Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9eae2235-8723-4a71-a528-d691924c22e1.roa
File:                     9eae2235-8723-4a71-a528-d691924c22e1.roa (raw, json)
Hash identifier:          14v9TMkVlYWGxILeD6V1EcszYE7JMv1qdveiBAUQfNo=
Subject key identifier:   B6:B8:66:2B:71:60:0B:AD:2F:55:35:8C:E1:4A:9C:A8:93:B7:00:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0AF5B5142A62ABA0774F5CCA5C5FF7CD913E16EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9eae2235-8723-4a71-a528-d691924c22e1.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.208.123.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:f5:b5:14:2a:62:ab:a0:77:4f:5c:ca:5c:5f:f7:cd:91:3e:16:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=68d3add1fd14e96b42a82418cc948c778468ff36c20fd4d364e7be6353f364e5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3f:29:a3:eb:1b:67:d0:f4:e6:80:f6:33:e2:
                    40:ac:f5:25:66:c1:37:60:25:be:ef:a8:c6:ba:81:
                    0e:f3:13:8b:24:33:a0:b8:d1:4f:cb:a1:e4:3e:32:
                    f2:99:fe:15:bc:81:d8:d5:5b:78:7d:21:8d:51:9f:
                    67:46:66:8e:30:9e:ec:8e:ca:23:4d:f0:3e:8e:2d:
                    21:af:91:71:8b:ed:f7:23:df:e7:1f:95:46:3e:89:
                    07:64:84:2f:f2:2f:91:a1:59:b4:33:cf:81:68:bc:
                    1c:10:25:d6:8c:53:33:60:b8:dc:1a:8c:fe:47:d5:
                    28:1d:af:f4:d8:49:17:37:bf:d2:97:ac:86:7b:c4:
                    32:10:55:a0:c6:1c:78:d4:4a:fc:02:74:7d:20:13:
                    35:a2:d8:7a:d1:9a:9f:8a:ab:d5:8c:b6:68:37:32:
                    48:51:76:58:59:29:58:d7:6e:32:4f:a1:69:0d:44:
                    f0:93:61:cb:93:1b:ca:a3:c1:31:a2:9e:d1:dc:4e:
                    f0:90:eb:27:32:37:e7:c3:27:aa:33:85:09:fe:bd:
                    9c:79:d2:25:83:8a:1f:ab:cd:33:d6:bd:eb:c7:03:
                    76:49:58:9a:d9:69:44:a6:9f:85:f9:95:da:73:d6:
                    7f:42:93:5e:39:dd:f7:1f:c7:b9:ff:c6:84:2b:52:
                    29:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B8:66:2B:71:60:0B:AD:2F:55:35:8C:E1:4A:9C:A8:93:B7:00:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9eae2235-8723-4a71-a528-d691924c22e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.208.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:9d:86:79:27:f3:de:4d:87:b0:af:d7:43:be:4b:bb:61:8a:
         70:0f:3b:17:7f:45:eb:d6:27:81:14:f5:f6:87:ec:5e:fb:0c:
         b0:55:b5:0d:a5:1e:53:ba:e7:ed:93:8b:02:5c:a1:53:11:f8:
         1c:e1:01:38:e0:4b:97:a8:6c:04:c0:5b:d2:7c:d4:20:fe:bf:
         f7:df:3e:9b:97:0f:cf:6e:3e:8b:c5:dd:19:30:f7:91:af:7d:
         49:82:a3:0c:36:f3:e9:8f:e5:cb:bf:1c:2d:bd:46:aa:08:a5:
         11:e7:62:a0:ad:62:07:28:0f:5e:e1:10:67:f1:79:69:9e:a7:
         7c:8b:9e:94:cc:90:aa:6f:90:dd:12:51:28:dd:bc:c1:db:4d:
         43:8c:c8:b7:de:36:29:b7:8f:9b:63:cd:85:e1:31:15:55:2b:
         95:87:8e:23:90:3d:17:c7:1e:81:28:43:19:94:c2:ae:64:b3:
         a8:8a:77:ac:1e:6d:48:25:37:91:30:97:60:83:e4:0a:24:17:
         24:47:f1:9e:4b:de:e8:4c:7b:f3:ae:7e:61:d9:29:84:1e:0e:
         9b:34:5b:42:e5:25:2e:8b:4f:e4:eb:19:74:c3:04:00:78:23:
         0f:2b:a9:ef:9a:9c:29:d5:02:0c:ed:1f:ff:1b:33:32:b8:31:
         a0:bc:02:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCvW1FCpiq6B3T1zKXF/3zZE+FuowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OGQzYWRkMWZkMTRlOTZiNDJhODI0MThjYzk0OGM3Nzg0
NjhmZjM2YzIwZmQ0ZDM2NGU3YmU2MzUzZjM2NGU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCePymj6xtn0PTmgPYz4kCs9SVmwTdgJb7vqMa6gQ7zE4sk
M6C40U/LoeQ+MvKZ/hW8gdjVW3h9IY1Rn2dGZo4wnuyOyiNN8D6OLSGvkXGL7fcj
3+cflUY+iQdkhC/yL5GhWbQzz4FovBwQJdaMUzNguNwajP5H1Sgdr/TYSRc3v9KX
rIZ7xDIQVaDGHHjUSvwCdH0gEzWi2HrRmp+Kq9WMtmg3MkhRdlhZKVjXbjJPoWkN
RPCTYcuTG8qjwTGintHcTvCQ6ycyN+fDJ6ozhQn+vZx50iWDih+rzTPWvevHA3ZJ
WJrZaUSmn4X5ldpz1n9Ck1453fcfx7n/xoQrUik5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtrhmK3FgC60vVTWM4UqcqJO3AAEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllYWUyMjM1LTg3MjMtNGE3MS1hNTI4LWQ2OTE5MjRjMjJlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACi0HswDQYJKoZIhvcNAQELBQADggEBAJCdhnkn895Nh7Cv10O+S7thinAP
Oxd/RevWJ4EU9faH7F77DLBVtQ2lHlO65+2TiwJcoVMR+BzhATjgS5eobATAW9J8
1CD+v/ffPpuXD89uPovF3Rkw95GvfUmCoww28+mP5cu/HC29RqoIpRHnYqCtYgco
D17hEGfxeWmep3yLnpTMkKpvkN0SUSjdvMHbTUOMyLfeNim3j5tjzYXhMRVVK5WH
jiOQPRfHHoEoQxmUwq5ks6iKd6webUglN5Ewl2CD5AokFyRH8Z5L3uhMe/OufmHZ
KYQeDps0W0LlJS6LT+TrGXTDBAB4Iw8rqe+anCnVAgztH/8bMzK4MaC8AvM=
-----END CERTIFICATE-----