Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa
File:                     8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa (raw, json)
Hash identifier:          3rfx8BwudWDrGnItZQcvXY8JwSVbYl5HN3bRVbv/K/8=
Subject key identifier:   90:B2:1A:C6:53:F3:AF:EC:55:77:66:DC:FF:4C:34:B1:9A:03:87:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       345BDB54A1B5B53BCB9539664A96C866FB7F2004
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.22.64.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:5b:db:54:a1:b5:b5:3b:cb:95:39:66:4a:96:c8:66:fb:7f:20:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=3f6dd949659d1912bd59c12b40b5a5e3ab580f93d268949c8725cf7fa254bb00, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6b:b4:04:a7:48:73:c5:2f:a9:f8:c1:a8:3e:
                    14:9d:2a:c5:29:04:c2:f6:a2:7e:f8:b0:0d:11:a5:
                    11:aa:2c:f9:54:fe:83:69:1a:06:bc:42:5c:5a:14:
                    14:89:86:cd:35:ba:51:71:d3:a2:7a:ad:64:34:46:
                    25:11:36:eb:6e:f5:12:60:df:c0:03:81:b1:52:b5:
                    e8:08:d9:fa:e8:ed:32:82:85:20:db:62:af:71:24:
                    c4:79:ad:1b:58:bd:37:68:2d:5e:72:ce:fc:9f:c4:
                    66:4f:d0:39:e2:ee:03:99:5f:e2:53:56:72:df:d3:
                    0d:8d:5d:a9:e1:47:46:1a:c7:8a:2f:74:8e:b5:7e:
                    ed:39:82:59:4c:bf:b4:8b:e0:60:64:cc:7a:da:d5:
                    44:cd:be:75:5f:6d:12:08:c3:a6:03:bd:72:bb:dc:
                    60:8b:f4:fc:6a:e8:97:5b:15:c0:4a:d0:00:11:44:
                    01:63:fe:14:fc:8a:e6:33:c9:3e:62:46:c0:84:98:
                    73:bf:88:d4:0c:e3:99:7d:1f:1d:f3:af:f2:61:d4:
                    a6:a1:68:07:a5:38:a9:56:21:db:1e:ed:b5:48:3a:
                    88:19:b3:e4:d9:3b:fb:ff:2e:ed:4a:27:b5:5d:7a:
                    7e:a8:33:3b:f0:cd:fe:6d:91:79:36:2d:3b:16:a3:
                    17:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B2:1A:C6:53:F3:AF:EC:55:77:66:DC:FF:4C:34:B1:9A:03:87:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d27659a-99b8-4f12-8e10-81c7bc2cf7bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:d3:28:1b:ec:0e:4c:a9:7d:5f:58:67:1e:73:2f:41:2f:c5:
         bf:e2:86:f9:0b:1c:9a:82:a5:fc:a2:38:d9:74:4a:ea:a1:6c:
         3f:93:f7:84:16:8b:1c:e9:9f:12:3b:69:9d:97:c3:cc:14:c4:
         51:ed:cf:8e:6d:b9:ec:e4:a5:cf:8c:d4:7b:df:da:4f:74:b3:
         d9:25:ea:cb:b4:92:07:e2:d1:d9:0a:82:1c:e1:03:61:5c:49:
         a7:d1:df:31:bf:ac:a6:83:b9:24:e6:7c:72:9f:4d:fb:68:5a:
         3e:d6:f8:27:f9:8a:39:77:b1:6d:2b:4f:77:0e:e0:6c:fa:a8:
         f6:7e:9e:23:ff:6f:af:32:57:48:57:3c:98:56:5a:3a:b8:4b:
         bc:a5:05:bb:00:7b:99:f2:c4:3d:fd:41:78:50:b4:33:a5:df:
         aa:0f:ee:12:e7:ec:1f:ca:7f:d4:0f:bf:b6:38:d8:94:4f:6c:
         84:66:a8:6a:09:59:f3:a4:2c:db:af:01:e5:d4:b3:83:6e:9a:
         86:16:46:c9:a3:17:bc:7e:39:71:d8:d8:3d:9b:bf:cb:46:e9:
         d4:b5:70:97:35:76:be:9c:bf:bd:9b:11:11:51:b1:d2:a4:8f:
         1d:20:5b:62:69:11:a3:46:c1:a4:c5:34:2b:9e:b3:9b:83:90:
         03:69:12:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNFvbVKG1tTvLlTlmSpbIZvt/IAQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjZkZDk0OTY1OWQxOTEyYmQ1OWMxMmI0MGI1YTVlM2Fi
NTgwZjkzZDI2ODk0OWM4NzI1Y2Y3ZmEyNTRiYjAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8a7QEp0hzxS+p+MGoPhSdKsUpBML2on74sA0RpRGqLPlU
/oNpGga8QlxaFBSJhs01ulFx06J6rWQ0RiURNutu9RJg38ADgbFStegI2fro7TKC
hSDbYq9xJMR5rRtYvTdoLV5yzvyfxGZP0Dni7gOZX+JTVnLf0w2NXanhR0Yax4ov
dI61fu05gllMv7SL4GBkzHra1UTNvnVfbRIIw6YDvXK73GCL9Pxq6JdbFcBK0AAR
RAFj/hT8iuYzyT5iRsCEmHO/iNQM45l9Hx3zr/Jh1KahaAelOKlWIdse7bVIOogZ
s+TZO/v/Lu1KJ7Vden6oMzvwzf5tkXk2LTsWoxeNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkLIaxlPzr+xVd2bc/0w0sZoDh70wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkMjc2NTlhLTk5YjgtNGYxMi04ZTEwLTgxYzdiYzJjZjdiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMXFkAwDQYJKoZIhvcNAQELBQADggEBAD3TKBvsDkypfV9YZx5zL0Evxb/i
hvkLHJqCpfyiONl0SuqhbD+T94QWixzpnxI7aZ2Xw8wUxFHtz45tuezkpc+M1Hvf
2k90s9kl6su0kgfi0dkKghzhA2FcSafR3zG/rKaDuSTmfHKfTftoWj7W+Cf5ijl3
sW0rT3cO4Gz6qPZ+niP/b68yV0hXPJhWWjq4S7ylBbsAe5nyxD39QXhQtDOl36oP
7hLn7B/Kf9QPv7Y42JRPbIRmqGoJWfOkLNuvAeXUs4NumoYWRsmjF7x+OXHY2D2b
v8tG6dS1cJc1dr6cv72bERFRsdKkjx0gW2JpEaNGwaTFNCues5uDkANpEks=
-----END CERTIFICATE-----