Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f90d252-f884-488d-a5b2-22cc02e756fe.roa
File:                     6f90d252-f884-488d-a5b2-22cc02e756fe.roa (raw, json)
Hash identifier:          OFwEsvyqQhpYNB+JF/gN9mLCATMhQtPmJRjTSptLJKo=
Subject key identifier:   8F:4B:C0:DC:A8:37:05:CD:82:45:9B:AA:AF:38:99:DA:20:AC:E7:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34265EBFD23890833E8777A9D4E9AE59D2D7E853
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f90d252-f884-488d-a5b2-22cc02e756fe.roa
Signing time:             Wed 22 Jan 2025 00:00:00 +0000
ROA not before:           Wed 22 Jan 2025 00:00:00 +0000
ROA not after:            Wed 26 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.54.176.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:26:5e:bf:d2:38:90:83:3e:87:77:a9:d4:e9:ae:59:d2:d7:e8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 22 00:00:00 2025 GMT
            Not After : Feb 26 23:59:59 2025 GMT
        Subject: serialNumber=feb7028fa4aa526b51c28279caa2c171fa0805696d1f9b4397799edf24bea428, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f8:a9:3d:84:b6:bc:23:56:86:9e:bb:a3:fb:
                    b7:d0:46:26:f2:3f:70:8a:d7:3b:41:0b:94:a9:25:
                    af:cd:8f:8e:57:1d:ad:f8:e2:ad:24:9d:e8:d8:6d:
                    92:ed:b1:d3:b4:b8:0c:7b:1f:d1:c6:0e:28:09:4a:
                    18:2b:6a:a2:b4:4f:29:9d:e4:df:b0:d4:47:a1:d7:
                    cd:d4:ab:7b:c3:ab:bb:a0:1b:99:fe:81:09:33:3f:
                    7a:4b:09:0f:3a:84:e7:66:68:18:00:7f:d8:f3:61:
                    df:97:bb:df:99:1d:03:0c:83:0c:b8:02:a9:5a:ca:
                    9c:ef:ec:ea:10:bf:4f:a6:20:f9:6c:31:69:ce:f7:
                    af:e0:8c:30:c3:f5:97:19:64:6f:b5:78:3e:60:a5:
                    73:d4:23:8b:0a:3b:06:88:a3:79:e6:58:38:25:2b:
                    f4:e5:f1:8c:f9:0a:7c:bb:4b:52:75:4f:ad:6f:7b:
                    fd:f5:74:57:89:4b:5d:2c:52:91:3d:d6:9a:f6:f7:
                    e8:f3:72:09:94:dd:57:63:74:91:5f:17:a2:f4:6b:
                    6a:08:3c:bf:7c:92:df:86:e1:bc:8e:c8:69:02:1b:
                    cc:d2:2b:83:dc:5f:b3:ef:52:d9:24:74:6c:03:f7:
                    b3:90:82:4b:f4:83:29:c7:f0:df:f0:4f:84:92:45:
                    42:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4B:C0:DC:A8:37:05:CD:82:45:9B:AA:AF:38:99:DA:20:AC:E7:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f90d252-f884-488d-a5b2-22cc02e756fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.54.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cc:77:c2:5d:5f:10:5a:93:d1:87:9a:c1:d2:cc:95:44:07:7c:
         e9:72:f6:9f:0c:8b:5e:10:31:04:0e:67:30:2b:eb:5f:7d:6c:
         c8:b6:63:2a:e1:c1:e4:5e:da:4c:3f:fa:20:4c:a3:74:62:43:
         0c:75:68:87:8c:0a:22:83:87:a9:12:da:2c:b3:c2:40:c6:98:
         3f:31:9b:11:d9:d9:bc:18:b7:72:f4:de:f3:dd:94:9f:23:1d:
         29:8d:84:d0:39:6f:5a:6e:03:1b:bf:40:45:c7:0c:75:28:fe:
         ca:45:f6:0a:ee:5b:50:8e:08:54:15:d5:94:24:af:db:ef:c3:
         bc:6b:46:cf:47:d6:9b:ad:16:6f:d6:cf:3d:e2:d7:49:25:40:
         7e:f4:77:7d:38:bd:a7:82:b3:e9:ac:ff:a5:50:bb:51:fd:26:
         ef:a4:9e:a6:de:e9:d0:cb:22:b1:72:3e:ac:41:f1:63:42:34:
         3e:71:f4:80:64:88:5a:77:35:d1:e5:c3:83:97:de:80:c0:b8:
         c1:1c:39:69:51:42:d8:59:60:12:78:9c:fb:1b:e2:b9:6f:cd:
         90:3a:75:09:14:03:ce:1c:f6:3d:dc:a8:69:f6:37:cc:10:1b:
         ff:5b:f7:36:4b:79:6a:1c:50:19:64:11:e9:5c:c4:ae:52:ef:
         c4:e5:ca:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNCZev9I4kIM+h3ep1OmuWdLX6FMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIyMDAwMDAwWhcNMjUwMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZWI3MDI4ZmE0YWE1MjZiNTFjMjgyNzljYWEyYzE3MWZh
MDgwNTY5NmQxZjliNDM5Nzc5OWVkZjI0YmVhNDI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1+Kk9hLa8I1aGnruj+7fQRibyP3CK1ztBC5SpJa/Nj45X
Ha344q0knejYbZLtsdO0uAx7H9HGDigJShgraqK0Tymd5N+w1Eeh183Uq3vDq7ug
G5n+gQkzP3pLCQ86hOdmaBgAf9jzYd+Xu9+ZHQMMgwy4Aqlaypzv7OoQv0+mIPls
MWnO96/gjDDD9ZcZZG+1eD5gpXPUI4sKOwaIo3nmWDglK/Tl8Yz5Cny7S1J1T61v
e/31dFeJS10sUpE91pr29+jzcgmU3VdjdJFfF6L0a2oIPL98kt+G4byOyGkCG8zS
K4PcX7PvUtkkdGwD97OQgkv0gynH8N/wT4SSRULLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUj0vA3Kg3Bc2CRZuqrziZ2iCs53gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmOTBkMjUyLWY4ODQtNDg4ZC1hNWIyLTIyY2MwMmU3NTZmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPRNrAwDQYJKoZIhvcNAQELBQADggEBAMx3wl1fEFqT0YeawdLMlUQHfOly
9p8Mi14QMQQOZzAr6199bMi2YyrhweRe2kw/+iBMo3RiQwx1aIeMCiKDh6kS2iyz
wkDGmD8xmxHZ2bwYt3L03vPdlJ8jHSmNhNA5b1puAxu/QEXHDHUo/spF9gruW1CO
CFQV1ZQkr9vvw7xrRs9H1putFm/Wzz3i10klQH70d304vaeCs+ms/6VQu1H9Ju+k
nqbe6dDLIrFyPqxB8WNCND5x9IBkiFp3NdHlw4OX3oDAuMEcOWlRQthZYBJ4nPsb
4rlvzZA6dQkUA84c9j3cqGn2N8wQG/9b9zZLeWocUBlkEelcxK5S78Tlyio=
-----END CERTIFICATE-----