Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8961c1df-74e8-4097-90d9-22079976d525.roa
File:                     8961c1df-74e8-4097-90d9-22079976d525.roa (raw, json)
Hash identifier:          PZLWuiig6YD4CNa8E8m+kjZaY1N4oG5pCbRdZ0XIeYM=
Subject key identifier:   D1:B1:BF:8A:F8:6B:8F:E5:FE:7E:38:D0:90:35:38:12:53:CE:E3:14
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B7B71C641B4CE8981888D89842FA60AE2AB7BF0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8961c1df-74e8-4097-90d9-22079976d525.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        199.183.0.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:7b:71:c6:41:b4:ce:89:81:88:8d:89:84:2f:a6:0a:e2:ab:7b:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=bede5863fb63ead04961d83b6643480da535b191ab374ddcc7858d6a9a18df69, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0c:0a:27:e5:cd:f7:14:30:9d:09:ef:87:38:
                    af:63:8f:4c:df:a9:b8:87:e9:e3:b5:11:ba:56:98:
                    c7:53:4a:32:b4:7e:03:f5:29:9e:fd:8c:d4:5f:2e:
                    b4:6a:09:37:e4:6c:cf:4d:93:b3:5d:be:7b:55:e8:
                    81:1e:14:72:03:52:3c:af:60:e8:e9:33:d6:25:1d:
                    f2:51:0b:b0:25:e3:ba:71:4b:1e:7d:93:62:10:a6:
                    32:62:4d:6f:ba:9a:77:be:2f:c8:7e:07:ac:39:a7:
                    71:05:49:c6:6b:5a:33:44:fc:4e:8f:e1:c3:fc:08:
                    d2:7a:d0:34:72:71:26:5c:95:00:c0:21:de:90:1b:
                    cf:73:db:fd:43:d0:c7:a6:33:39:4d:90:e1:20:fb:
                    9c:a7:7c:7c:cf:cf:f5:64:25:7b:85:11:37:69:27:
                    cd:a0:d4:9c:ee:ed:66:3d:d5:44:58:cb:92:a6:d2:
                    b9:81:35:4b:d6:da:55:be:3b:37:60:24:34:3b:b3:
                    fe:b1:9c:b3:24:15:b9:39:89:6f:fc:67:4c:ae:88:
                    26:a1:1f:99:1f:3d:0b:11:75:48:87:65:2e:2d:0e:
                    9e:d2:e1:7b:64:98:26:84:37:88:75:79:d8:fc:f4:
                    f8:2a:6c:0f:81:e3:8c:cd:a9:10:44:5d:e5:23:f7:
                    f5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B1:BF:8A:F8:6B:8F:E5:FE:7E:38:D0:90:35:38:12:53:CE:E3:14
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8961c1df-74e8-4097-90d9-22079976d525.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.183.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8d:55:fc:b6:00:ad:f8:5e:94:48:b7:43:09:7e:fa:45:4b:6f:
         7e:98:85:ea:60:32:5d:67:7d:bd:7f:29:2d:95:fb:4c:f2:06:
         40:ce:de:26:18:dc:eb:c4:3f:d1:c5:7b:77:c7:89:45:8f:05:
         b1:49:58:44:ed:3e:09:47:f6:fe:27:fb:d6:b3:2f:e5:f5:e5:
         ff:e9:13:5d:9a:4b:4e:a3:73:97:4f:df:48:c2:b0:93:0c:89:
         25:35:01:9c:33:79:32:b5:0c:6d:2f:99:e6:d3:dc:92:3a:d6:
         df:63:bc:fd:ce:a9:f0:99:96:75:4e:6e:60:82:d9:82:80:ff:
         ea:63:b5:7e:41:86:25:93:29:5f:03:99:6f:f1:14:b8:73:2e:
         42:06:ed:39:fb:85:7b:01:2c:ed:f7:17:bd:62:12:91:e5:4c:
         ce:2a:93:38:6e:a2:43:8e:74:96:2f:57:7f:b0:91:d9:2f:0e:
         0d:2b:d0:93:e4:ea:98:4c:f3:b5:85:83:d1:4a:7b:72:05:a1:
         8c:45:49:49:9a:78:2f:e8:c8:06:15:3c:6c:b2:02:34:88:1d:
         44:2d:67:4c:37:06:62:93:a9:4e:23:ef:48:7d:5d:d9:af:fe:
         e8:e4:4a:31:ce:1c:29:18:cc:af:5e:f2:c6:c7:3c:48:6a:61:
         28:9f:68:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW3txxkG0zomBiI2JhC+mCuKre/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWRlNTg2M2ZiNjNlYWQwNDk2MWQ4M2I2NjQzNDgwZGE1
MzViMTkxYWIzNzRkZGNjNzg1OGQ2YTlhMThkZjY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHDAon5c33FDCdCe+HOK9jj0zfqbiH6eO1EbpWmMdTSjK0
fgP1KZ79jNRfLrRqCTfkbM9Nk7NdvntV6IEeFHIDUjyvYOjpM9YlHfJRC7Al47px
Sx59k2IQpjJiTW+6mne+L8h+B6w5p3EFScZrWjNE/E6P4cP8CNJ60DRycSZclQDA
Id6QG89z2/1D0MemMzlNkOEg+5ynfHzPz/VkJXuFETdpJ82g1Jzu7WY91URYy5Km
0rmBNUvW2lW+OzdgJDQ7s/6xnLMkFbk5iW/8Z0yuiCahH5kfPQsRdUiHZS4tDp7S
4XtkmCaEN4h1edj89PgqbA+B44zNqRBEXeUj9/VtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0bG/ivhrj+X+fjjQkDU4ElPO4xQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5NjFjMWRmLTc0ZTgtNDA5Ny05MGQ5LTIyMDc5OTc2ZDUyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATHtwAwDQYJKoZIhvcNAQELBQADggEBAI1V/LYArfhelEi3Qwl++kVLb36Y
hepgMl1nfb1/KS2V+0zyBkDO3iYY3OvEP9HFe3fHiUWPBbFJWETtPglH9v4n+9az
L+X15f/pE12aS06jc5dP30jCsJMMiSU1AZwzeTK1DG0vmebT3JI61t9jvP3OqfCZ
lnVObmCC2YKA/+pjtX5BhiWTKV8DmW/xFLhzLkIG7Tn7hXsBLO33F71iEpHlTM4q
kzhuokOOdJYvV3+wkdkvDg0r0JPk6phM87WFg9FKe3IFoYxFSUmaeC/oyAYVPGyy
AjSIHUQtZ0w3BmKTqU4j70h9Xdmv/ujkSjHOHCkYzK9e8sbHPEhqYSifaFo=
-----END CERTIFICATE-----