8EI0MiXioOzXozIGisJ8XWMGXgH/Norjo0w==
-----END CERTIFICATE-----