Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fd8acf6-d0a7-49f3-8c69-919bc20fe541.roa
File:                     6fd8acf6-d0a7-49f3-8c69-919bc20fe541.roa (raw, json)
Hash identifier:          y3raE1H47d0+6ZE3E2JMM8VzhmHAOGHnah9CxTEp4sA=
Subject key identifier:   D8:39:89:88:2B:50:B6:79:0D:25:F5:2E:0D:B1:6A:3D:9E:FB:AE:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11D5730CCEAB8BE5F7AFEFA6307034FB368D9069
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fd8acf6-d0a7-49f3-8c69-919bc20fe541.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        32.164.0.0/14 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:d5:73:0c:ce:ab:8b:e5:f7:af:ef:a6:30:70:34:fb:36:8d:90:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=0fdc0fe0447dc38ab89026ba23105b06b222b94bbe2d38ca9edce1aa4294882e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a7:05:a5:a8:27:d0:c7:73:90:db:33:35:b5:
                    6e:ea:fe:4e:61:a8:f1:5a:c1:06:f2:3b:f1:df:ca:
                    f7:f1:97:48:2a:77:3e:04:eb:fd:b3:67:db:4c:61:
                    b1:4f:ad:fe:fd:b2:e5:02:34:7b:8a:b9:ff:62:fe:
                    07:64:8d:c3:88:05:b1:08:7e:b7:d1:3f:a2:70:a0:
                    6a:96:ae:38:91:46:3d:66:5e:dc:fd:46:38:30:5c:
                    39:66:a2:3f:f2:1b:42:be:06:05:96:ee:26:7a:88:
                    4d:b7:6b:c6:45:62:9c:a9:e0:2a:34:7e:c9:84:9b:
                    06:af:1d:3f:10:85:a9:6a:71:c8:a7:05:e6:f1:ec:
                    a1:e8:da:a9:14:d8:dd:cd:89:6a:7b:05:46:ba:44:
                    cc:f0:39:52:70:d9:0b:23:4a:2f:6e:fb:0d:65:46:
                    23:81:5a:c1:66:a9:67:b3:d3:35:20:00:51:15:44:
                    5d:e0:c6:b9:f3:4f:fc:1c:5c:06:a7:cf:51:af:ff:
                    85:80:e0:75:cc:1c:7f:a9:7e:48:e7:54:35:e0:24:
                    16:e6:f7:b0:31:c1:24:fa:fd:05:9b:2e:f0:07:47:
                    48:c1:19:f1:da:7d:ed:42:0d:69:eb:1c:59:1e:ad:
                    48:df:7a:88:6e:4b:39:18:ba:8d:25:ff:b3:b9:9e:
                    bc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:39:89:88:2B:50:B6:79:0D:25:F5:2E:0D:B1:6A:3D:9E:FB:AE:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fd8acf6-d0a7-49f3-8c69-919bc20fe541.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  32.164.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         a2:80:c3:9f:b4:ff:1d:e9:97:18:00:48:d6:c9:0d:8b:b3:bf:
         0c:a0:b3:b9:28:3d:fb:d3:60:50:ca:d6:c9:c8:3b:f6:cd:32:
         3d:49:6b:7d:69:6d:a9:ff:c5:04:fa:a2:58:ff:df:55:d5:d0:
         7b:7d:05:3e:1b:c7:5e:7e:47:e5:ca:82:d9:95:d5:97:e6:91:
         7e:ec:29:bf:31:82:3d:a5:4b:16:90:5b:64:b7:bc:f4:33:96:
         c4:cf:0a:68:78:37:52:fe:99:a2:2d:b8:67:50:db:9d:ab:98:
         bb:76:04:a4:6d:80:aa:55:4e:64:da:c0:a1:26:c1:44:81:18:
         1f:33:7e:2a:8b:22:cc:f5:5e:34:67:d4:1f:a8:67:54:a1:2b:
         59:16:f3:9e:a1:4d:57:a3:b9:60:81:4e:aa:48:1b:70:c1:de:
         29:51:30:f6:19:e0:db:91:bb:33:c7:ca:0c:c2:07:af:48:42:
         ac:15:23:d6:df:45:40:e1:34:be:8f:10:9a:42:15:49:a8:29:
         e8:b0:2f:29:96:c5:cd:df:63:94:85:15:c9:82:5e:ba:e0:5a:
         d8:4e:81:2b:50:9f:1d:b5:1f:c7:35:62:3a:6c:a7:d6:21:37:
         6d:d9:a5:8c:ad:90:8f:3e:ec:12:93:3e:d0:67:0b:41:5f:08:
         3d:f8:28:04
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEdVzDM6ri+X3r++mMHA0+zaNkGkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmRjMGZlMDQ0N2RjMzhhYjg5MDI2YmEyMzEwNWIwNmIy
MjJiOTRiYmUyZDM4Y2E5ZWRjZTFhYTQyOTQ4ODJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzpwWlqCfQx3OQ2zM1tW7q/k5hqPFawQbyO/Hfyvfxl0gq
dz4E6/2zZ9tMYbFPrf79suUCNHuKuf9i/gdkjcOIBbEIfrfRP6JwoGqWrjiRRj1m
Xtz9RjgwXDlmoj/yG0K+BgWW7iZ6iE23a8ZFYpyp4Co0fsmEmwavHT8Qhalqccin
Bebx7KHo2qkU2N3NiWp7BUa6RMzwOVJw2QsjSi9u+w1lRiOBWsFmqWez0zUgAFEV
RF3gxrnzT/wcXAanz1Gv/4WA4HXMHH+pfkjnVDXgJBbm97AxwST6/QWbLvAHR0jB
GfHafe1CDWnrHFkerUjfeohuSzkYuo0l/7O5nryJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2DmJiCtQtnkNJfUuDbFqPZ77rrMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmZDhhY2Y2LWQwYTctNDlmMy04YzY5LTkxOWJjMjBmZTU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIgpDANBgkqhkiG9w0BAQsFAAOCAQEAooDDn7T/HemXGABI1skNi7O/DKCz
uSg9+9NgUMrWycg79s0yPUlrfWltqf/FBPqiWP/fVdXQe30FPhvHXn5H5cqC2ZXV
l+aRfuwpvzGCPaVLFpBbZLe89DOWxM8KaHg3Uv6Zoi24Z1DbnauYu3YEpG2AqlVO
ZNrAoSbBRIEYHzN+KosizPVeNGfUH6hnVKErWRbznqFNV6O5YIFOqkgbcMHeKVEw
9hng25G7M8fKDMIHr0hCrBUj1t9FQOE0vo8QmkIVSagp6LAvKZbFzd9jlIUVyYJe
uuBa2E6BK1CfHbUfxzViOmyn1iE3bdmljK2Qjz7sEpM+0GcLQV8IPfgoBA==
-----END CERTIFICATE-----