Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a25a98f5-7804-4094-8cb7-934444d2052d.roa
File:                     a25a98f5-7804-4094-8cb7-934444d2052d.roa (raw, json)
Hash identifier:          PlokrC0n0udXCJXs95mwmclJA8LN/2qyBc4Q6xNpwEw=
Subject key identifier:   2A:27:A5:AB:D2:BE:08:83:8A:4A:53:D5:13:49:87:DF:46:A6:7E:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       524D15E9684E5E3319CEF6A30BC15F1539626C7C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a25a98f5-7804-4094-8cb7-934444d2052d.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.31.213.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:4d:15:e9:68:4e:5e:33:19:ce:f6:a3:0b:c1:5f:15:39:62:6c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=fd862fd6b00f5cfc854e55cebb9128649155564dfa18326a77bc734cf770c5c4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:81:1f:4b:14:47:82:a1:d3:45:bc:08:5f:a7:
                    0a:9d:23:8e:bc:42:4d:1c:dd:eb:ec:fc:bf:07:e1:
                    4d:87:d7:85:24:a9:e5:b1:f8:a8:40:2a:b2:89:e0:
                    36:e5:cd:2e:f7:67:32:98:ce:37:66:8f:9f:5c:35:
                    13:6d:e5:3e:71:b1:3a:2d:c7:f7:24:bd:36:a5:b0:
                    5b:d6:0a:61:93:89:a9:c4:5a:fd:37:3a:e0:70:65:
                    c2:53:ae:4c:48:47:1a:b2:b5:52:f5:10:17:70:fe:
                    2c:5a:6b:cf:40:4a:99:e8:3f:23:c3:66:cf:c7:a9:
                    d5:fb:95:a3:93:c7:76:46:a0:49:7b:17:42:db:56:
                    b5:fa:8a:d1:e1:eb:d3:2d:86:a9:48:30:8e:eb:a2:
                    59:50:98:6d:be:fb:49:34:0c:c3:8b:c9:66:95:2f:
                    b6:5c:43:7a:f7:f6:e0:3f:16:01:1a:7e:75:75:6e:
                    35:fc:02:11:8d:08:39:a1:6e:37:7a:31:55:78:89:
                    b6:43:4f:cf:c8:cb:ff:95:be:03:48:38:05:71:8d:
                    66:9e:39:8c:3d:41:48:3f:18:c8:6e:f2:f5:c3:51:
                    6e:eb:e6:30:ce:28:7b:54:2f:d1:e4:6c:ec:a6:41:
                    16:e9:d0:fd:1c:09:8b:7a:7f:f5:5e:6e:b0:db:44:
                    61:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:27:A5:AB:D2:BE:08:83:8A:4A:53:D5:13:49:87:DF:46:A6:7E:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a25a98f5-7804-4094-8cb7-934444d2052d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.31.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:08:72:55:61:89:5f:ec:7d:04:4b:ba:ce:9a:ba:5e:dd:32:
         a3:a8:43:ff:2f:70:78:06:38:39:2c:7d:47:82:cf:a6:9b:9d:
         2b:d0:ee:00:84:b5:be:2c:31:f5:a2:12:fd:54:02:8d:b3:30:
         e8:92:dc:05:41:92:a5:c6:f5:fd:63:0e:2d:0a:9b:91:20:69:
         da:bc:a7:f5:36:7f:d2:4c:65:60:53:67:ce:da:13:d1:40:b9:
         ab:32:f1:25:2a:45:7f:ff:4c:a4:9e:c4:48:d6:35:fc:7a:44:
         e4:4b:bd:8f:e1:5b:da:59:1a:dd:3f:97:02:34:fd:97:25:8f:
         8c:bb:8b:fe:e2:23:fe:f0:78:44:82:07:a7:85:e0:b6:f1:1b:
         66:56:c3:e6:d2:a6:d9:76:1d:d2:55:71:52:54:55:74:c7:72:
         67:c1:a7:54:2c:9e:d0:ff:e9:bb:e5:e1:72:de:5b:b2:2a:3a:
         d1:87:19:88:80:07:ad:fe:32:56:1d:7a:bd:63:d9:c9:7d:8b:
         2b:43:0d:0f:af:90:63:04:03:e1:2e:5b:52:bf:76:10:c6:02:
         63:16:cf:15:1d:01:98:66:17:22:c2:16:68:a1:dc:b9:c5:d6:
         23:72:df:a9:02:bb:d5:9c:f7:29:e1:95:07:15:48:8c:9b:c7:
         41:3c:d1:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUk0V6WhOXjMZzvajC8FfFTlibHwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDg2MmZkNmIwMGY1Y2ZjODU0ZTU1Y2ViYjkxMjg2NDkx
NTU1NjRkZmExODMyNmE3N2JjNzM0Y2Y3NzBjNWM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfgR9LFEeCodNFvAhfpwqdI468Qk0c3evs/L8H4U2H14Uk
qeWx+KhAKrKJ4DblzS73ZzKYzjdmj59cNRNt5T5xsTotx/ckvTalsFvWCmGTianE
Wv03OuBwZcJTrkxIRxqytVL1EBdw/ixaa89ASpnoPyPDZs/HqdX7laOTx3ZGoEl7
F0LbVrX6itHh69MthqlIMI7rollQmG2++0k0DMOLyWaVL7ZcQ3r39uA/FgEafnV1
bjX8AhGNCDmhbjd6MVV4ibZDT8/Iy/+VvgNIOAVxjWaeOYw9QUg/GMhu8vXDUW7r
5jDOKHtUL9HkbOymQRbp0P0cCYt6f/VebrDbRGFLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKielq9K+CIOKSlPVE0mH30amfvowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNWE5OGY1LTc4MDQtNDA5NC04Y2I3LTkzNDQ0NGQyMDUyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAH9UwDQYJKoZIhvcNAQELBQADggEBANkIclVhiV/sfQRLus6aul7dMqOo
Q/8vcHgGODksfUeCz6abnSvQ7gCEtb4sMfWiEv1UAo2zMOiS3AVBkqXG9f1jDi0K
m5Egadq8p/U2f9JMZWBTZ87aE9FAuasy8SUqRX//TKSexEjWNfx6RORLvY/hW9pZ
Gt0/lwI0/Zclj4y7i/7iI/7weESCB6eF4LbxG2ZWw+bSptl2HdJVcVJUVXTHcmfB
p1QsntD/6bvl4XLeW7IqOtGHGYiAB63+MlYder1j2cl9iytDDQ+vkGMEA+EuW1K/
dhDGAmMWzxUdAZhmFyLCFmih3LnF1iNy36kCu9Wc9ynhlQcVSIybx0E80f8=
-----END CERTIFICATE-----