Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa
File:                     6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa (raw, json)
Hash identifier:          PklcGvdR1XdL87sSyNpT9GJ3mF8a2jLTUsJK1saZeUA=
Subject key identifier:   BC:31:FE:87:0B:82:F2:1B:3F:06:28:F8:EE:A8:D0:E4:45:54:1E:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6EE36EE5A680F867EF17FEE024DAE74951A296D9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.11.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:e3:6e:e5:a6:80:f8:67:ef:17:fe:e0:24:da:e7:49:51:a2:96:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=0ab13a35a47a3a9ecd4c695eb3fdfcc3ad12f3955ac2c91fbcf0b02ad2717caa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f0:99:a4:28:a3:78:3c:1c:73:4c:e2:49:3c:
                    e3:f7:e1:b4:29:02:fc:c0:60:a1:b8:f2:3d:2f:0c:
                    04:f3:83:5c:96:77:60:a7:03:b2:23:11:6a:96:cd:
                    44:ed:e0:f4:80:e0:3c:91:9b:e1:a8:c5:60:f4:ee:
                    f5:68:0c:36:45:29:f8:a9:3e:e3:e3:9a:96:46:f9:
                    aa:bb:99:fe:eb:76:d6:05:09:e8:33:09:90:c8:2f:
                    64:aa:02:b3:97:f4:7d:f2:78:ea:9a:64:ed:e9:ef:
                    3a:68:69:b7:49:86:28:f8:e6:92:5f:87:1a:ac:e5:
                    b2:af:22:1a:02:0d:4b:fe:88:96:89:7f:f4:6f:98:
                    37:25:d8:b6:73:ee:ff:86:8b:77:08:60:b6:a9:71:
                    f2:cb:87:7a:f1:f4:15:61:f2:9b:12:b4:2c:25:d3:
                    52:39:89:52:03:56:37:82:95:b5:cc:37:74:02:6f:
                    a5:06:67:97:50:c3:22:7b:e2:91:db:3c:0c:2d:ad:
                    a2:11:fe:6b:4a:10:5d:7f:4e:3f:e7:8a:5c:9c:92:
                    35:95:f7:16:c6:00:d7:a9:33:0d:9a:63:3f:0d:5a:
                    ac:2c:ef:be:02:4b:8e:58:87:17:2b:25:57:07:28:
                    91:55:6d:3a:f5:b2:6f:7c:2a:08:b5:73:ed:4b:fd:
                    82:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:31:FE:87:0B:82:F2:1B:3F:06:28:F8:EE:A8:D0:E4:45:54:1E:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.11.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         12:3e:0b:15:15:2e:72:5d:d4:b5:96:41:fc:0c:ea:28:dd:2f:
         61:59:3f:48:15:97:6e:f5:3c:a0:6a:7d:5f:31:07:b1:af:d5:
         1b:07:e1:0f:cd:b2:df:5c:31:1a:5a:fb:fe:c3:a7:71:99:c2:
         ee:3c:fa:86:01:95:b4:47:d4:68:a4:77:4e:cd:4c:a7:a6:98:
         d8:97:d4:e2:c6:65:fd:80:7c:8f:b9:3e:b7:ac:80:34:45:e1:
         5f:e1:bf:79:20:f3:b1:91:a9:03:c4:90:75:04:ce:84:26:81:
         d2:bb:af:71:bb:92:2a:59:f3:cf:13:ce:b9:09:e5:c2:74:9b:
         f0:4c:7a:de:3b:20:71:7a:17:1f:de:9a:23:94:e0:81:6a:40:
         b7:d0:dd:53:51:46:1c:cb:5b:d9:14:6f:93:a7:fe:eb:51:a3:
         f2:47:ea:25:30:94:3f:33:ec:4a:3e:e5:13:72:55:d0:f4:83:
         c2:e0:41:86:5c:e4:ad:c9:4f:ab:c1:d1:c5:4a:08:7c:49:c9:
         4a:78:6b:a2:8e:e5:f8:b5:db:5b:7b:27:19:cb:fd:98:97:b6:
         08:8e:71:df:22:4f:8d:fb:38:c3:d8:0d:93:9e:00:0e:03:3c:
         09:99:02:48:ce:74:59:8d:e4:45:76:c6:e9:e8:61:40:d3:c1:
         d5:04:62:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbuNu5aaA+GfvF/7gJNrnSVGiltkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWIxM2EzNWE0N2EzYTllY2Q0YzY5NWViM2ZkZmNjM2Fk
MTJmMzk1NWFjMmM5MWZiY2YwYjAyYWQyNzE3Y2FhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF8JmkKKN4PBxzTOJJPOP34bQpAvzAYKG48j0vDATzg1yW
d2CnA7IjEWqWzUTt4PSA4DyRm+GoxWD07vVoDDZFKfipPuPjmpZG+aq7mf7rdtYF
CegzCZDIL2SqArOX9H3yeOqaZO3p7zpoabdJhij45pJfhxqs5bKvIhoCDUv+iJaJ
f/RvmDcl2LZz7v+Gi3cIYLapcfLLh3rx9BVh8psStCwl01I5iVIDVjeClbXMN3QC
b6UGZ5dQwyJ74pHbPAwtraIR/mtKEF1/Tj/nilyckjWV9xbGANepMw2aYz8NWqws
774CS45YhxcrJVcHKJFVbTr1sm98Kgi1c+1L/YLXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvDH+hwuC8hs/Bij47qjQ5EVUHkIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmNDQyNGYxLWExNTQtNGRjMy04MzhlLTU1M2NkZTBkNmQzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQCzANBgkqhkiG9w0BAQsFAAOCAQEAEj4LFRUucl3UtZZB/AzqKN0vYVk/
SBWXbvU8oGp9XzEHsa/VGwfhD82y31wxGlr7/sOncZnC7jz6hgGVtEfUaKR3Ts1M
p6aY2JfU4sZl/YB8j7k+t6yANEXhX+G/eSDzsZGpA8SQdQTOhCaB0ruvcbuSKlnz
zxPOuQnlwnSb8Ex63jsgcXoXH96aI5TggWpAt9DdU1FGHMtb2RRvk6f+61Gj8kfq
JTCUPzPsSj7lE3JV0PSDwuBBhlzkrclPq8HRxUoIfEnJSnhroo7l+LXbW3snGcv9
mJe2CI5x3yJPjfs4w9gNk54ADgM8CZkCSM50WY3kRXbG6ehhQNPB1QRifQ==
-----END CERTIFICATE-----