Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/894f5841-d37d-4595-b79e-b8108bb28136.roa
File:                     894f5841-d37d-4595-b79e-b8108bb28136.roa (raw, json)
Hash identifier:          jH3hwv0H9mn6+HvEzafMNSF8mMYM5iMVwS6N+O0YbMk=
Subject key identifier:   F0:B6:1E:77:D7:03:FC:9B:11:EA:A8:66:CD:64:F9:A6:F1:AB:FA:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C78674E3B36988DE82235FA685C31BF1E341667
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/894f5841-d37d-4595-b79e-b8108bb28136.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        64.187.128.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:78:67:4e:3b:36:98:8d:e8:22:35:fa:68:5c:31:bf:1e:34:16:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=f7962a3787c292e552d5621f9e8efd9d0ab15fd1ff7e7c8378c30db0fbd56a3b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:74:9e:55:ab:04:e9:a2:04:ed:b3:69:33:8b:
                    d2:51:23:12:ba:11:28:1d:2c:32:fa:02:ce:73:30:
                    22:d4:3f:95:61:25:a7:ea:54:db:c7:7b:b1:17:08:
                    48:aa:59:f4:75:1e:35:3e:4b:dc:9d:81:6c:55:f5:
                    04:40:55:ea:ba:0f:96:87:f3:13:83:40:ef:be:58:
                    62:d0:95:9d:df:70:48:1b:33:03:2f:98:32:c9:69:
                    89:bb:49:46:41:45:ac:7c:15:6d:08:d3:c5:c6:b2:
                    88:9d:18:36:7e:5a:57:22:d9:42:22:4a:1c:a3:5c:
                    4a:6d:9f:62:52:3a:3f:18:f2:7c:f4:58:f8:bb:32:
                    b7:ce:1b:2c:3f:0a:ab:45:65:6c:37:6d:b7:e4:84:
                    0d:96:f0:a9:b3:64:11:11:37:54:b5:e9:65:ab:53:
                    39:a3:97:52:e1:f4:0e:d4:b7:85:82:13:86:38:bd:
                    48:74:2a:ca:94:a3:0b:8b:78:4c:bd:0c:b2:34:3f:
                    21:ce:03:57:9c:96:ba:2c:52:50:94:0d:4a:87:c2:
                    64:78:4c:e0:b8:42:6e:93:7e:e8:c8:41:b7:17:c1:
                    ed:c9:d0:06:16:22:8f:9b:06:45:34:4a:c0:ed:f2:
                    70:7f:2d:12:3f:18:f4:92:cf:f0:9e:f8:ef:77:d3:
                    64:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B6:1E:77:D7:03:FC:9B:11:EA:A8:66:CD:64:F9:A6:F1:AB:FA:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/894f5841-d37d-4595-b79e-b8108bb28136.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.187.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         be:32:93:ce:c3:22:ee:05:f3:24:7a:52:a5:46:82:a8:fa:94:
         d7:6a:7b:dc:df:9c:d7:87:e5:57:7b:75:ad:b6:ea:58:8e:0f:
         a6:7b:90:de:9b:4a:04:34:34:83:13:cf:61:ab:33:ee:4c:dd:
         9d:75:d9:15:83:b2:2b:c3:6f:10:41:71:72:b1:ef:86:e4:00:
         5a:34:14:85:af:f0:a8:6f:a1:b6:6b:2d:4c:ca:c5:c4:a3:52:
         06:ef:0a:7d:34:09:e4:63:c7:ee:62:45:de:7b:4b:e2:54:87:
         3f:81:e6:a8:af:f5:bc:63:4d:eb:b0:87:e4:e3:e0:fe:36:8b:
         f1:60:5f:25:7f:9c:fd:4d:bb:ef:94:7b:08:08:79:27:bf:c2:
         ec:a3:eb:3f:35:a1:5a:cd:6e:ae:f3:a9:3e:f9:e9:9b:5c:9f:
         bc:b4:f6:e0:b2:9e:bd:3d:38:cd:00:1e:79:6c:e9:16:3e:6d:
         6c:6c:2c:89:86:4d:7c:a3:14:9d:08:6e:3d:b4:ff:d8:11:9c:
         37:85:44:0a:9f:f6:62:2e:21:5b:e3:c2:07:6a:2b:7d:62:31:
         be:fd:7d:5b:e2:83:f3:2f:26:53:c4:8d:9d:90:39:17:da:eb:
         59:0d:ce:24:fa:bf:de:77:90:26:5f:18:ad:87:e4:22:c5:d6:
         cc:ce:65:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPHhnTjs2mI3oIjX6aFwxvx40FmcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzk2MmEzNzg3YzI5MmU1NTJkNTYyMWY5ZThlZmQ5ZDBh
YjE1ZmQxZmY3ZTdjODM3OGMzMGRiMGZiZDU2YTNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0dJ5VqwTpogTts2kzi9JRIxK6ESgdLDL6As5zMCLUP5Vh
JafqVNvHe7EXCEiqWfR1HjU+S9ydgWxV9QRAVeq6D5aH8xODQO++WGLQlZ3fcEgb
MwMvmDLJaYm7SUZBRax8FW0I08XGsoidGDZ+Wlci2UIiShyjXEptn2JSOj8Y8nz0
WPi7MrfOGyw/CqtFZWw3bbfkhA2W8KmzZBERN1S16WWrUzmjl1Lh9A7Ut4WCE4Y4
vUh0KsqUowuLeEy9DLI0PyHOA1eclrosUlCUDUqHwmR4TOC4Qm6TfujIQbcXwe3J
0AYWIo+bBkU0SsDt8nB/LRI/GPSSz/Ce+O9302SnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8LYed9cD/JsR6qhmzWT5pvGr+pEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5NGY1ODQxLWQzN2QtNDU5NS1iNzllLWI4MTA4YmIyODEzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARAu4AwDQYJKoZIhvcNAQELBQADggEBAL4yk87DIu4F8yR6UqVGgqj6lNdq
e9zfnNeH5Vd7da226liOD6Z7kN6bSgQ0NIMTz2GrM+5M3Z112RWDsivDbxBBcXKx
74bkAFo0FIWv8KhvobZrLUzKxcSjUgbvCn00CeRjx+5iRd57S+JUhz+B5qiv9bxj
Teuwh+Tj4P42i/FgXyV/nP1Nu++UewgIeSe/wuyj6z81oVrNbq7zqT756Ztcn7y0
9uCynr09OM0AHnls6RY+bWxsLImGTXyjFJ0Ibj20/9gRnDeFRAqf9mIuIVvjwgdq
K31iMb79fVvig/MvJlPEjZ2QORfa61kNziT6v953kCZfGK2H5CLF1szOZSY=
-----END CERTIFICATE-----