Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f83be28-929e-466e-8557-0586ca761224.roa
File:                     7f83be28-929e-466e-8557-0586ca761224.roa (raw, json)
Hash identifier:          Ml3BSmYt1IOhkfz6/43ZAWcOqs+arPd+HWh0aAnU7+Q=
Subject key identifier:   C8:9C:CD:07:05:73:DE:68:9B:64:CA:ED:6C:0E:45:DA:5A:24:10:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14891975AC56E020F8EAF2F9185634199341E1F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f83be28-929e-466e-8557-0586ca761224.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.176.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:89:19:75:ac:56:e0:20:f8:ea:f2:f9:18:56:34:19:93:41:e1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=a37a17dfe8b9598d4f765cd29fddd1210efe62252fc532033e316fe81bd8a1dd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:12:6f:06:cd:9b:1d:0a:31:56:f8:07:03:7a:
                    b2:ac:9e:ca:f5:2a:f8:86:b4:b6:f7:32:9d:9a:b1:
                    6a:d6:51:9c:f3:eb:44:03:b6:25:81:54:2a:91:b5:
                    86:cf:46:3c:b4:3c:dd:32:b1:b1:85:9b:c9:dc:1a:
                    4e:2a:81:28:8f:04:8f:58:3c:e2:6e:e0:d8:cf:49:
                    4b:a7:bf:72:88:56:58:f0:a5:07:b4:5d:28:e3:7b:
                    04:94:ca:6d:8b:99:36:c6:99:74:d9:27:ab:4b:e0:
                    09:fb:21:bf:3d:fc:9b:2d:b1:ed:b3:b9:9e:b3:96:
                    ae:c0:fb:4f:ad:7b:df:39:40:cc:a4:38:19:ae:94:
                    53:70:b7:1d:42:5e:96:ec:1f:1c:cc:54:14:3e:44:
                    7d:8a:85:16:9c:b3:7a:f7:c7:c6:7a:e2:62:7d:25:
                    db:a2:45:a0:c5:09:98:81:dc:a6:85:88:b6:e6:45:
                    31:34:17:6e:76:b2:39:d5:16:ef:8a:68:37:21:2b:
                    cc:05:ea:39:0c:06:a2:ba:41:ad:bb:a4:40:81:22:
                    91:db:fa:b7:08:e9:b9:f3:c9:39:10:c0:7f:66:2d:
                    72:bf:57:03:27:f7:7e:74:a0:2e:2f:00:97:3c:20:
                    f2:ad:09:6e:d4:27:84:23:c4:29:42:c1:50:d8:ce:
                    03:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:9C:CD:07:05:73:DE:68:9B:64:CA:ED:6C:0E:45:DA:5A:24:10:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f83be28-929e-466e-8557-0586ca761224.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.176.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ab:61:c9:fb:69:e7:62:c9:fe:ce:6e:ba:df:08:4f:4f:2e:18:
         3b:35:65:15:43:b5:93:36:af:3f:69:62:45:cf:de:52:89:19:
         97:8f:38:1c:d1:58:4b:8a:c9:cd:d0:1c:bc:c0:14:7b:32:b1:
         6d:04:a5:e4:9e:68:42:52:c5:f9:ce:cf:7e:08:7e:d9:f7:4d:
         7a:48:09:c6:c8:69:5c:2f:98:8c:11:29:68:ee:8d:28:93:dc:
         ef:7f:c3:57:d8:89:29:f2:da:92:62:50:90:37:56:4b:b7:f7:
         94:84:13:31:ba:e0:76:67:79:83:a3:d3:b6:7c:86:9a:b0:1b:
         f0:44:2f:d3:06:35:cc:9b:f7:6e:a4:4c:60:0f:36:b4:89:b9:
         25:ab:a9:b8:79:11:99:f4:a3:09:db:ce:b7:07:68:c0:d3:96:
         f4:ee:10:40:ab:da:a3:ea:c9:88:50:48:a6:18:a4:bf:84:38:
         d0:32:19:34:e0:06:2f:4d:cb:94:5f:ac:ff:c9:62:31:36:6e:
         cf:7f:e9:bb:9c:0b:0a:f4:7b:68:34:6b:b0:a0:94:c5:13:8c:
         53:a1:78:8a:9d:20:c3:71:cc:e3:5f:15:74:bf:d3:8d:8e:b5:
         1b:02:24:53:44:f6:28:14:b6:eb:6d:bf:2e:a4:7f:d8:dc:1d:
         dd:a6:c8:9f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFIkZdaxW4CD46vL5GFY0GZNB4fQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzdhMTdkZmU4Yjk1OThkNGY3NjVjZDI5ZmRkZDEyMTBl
ZmU2MjI1MmZjNTMyMDMzZTMxNmZlODFiZDhhMWRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1Em8GzZsdCjFW+AcDerKsnsr1KviGtLb3Mp2asWrWUZzz
60QDtiWBVCqRtYbPRjy0PN0ysbGFm8ncGk4qgSiPBI9YPOJu4NjPSUunv3KIVljw
pQe0XSjjewSUym2LmTbGmXTZJ6tL4An7Ib89/Jstse2zuZ6zlq7A+0+te985QMyk
OBmulFNwtx1CXpbsHxzMVBQ+RH2KhRacs3r3x8Z64mJ9JduiRaDFCZiB3KaFiLbm
RTE0F252sjnVFu+KaDchK8wF6jkMBqK6Qa27pECBIpHb+rcI6bnzyTkQwH9mLXK/
VwMn9350oC4vAJc8IPKtCW7UJ4QjxClCwVDYzgPxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyJzNBwVz3mibZMrtbA5F2lokEFIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmODNiZTI4LTkyOWUtNDY2ZS04NTU3LTA1ODZjYTc2MTIyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEosDANBgkqhkiG9w0BAQsFAAOCAQEAq2HJ+2nnYsn+zm663whPTy4YOzVl
FUO1kzavP2liRc/eUokZl484HNFYS4rJzdAcvMAUezKxbQSl5J5oQlLF+c7Pfgh+
2fdNekgJxshpXC+YjBEpaO6NKJPc73/DV9iJKfLakmJQkDdWS7f3lIQTMbrgdmd5
g6PTtnyGmrAb8EQv0wY1zJv3bqRMYA82tIm5JaupuHkRmfSjCdvOtwdowNOW9O4Q
QKvao+rJiFBIphikv4Q40DIZNOAGL03LlF+s/8liMTZuz3/pu5wLCvR7aDRrsKCU
xROMU6F4ip0gw3HM418VdL/TjY61GwIkU0T2KBS2622/LqR/2Nwd3abInw==
-----END CERTIFICATE-----