Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6558a003-59a6-43fd-8846-6caecf9288bc.roa
File:                     6558a003-59a6-43fd-8846-6caecf9288bc.roa (raw, json)
Hash identifier:          F2dintz4e1hNDUbQecfgjiEJH2LibQi9xebFXB+d7/E=
Subject key identifier:   0C:17:4A:5A:2C:F1:49:87:DA:DD:3D:EF:22:10:F5:42:F4:81:E5:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6CABD7E93DB82A5FF23FF2E6650E03604CE19232
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6558a003-59a6-43fd-8846-6caecf9288bc.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.137.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:ab:d7:e9:3d:b8:2a:5f:f2:3f:f2:e6:65:0e:03:60:4c:e1:92:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=a1de1737c08fc114ffd5712a89867ed1a00a0c0259e81abb1bffd26a140bba89, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ec:d9:f9:2a:69:91:8f:0e:90:03:0c:ef:7c:
                    e6:91:78:b7:c4:77:36:4e:10:3e:1d:4b:75:4a:cf:
                    c2:65:bd:ee:5b:a4:01:a8:20:19:47:6e:ea:10:a2:
                    7c:64:1e:c2:7f:b1:c1:36:c5:98:b4:0b:d6:7d:19:
                    a4:95:e9:de:bf:c9:94:c3:f8:8d:ff:63:47:4a:8e:
                    63:8b:7f:b7:5d:53:e4:40:ac:a7:87:c5:3b:7e:6d:
                    dc:76:f8:9d:83:f4:fa:a4:f4:6f:8a:d8:e0:83:7d:
                    61:a1:24:39:b4:57:4b:39:ed:1b:0b:5c:77:99:b2:
                    c2:03:3e:8c:16:2d:df:87:8e:ec:a6:38:ec:50:8a:
                    44:5a:70:3a:52:0d:45:8e:c5:f4:85:da:99:83:02:
                    58:01:0c:31:ce:19:46:de:9c:70:d2:63:11:86:ad:
                    df:0b:58:09:bf:c8:d0:65:af:b1:c9:5e:54:64:ef:
                    90:2f:0d:46:d9:72:20:64:4f:6b:d1:73:4c:0b:2f:
                    32:ae:31:f0:9b:a2:71:0c:3a:79:a2:b8:f5:48:3a:
                    f0:cd:85:4b:d9:41:8f:fd:f3:a7:50:07:c8:cd:cd:
                    18:a9:04:07:5f:4a:91:83:bf:db:12:cd:89:87:ed:
                    ca:37:7f:91:39:33:00:40:ca:97:b0:e9:11:cb:ca:
                    dd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:17:4A:5A:2C:F1:49:87:DA:DD:3D:EF:22:10:F5:42:F4:81:E5:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6558a003-59a6-43fd-8846-6caecf9288bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.137.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         84:0c:b3:67:7e:fe:ae:f3:c8:a0:86:d9:86:8f:68:37:1c:70:
         30:94:08:20:e1:f4:2d:6f:48:60:8a:1d:28:ea:13:12:ee:a2:
         49:1e:bd:c0:af:ba:05:75:a7:49:21:fc:9b:58:08:0d:b6:56:
         ba:f2:be:9d:37:72:6e:c8:2b:70:e5:69:e1:1e:0d:b7:8d:d5:
         d6:d0:f9:90:99:80:2a:0b:a4:b6:02:57:11:96:9a:d1:88:d7:
         57:1d:24:6d:e1:ca:8a:7c:c2:3d:84:14:02:5c:b0:6a:7c:d3:
         81:ae:57:51:87:57:90:ca:ce:9a:f7:77:6c:eb:88:fc:35:20:
         ed:30:b6:6f:16:7d:a5:4f:d1:3c:61:74:eb:b3:42:c8:3e:09:
         cb:55:9b:76:02:9b:10:91:f5:db:de:e4:de:dc:9e:42:27:d5:
         7f:79:06:78:9c:e7:8b:a3:d5:53:91:be:48:4c:d5:ea:7a:39:
         24:8b:76:ca:24:a4:ba:ee:04:9e:b3:81:d0:eb:ed:64:88:6a:
         8b:8c:ec:71:b6:f9:b7:8c:e9:64:05:3c:06:25:68:75:f6:59:
         f8:fa:19:17:13:a4:9d:40:26:84:4c:ef:89:60:6d:c8:48:a3:
         ee:8f:a4:16:86:f7:46:e4:1e:8b:54:62:9e:47:8c:82:2f:b2:
         f9:c9:57:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbKvX6T24Kl/yP/LmZQ4DYEzhkjIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWRlMTczN2MwOGZjMTE0ZmZkNTcxMmE4OTg2N2VkMWEw
MGEwYzAyNTllODFhYmIxYmZmZDI2YTE0MGJiYTg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB7Nn5KmmRjw6QAwzvfOaReLfEdzZOED4dS3VKz8Jlve5b
pAGoIBlHbuoQonxkHsJ/scE2xZi0C9Z9GaSV6d6/yZTD+I3/Y0dKjmOLf7ddU+RA
rKeHxTt+bdx2+J2D9Pqk9G+K2OCDfWGhJDm0V0s57RsLXHeZssIDPowWLd+Hjuym
OOxQikRacDpSDUWOxfSF2pmDAlgBDDHOGUbenHDSYxGGrd8LWAm/yNBlr7HJXlRk
75AvDUbZciBkT2vRc0wLLzKuMfCbonEMOnmiuPVIOvDNhUvZQY/986dQB8jNzRip
BAdfSpGDv9sSzYmH7co3f5E5MwBAypew6RHLyt3zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDBdKWizxSYfa3T3vIhD1QvSB5Q4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1NThhMDAzLTU5YTYtNDNmZC04ODQ2LTZjYWVjZjkyODhiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAefiYAwDQYJKoZIhvcNAQELBQADggEBAIQMs2d+/q7zyKCG2YaPaDcccDCU
CCDh9C1vSGCKHSjqExLuokkevcCvugV1p0kh/JtYCA22Vrryvp03cm7IK3DlaeEe
DbeN1dbQ+ZCZgCoLpLYCVxGWmtGI11cdJG3hyop8wj2EFAJcsGp804GuV1GHV5DK
zpr3d2zriPw1IO0wtm8WfaVP0TxhdOuzQsg+CctVm3YCmxCR9dve5N7cnkIn1X95
Bnic54uj1VORvkhM1ep6OSSLdsokpLruBJ6zgdDr7WSIaouM7HG2+beM6WQFPAYl
aHX2Wfj6GRcTpJ1AJoRM74lgbchIo+6PpBaG90bkHotUYp5HjIIvsvnJV5w=
-----END CERTIFICATE-----