Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b85564a-7b8e-482c-82f2-955d84a48b12.roa
File:                     9b85564a-7b8e-482c-82f2-955d84a48b12.roa (raw, json)
Hash identifier:          0ym4vOlwMdJEb1XX9IsB4w54YnMU334+dJ/0NeUcbac=
Subject key identifier:   AB:04:B9:1C:1F:65:E8:D7:06:5B:63:23:59:BF:B6:EE:8D:77:D8:89
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2058CCABC919530A07B4633B234B6EF3852695FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b85564a-7b8e-482c-82f2-955d84a48b12.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        32.247.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:58:cc:ab:c9:19:53:0a:07:b4:63:3b:23:4b:6e:f3:85:26:95:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=dedcfd28cddbe35f45d212caa33b73a8ee2fc85bb321d1b33097a1fd57f5bafe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d2:6b:52:fd:a9:6f:fc:58:23:95:6a:5a:38:
                    c6:d7:93:c7:fa:62:57:91:1e:30:cb:36:37:80:eb:
                    be:b0:75:3a:75:62:25:6c:14:a7:1c:0d:54:f4:ca:
                    03:4d:e9:ec:ea:39:06:fc:16:33:2e:f5:c2:1f:d3:
                    b5:c6:11:f5:a5:ce:ea:b4:e3:23:4a:6f:59:1c:12:
                    24:fe:56:07:0e:f7:74:dd:6e:db:0a:04:51:92:30:
                    31:ce:e1:e9:d7:69:53:f1:01:fb:0d:ee:84:51:47:
                    cd:0d:a8:6a:ee:28:bd:26:76:3e:79:45:c5:31:c6:
                    cb:29:cd:7b:98:40:2b:5f:fb:cf:34:e2:d7:b8:ad:
                    9e:8e:02:6a:8e:7b:f1:9b:ab:08:a2:30:fc:a3:a2:
                    70:b0:e7:26:6a:69:67:e7:33:44:17:b5:25:5a:a5:
                    b8:a3:3b:3b:06:f2:09:e1:99:d5:61:97:97:12:58:
                    4d:a4:ee:10:9d:f5:06:95:78:c3:96:01:da:52:19:
                    60:63:86:b2:c3:b6:eb:1d:2e:f2:9a:b4:11:8b:c6:
                    67:b3:9a:47:1c:68:56:fe:a5:d5:45:3a:dc:51:21:
                    2f:77:b9:8d:be:24:d5:b8:37:86:02:44:42:3a:b4:
                    49:3a:9d:9b:a1:56:52:c1:f7:a3:77:9d:56:58:0e:
                    c6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:04:B9:1C:1F:65:E8:D7:06:5B:63:23:59:BF:B6:EE:8D:77:D8:89
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b85564a-7b8e-482c-82f2-955d84a48b12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  32.247.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a9:96:b8:a6:0a:e4:dd:b2:d8:1a:c1:02:24:90:5f:26:93:51:
         77:f2:41:d1:85:3d:f9:2f:f1:25:c1:65:88:8e:12:27:4f:39:
         30:2e:de:b3:88:d9:48:72:43:0c:8d:77:2d:24:63:d7:de:51:
         a6:86:3e:12:18:3e:19:86:b3:9d:40:fe:b2:7c:7a:c3:2e:03:
         0c:f5:d7:f0:6f:ee:f5:2e:0c:75:46:31:db:0c:e5:e3:43:5c:
         46:54:a9:e1:d9:94:1d:8c:61:56:d0:35:e9:71:4f:84:23:fb:
         cf:6e:58:6c:26:55:22:0a:83:a9:cf:76:fa:27:dc:1d:08:ca:
         d3:f1:9c:20:cd:4d:e6:36:c0:21:a8:7c:52:1d:68:9f:a4:da:
         29:2f:10:65:05:2a:be:9a:02:2b:ea:98:af:41:3a:bb:d0:82:
         bd:e1:31:1b:2c:1a:39:49:25:67:b1:e8:23:cb:ea:f1:d6:ae:
         72:8e:e5:df:3e:87:a3:e2:e8:d6:fa:ec:2d:9a:b6:e9:dd:26:
         15:34:a9:4f:09:0a:94:4d:65:83:93:67:36:7d:bb:f2:bc:51:
         ee:af:be:b5:9e:d9:70:d2:04:88:df:2c:b1:85:94:ac:df:0c:
         f7:10:69:d8:16:88:21:9a:d4:9b:66:9a:35:5c:e0:7a:97:f7:
         aa:95:f4:9e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIFjMq8kZUwoHtGM7I0tu84Umlf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWRjZmQyOGNkZGJlMzVmNDVkMjEyY2FhMzNiNzNhOGVl
MmZjODViYjMyMWQxYjMzMDk3YTFmZDU3ZjViYWZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu0mtS/alv/FgjlWpaOMbXk8f6YleRHjDLNjeA676wdTp1
YiVsFKccDVT0ygNN6ezqOQb8FjMu9cIf07XGEfWlzuq04yNKb1kcEiT+VgcO93Td
btsKBFGSMDHO4enXaVPxAfsN7oRRR80NqGruKL0mdj55RcUxxsspzXuYQCtf+880
4te4rZ6OAmqOe/GbqwiiMPyjonCw5yZqaWfnM0QXtSVapbijOzsG8gnhmdVhl5cS
WE2k7hCd9QaVeMOWAdpSGWBjhrLDtusdLvKatBGLxmezmkccaFb+pdVFOtxRIS93
uY2+JNW4N4YCREI6tEk6nZuhVlLB96N3nVZYDsadAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqwS5HB9l6NcGW2MjWb+27o132IkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliODU1NjRhLTdiOGUtNDgyYy04MmYyLTk1NWQ4NGE0OGIxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAg9zANBgkqhkiG9w0BAQsFAAOCAQEAqZa4pgrk3bLYGsECJJBfJpNRd/JB
0YU9+S/xJcFliI4SJ085MC7es4jZSHJDDI13LSRj195RpoY+Ehg+GYaznUD+snx6
wy4DDPXX8G/u9S4MdUYx2wzl40NcRlSp4dmUHYxhVtA16XFPhCP7z25YbCZVIgqD
qc92+ifcHQjK0/GcIM1N5jbAIah8Uh1on6TaKS8QZQUqvpoCK+qYr0E6u9CCveEx
GywaOUklZ7HoI8vq8dauco7l3z6Ho+Lo1vrsLZq26d0mFTSpTwkKlE1lg5NnNn27
8rxR7q++tZ7ZcNIEiN8ssYWUrN8M9xBp2BaIIZrUm2aaNVzgepf3qpX0ng==
-----END CERTIFICATE-----