Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99dc9481-27a7-4001-9969-6d870b60573b.roa
File:                     99dc9481-27a7-4001-9969-6d870b60573b.roa (raw, json)
Hash identifier:          wlaiV8+oZ+kpIGf6oTxbrkzf5igsyGjNStuxlbsko04=
Subject key identifier:   40:F6:E1:95:B4:28:90:66:C4:40:C4:37:3A:50:91:67:7C:DC:29:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B11417498590E9976ABD9EA9DFE26DB0E95E799
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99dc9481-27a7-4001-9969-6d870b60573b.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        165.129.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:11:41:74:98:59:0e:99:76:ab:d9:ea:9d:fe:26:db:0e:95:e7:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=7d43fc49cfeea97e2421f3737909e956484c8c4fb8710828853440c1fb14b513, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:09:fe:fb:9d:94:d5:f3:04:c9:12:1e:11:3f:
                    23:56:da:75:72:4e:57:f1:77:15:be:f4:be:66:99:
                    c1:ed:8c:51:7c:61:be:3a:e7:64:c2:f8:22:80:ea:
                    d3:22:8f:bc:26:34:25:d5:b6:fd:fb:ea:e8:5a:0e:
                    d4:cf:f1:78:7b:5d:fa:11:1a:e4:f0:c2:44:6c:25:
                    43:94:8b:29:d1:a1:8f:94:ad:6a:d2:b8:f8:6c:d7:
                    12:c2:89:f2:ba:fa:9b:5b:92:b8:be:d2:20:22:df:
                    c7:1e:00:f9:a7:08:2d:69:3a:e6:98:af:c1:ec:5d:
                    68:b4:d4:e0:c2:c9:58:26:2d:5f:2c:db:b8:d6:b6:
                    c1:38:48:bb:3b:c0:98:a2:93:b5:c6:33:6c:85:7e:
                    2d:b0:ff:8e:37:79:f1:87:16:10:93:f7:52:c6:a2:
                    b4:2e:55:dc:18:f9:81:fa:4a:b6:16:68:96:25:4e:
                    44:e0:f7:a7:14:c6:c1:0f:81:d3:53:68:1a:a8:aa:
                    c4:7a:bc:7f:e6:93:64:cb:d7:76:da:6c:86:73:81:
                    8c:98:9c:8e:e2:59:7d:0f:9e:68:f2:e3:1f:0f:ed:
                    08:22:b7:d1:5f:a7:91:45:6a:8f:ce:49:63:d9:a3:
                    60:37:dc:97:2e:4e:4d:c1:dc:03:64:c2:82:7c:0a:
                    5e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F6:E1:95:B4:28:90:66:C4:40:C4:37:3A:50:91:67:7C:DC:29:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99dc9481-27a7-4001-9969-6d870b60573b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7a:1e:6a:50:4f:1d:bb:d2:87:08:4b:a5:27:6f:9d:64:13:5e:
         76:23:12:b8:c2:e6:f7:99:6d:3b:95:38:54:63:72:11:b5:27:
         ea:e3:8b:9c:09:b3:fd:0b:c8:aa:61:6b:df:38:9b:52:06:81:
         4d:ea:1d:29:77:80:3d:00:1a:71:5c:48:a4:ba:df:3b:e3:08:
         a7:fb:7b:85:02:b4:21:78:a6:f3:37:ac:6b:bb:33:10:0a:59:
         3a:cf:86:3c:be:8d:63:04:af:48:79:23:da:b3:20:37:40:3c:
         94:2b:3b:f0:f7:10:48:15:d6:1c:38:2f:db:bc:2a:78:b6:ca:
         89:6c:08:8d:0a:db:0d:e0:77:7d:47:3e:69:7a:42:9e:2e:3f:
         9f:9c:59:50:e2:71:d2:5a:4f:8d:71:b5:9a:53:a7:2b:d4:02:
         14:0c:2f:c3:a3:a9:da:0e:cd:f6:d4:e3:ce:47:07:6f:81:e0:
         85:ac:47:76:72:e7:52:b3:39:d6:41:4d:22:51:27:fd:cc:98:
         ad:3f:e9:f5:be:47:ab:ae:b3:bf:8e:ed:6f:22:68:fa:a4:8c:
         a9:e7:b2:a6:b1:f3:5d:36:49:42:f1:53:65:e0:ca:40:b2:25:
         b1:d3:78:2a:05:46:e1:12:55:2e:4c:76:5e:f5:30:fd:c8:7b:
         3e:34:61:bb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWxFBdJhZDpl2q9nqnf4m2w6V55kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDQzZmM0OWNmZWVhOTdlMjQyMWYzNzM3OTA5ZTk1NjQ4
NGM4YzRmYjg3MTA4Mjg4NTM0NDBjMWZiMTRiNTEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDACf77nZTV8wTJEh4RPyNW2nVyTlfxdxW+9L5mmcHtjFF8
Yb4652TC+CKA6tMij7wmNCXVtv376uhaDtTP8Xh7XfoRGuTwwkRsJUOUiynRoY+U
rWrSuPhs1xLCifK6+ptbkri+0iAi38ceAPmnCC1pOuaYr8HsXWi01ODCyVgmLV8s
27jWtsE4SLs7wJiik7XGM2yFfi2w/443efGHFhCT91LGorQuVdwY+YH6SrYWaJYl
TkTg96cUxsEPgdNTaBqoqsR6vH/mk2TL13babIZzgYyYnI7iWX0Pnmjy4x8P7Qgi
t9Ffp5FFao/OSWPZo2A33JcuTk3B3ANkwoJ8Cl5BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQPbhlbQokGbEQMQ3OlCRZ3zcKQEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5ZGM5NDgxLTI3YTctNDAwMS05OTY5LTZkODcwYjYwNTczYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwClgTANBgkqhkiG9w0BAQsFAAOCAQEAeh5qUE8du9KHCEulJ2+dZBNediMS
uMLm95ltO5U4VGNyEbUn6uOLnAmz/QvIqmFr3zibUgaBTeodKXeAPQAacVxIpLrf
O+MIp/t7hQK0IXim8zesa7szEApZOs+GPL6NYwSvSHkj2rMgN0A8lCs78PcQSBXW
HDgv27wqeLbKiWwIjQrbDeB3fUc+aXpCni4/n5xZUOJx0lpPjXG1mlOnK9QCFAwv
w6Op2g7N9tTjzkcHb4HghaxHdnLnUrM51kFNIlEn/cyYrT/p9b5Hq66zv47tbyJo
+qSMqeeyprHzXTZJQvFTZeDKQLIlsdN4KgVG4RJVLkx2XvUw/ch7PjRhuw==
-----END CERTIFICATE-----