Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4227170-2265-45c8-950f-f4e81e32653b.roa
File:                     a4227170-2265-45c8-950f-f4e81e32653b.roa (raw, json)
Hash identifier:          Rwg2gZ8G0i+dazT9oGCI1/kX5Q7XCtmKw/ytzxqVksQ=
Subject key identifier:   46:93:19:38:54:7E:41:AC:2B:A2:AB:18:A5:F0:A4:99:5F:2F:66:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F76CA51378B5587FD3FD625DA7FEAB750435DBC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4227170-2265-45c8-950f-f4e81e32653b.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:76:ca:51:37:8b:55:87:fd:3f:d6:25:da:7f:ea:b7:50:43:5d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=3c62b2bec67371078481996e20015733eb3c34c0c1c10306cb49050116544d1e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:20:b2:66:77:2f:7a:bd:8e:ca:91:f2:a2:8c:
                    4a:1f:01:ed:cc:fb:b3:aa:3f:1d:38:5a:d0:c3:7b:
                    44:0c:ff:45:2a:dd:59:8a:a2:ef:41:f3:69:94:c8:
                    1e:98:d8:f1:2c:a1:50:15:60:d1:01:52:10:91:d7:
                    30:7e:c4:e9:8f:8c:02:3e:91:32:82:41:27:9c:d3:
                    b0:b5:dd:5b:48:2b:93:95:bb:ec:de:dc:bb:0c:78:
                    3f:1f:fa:08:ec:5f:56:fa:73:1e:50:cd:e6:23:f3:
                    01:55:20:bd:f2:69:ce:35:9e:1f:47:4a:12:24:05:
                    83:8c:16:43:a0:5e:48:e3:56:f3:ac:5e:3e:12:dc:
                    43:e1:58:c5:b4:e1:d2:9f:8f:34:f4:f9:e1:dd:a9:
                    ba:a6:f9:41:1e:fd:76:b0:38:e6:41:ff:93:61:3a:
                    ed:ba:4d:b6:c3:5e:8e:f0:fb:58:83:04:cc:83:6f:
                    da:73:91:a8:a0:b2:8d:0d:d6:a6:62:1b:86:4b:02:
                    7e:d4:bc:f6:94:6a:b0:aa:26:62:5d:5a:ff:30:c0:
                    73:93:69:59:2f:00:74:c0:31:fa:56:ac:c0:ae:d4:
                    87:73:55:e8:da:7b:42:8f:11:bf:5e:48:7f:6e:74:
                    ac:2c:4a:67:c0:10:a5:3a:f6:54:81:df:d8:6d:33:
                    7f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:93:19:38:54:7E:41:AC:2B:A2:AB:18:A5:F0:A4:99:5F:2F:66:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4227170-2265-45c8-950f-f4e81e32653b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d7:bc:b9:c5:56:26:48:b2:c3:df:fa:a5:ac:e0:f3:48:45:1d:
         21:58:fc:ec:31:da:d1:18:5b:3d:40:c0:4f:e9:a4:ca:3d:23:
         a6:bb:e0:12:d7:f4:e2:d1:b4:77:24:fb:b5:3c:5d:ea:fc:fe:
         c6:ac:50:92:43:43:31:ac:55:43:1b:24:14:81:65:f9:7d:d7:
         82:65:17:63:58:43:58:cb:84:d9:24:c1:90:59:e2:0c:c9:51:
         21:90:77:2c:70:9c:f8:ae:b6:fc:a1:f9:9c:f1:bd:56:dd:27:
         a3:0a:a5:51:00:80:99:b3:dc:e9:66:f0:8f:bb:8d:2d:a7:21:
         0d:3e:7e:ec:e6:50:a3:81:c4:44:b6:17:6d:6b:1c:35:97:24:
         3f:a4:9f:ca:67:7c:74:d8:8e:82:22:ce:af:bf:f8:d7:ff:97:
         5e:f3:8b:a5:7c:c0:31:0a:47:5a:c6:0c:c9:70:a1:52:33:d3:
         c6:52:57:1f:32:bb:a9:6a:f4:e1:eb:78:03:4b:35:15:6c:dd:
         31:f1:92:0c:3d:e5:3a:7a:84:c7:fe:f4:eb:da:95:c7:22:18:
         ef:5f:d4:a6:be:b2:d9:55:b4:1b:30:eb:dd:0c:31:1c:9a:c1:
         6b:9f:e7:ea:8c:5b:5c:a2:3e:8d:9b:cf:3a:2d:bd:c5:fd:ca:
         59:58:15:78
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUX3bKUTeLVYf9P9Yl2n/qt1BDXbwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzYyYjJiZWM2NzM3MTA3ODQ4MTk5NmUyMDAxNTczM2Vi
M2MzNGMwYzFjMTAzMDZjYjQ5MDUwMTE2NTQ0ZDFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfILJmdy96vY7KkfKijEofAe3M+7OqPx04WtDDe0QM/0Uq
3VmKou9B82mUyB6Y2PEsoVAVYNEBUhCR1zB+xOmPjAI+kTKCQSec07C13VtIK5OV
u+ze3LsMeD8f+gjsX1b6cx5QzeYj8wFVIL3yac41nh9HShIkBYOMFkOgXkjjVvOs
Xj4S3EPhWMW04dKfjzT0+eHdqbqm+UEe/XawOOZB/5NhOu26TbbDXo7w+1iDBMyD
b9pzkaigso0N1qZiG4ZLAn7UvPaUarCqJmJdWv8wwHOTaVkvAHTAMfpWrMCu1Idz
Vejae0KPEb9eSH9udKwsSmfAEKU69lSB39htM3+BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURpMZOFR+QawroqsYpfCkmV8vZg0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0MjI3MTcwLTIyNjUtNDVjOC05NTBmLWY0ZTgxZTMyNjUzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBgADANBgkqhkiG9w0BAQsFAAOCAQEA17y5xVYmSLLD3/qlrODzSEUdIVj8
7DHa0RhbPUDAT+mkyj0jprvgEtf04tG0dyT7tTxd6vz+xqxQkkNDMaxVQxskFIFl
+X3XgmUXY1hDWMuE2STBkFniDMlRIZB3LHCc+K62/KH5nPG9Vt0nowqlUQCAmbPc
6Wbwj7uNLachDT5+7OZQo4HERLYXbWscNZckP6Sfymd8dNiOgiLOr7/41/+XXvOL
pXzAMQpHWsYMyXChUjPTxlJXHzK7qWr04et4A0s1FWzdMfGSDD3lOnqEx/7069qV
xyIY71/Upr6y2VW0GzDr3QwxHJrBa5/n6oxbXKI+jZvPOi29xf3KWVgVeA==
-----END CERTIFICATE-----