Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a168d90-2841-493c-9062-7688b3e332a6.roa
File:                     6a168d90-2841-493c-9062-7688b3e332a6.roa (raw, json)
Hash identifier:          afevvyXaMxBfvsoZ7T14ATKyBwatMKB181R+eOLQcMA=
Subject key identifier:   19:67:EC:2C:04:45:D8:6A:92:71:83:60:41:8B:47:72:76:16:B4:C0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C5CC019F585814EF428795F9EEAD88C7684FE91
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a168d90-2841-493c-9062-7688b3e332a6.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.80.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:5c:c0:19:f5:85:81:4e:f4:28:79:5f:9e:ea:d8:8c:76:84:fe:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=ea65e0a775aacf533a83c8ce703053cf2cc616022c20380a4bfbe9d072bb5150, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8a:d8:0d:9a:c1:d8:68:fe:66:75:51:be:84:
                    87:76:d7:c2:17:e3:35:97:d3:ac:e8:c8:c3:c3:8f:
                    f3:90:0e:a4:fe:08:91:9b:30:80:7e:d1:4f:9f:61:
                    8b:9f:0d:48:4d:3b:8a:99:fd:78:df:6c:0b:98:84:
                    a3:19:d6:d7:d6:ff:70:5c:9a:59:e8:18:bb:d2:a0:
                    5f:69:68:de:85:e0:38:8d:63:f7:80:0b:4f:ec:b0:
                    e0:a2:58:7a:71:6f:c1:b7:8e:f3:f1:f5:2d:da:a9:
                    d2:29:a2:7b:5b:85:be:62:d1:13:40:0d:c3:99:50:
                    9a:80:71:61:d1:8d:32:b3:f1:b5:21:ca:fb:a7:4a:
                    15:a8:d6:96:db:e5:0c:bf:0c:25:89:b5:2c:77:6e:
                    6e:8b:80:5f:45:01:c9:68:05:60:a5:a3:75:68:1c:
                    a2:47:c0:32:1b:ff:1a:a0:89:fc:0f:0f:f7:3b:70:
                    d5:97:e7:ae:ed:f0:43:ac:dc:c4:1a:6e:c0:f7:f1:
                    a0:a2:e3:c0:96:71:25:f0:e9:6c:bb:3f:7b:04:cd:
                    14:16:8e:be:84:ca:5c:e4:28:33:76:bf:5a:fb:1d:
                    e2:35:5e:61:bb:7f:71:0f:39:1a:c0:fd:24:fe:77:
                    cd:05:ab:4a:d7:83:65:d6:2d:94:de:aa:25:3b:33:
                    a2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:67:EC:2C:04:45:D8:6A:92:71:83:60:41:8B:47:72:76:16:B4:C0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a168d90-2841-493c-9062-7688b3e332a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b6:69:11:2b:0f:46:fd:52:52:2a:2e:e1:a1:d5:de:72:b8:7a:
         7e:9f:c5:7f:7e:21:96:ae:0d:48:dd:30:8b:09:d4:4b:26:d2:
         9a:cf:fb:6f:19:ec:fc:9c:40:91:3e:11:c4:3b:24:01:b3:cd:
         d9:a0:64:79:91:fe:bb:92:17:35:e2:cd:d5:2c:d2:53:71:b4:
         cf:7d:73:04:98:db:b0:62:ae:b8:92:8f:51:9f:ed:8a:df:9e:
         ab:93:36:56:b1:2f:fd:36:63:01:2f:e7:5d:0a:37:2b:19:7a:
         05:17:5f:1c:d4:ab:b9:a0:7a:d5:7d:8b:0f:0b:1c:8e:08:db:
         de:35:7c:53:bf:12:16:83:bf:1b:f9:63:42:ee:48:92:e2:45:
         82:eb:da:26:49:fa:be:ed:d1:21:08:b6:9e:be:f4:1a:a3:dc:
         1f:fc:8c:df:d7:9b:d6:65:04:95:59:a8:45:db:14:09:7b:7c:
         66:48:6b:42:77:0e:f3:c9:d8:e5:f6:db:59:ec:3c:d4:5d:78:
         0f:01:c5:a8:58:d4:48:e0:d1:c9:3d:5f:23:d6:bb:12:75:ba:
         48:31:78:a1:6f:84:af:35:1d:33:df:80:d6:00:03:54:39:78:
         0c:e2:5b:24:0c:86:a5:b8:4e:f5:c3:13:f3:a2:a0:ed:26:ea:
         70:6c:6b:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXFzAGfWFgU70KHlfnurYjHaE/pEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTY1ZTBhNzc1YWFjZjUzM2E4M2M4Y2U3MDMwNTNjZjJj
YzYxNjAyMmMyMDM4MGE0YmZiZTlkMDcyYmI1MTUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCritgNmsHYaP5mdVG+hId218IX4zWX06zoyMPDj/OQDqT+
CJGbMIB+0U+fYYufDUhNO4qZ/XjfbAuYhKMZ1tfW/3BcmlnoGLvSoF9paN6F4DiN
Y/eAC0/ssOCiWHpxb8G3jvPx9S3aqdIpontbhb5i0RNADcOZUJqAcWHRjTKz8bUh
yvunShWo1pbb5Qy/DCWJtSx3bm6LgF9FAcloBWClo3VoHKJHwDIb/xqgifwPD/c7
cNWX567t8EOs3MQabsD38aCi48CWcSXw6Wy7P3sEzRQWjr6EylzkKDN2v1r7HeI1
XmG7f3EPORrA/ST+d80Fq0rXg2XWLZTeqiU7M6JHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGWfsLARF2GqScYNgQYtHcnYWtMAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhMTY4ZDkwLTI4NDEtNDkzYy05MDYyLTc2ODhiM2UzMzJhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANrFVAwDQYJKoZIhvcNAQELBQADggEBALZpESsPRv1SUiou4aHV3nK4en6f
xX9+IZauDUjdMIsJ1Esm0prP+28Z7PycQJE+EcQ7JAGzzdmgZHmR/ruSFzXizdUs
0lNxtM99cwSY27BirriSj1Gf7YrfnquTNlaxL/02YwEv510KNysZegUXXxzUq7mg
etV9iw8LHI4I2941fFO/EhaDvxv5Y0LuSJLiRYLr2iZJ+r7t0SEItp6+9Bqj3B/8
jN/Xm9ZlBJVZqEXbFAl7fGZIa0J3DvPJ2OX221nsPNRdeA8BxahY1Ejg0ck9XyPW
uxJ1ukgxeKFvhK81HTPfgNYAA1Q5eAziWyQMhqW4TvXDE/OioO0m6nBsa9o=
-----END CERTIFICATE-----