Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5de12f4-379b-4e73-b7ff-9282064fe09d.roa
File:                     a5de12f4-379b-4e73-b7ff-9282064fe09d.roa (raw, json)
Hash identifier:          /zJzs2WPzOmUfVllcnFaCN6gbeed682ZOPXYRCdOu58=
Subject key identifier:   14:EA:89:CE:01:10:1B:6B:C3:AE:76:4C:52:80:D9:A8:73:72:CD:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C7A6BBB18565943FE16EB2AE15A78859757AFCA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5de12f4-379b-4e73-b7ff-9282064fe09d.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.73.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:7a:6b:bb:18:56:59:43:fe:16:eb:2a:e1:5a:78:85:97:57:af:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=ed5f6bdc84bfecd0f5084c78140ad2c1db7644fd038cf79fa5fd26cd68221bd0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9e:69:91:a9:0d:a6:26:35:f0:bd:ec:e4:6a:
                    57:ae:48:93:09:11:6f:e5:27:32:f5:df:db:a3:a1:
                    d8:18:96:b1:c2:61:c4:54:bd:7c:b4:6f:c0:29:35:
                    cc:8e:b7:83:ea:fe:83:74:dc:47:4f:30:7b:d9:43:
                    3e:fb:11:2b:a6:e1:36:f2:50:56:48:e8:35:43:2a:
                    67:58:ad:6d:fe:d7:96:11:85:ff:20:88:aa:20:22:
                    d8:68:1e:c3:e5:01:7a:1c:1f:ac:73:d6:52:86:fd:
                    e4:1c:03:d5:8b:2a:77:60:2b:ae:df:48:aa:0a:b8:
                    e9:a2:b3:50:48:22:c2:0d:74:8d:f2:d4:e1:ca:29:
                    de:04:70:5e:eb:c7:b3:29:2d:a7:46:88:78:cc:0c:
                    7a:f7:4f:b8:e0:2e:82:d0:05:9f:2a:f4:8f:fb:52:
                    04:b7:cd:94:8f:57:88:c2:09:9b:8e:cb:20:1e:5e:
                    99:db:97:9c:5e:62:ba:80:3a:b0:05:aa:53:d6:52:
                    c0:d5:24:34:50:02:5b:35:d1:62:b5:64:3b:f6:68:
                    03:04:f9:84:07:e8:0c:8e:f9:3b:67:bf:a9:23:87:
                    61:27:c0:0e:04:f8:ef:0e:9a:84:b5:ed:3d:6a:57:
                    24:d3:d7:ae:d5:d4:f5:23:37:bf:32:50:d1:bc:9f:
                    c9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:EA:89:CE:01:10:1B:6B:C3:AE:76:4C:52:80:D9:A8:73:72:CD:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5de12f4-379b-4e73-b7ff-9282064fe09d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9c:eb:ec:ce:98:36:65:6e:e4:49:48:b9:36:10:95:35:7c:fb:
         76:fb:1f:48:d9:be:94:c9:25:ed:9a:b2:d9:96:cb:ca:82:a8:
         f7:b6:13:e6:a9:82:f7:22:d3:af:7f:53:4d:c5:40:f2:b6:d1:
         d5:4c:72:95:93:38:86:30:ee:39:42:bf:38:69:25:33:e1:c2:
         8d:44:ea:bb:35:fa:4b:b3:69:b5:db:c2:e5:f2:9e:0f:43:b2:
         c6:44:36:49:0d:2a:59:44:68:43:49:ce:72:4e:59:ac:d4:28:
         82:d2:d0:b2:0c:95:9f:6d:d2:cd:83:cf:ed:00:6d:b1:05:f5:
         13:a4:44:fb:cf:bd:0f:14:c0:e9:67:59:44:51:4d:f0:a8:e4:
         cd:de:fe:7d:46:17:0c:b2:6f:23:2c:57:a1:4e:99:e1:43:40:
         58:df:a0:98:d4:1a:2c:b4:76:ff:71:ca:90:9b:c8:da:4d:8c:
         12:2c:b3:33:5f:57:78:e7:f6:1d:d0:98:0e:a5:7d:6b:bc:62:
         83:b3:04:db:b1:14:30:8b:4e:3b:20:d5:cb:72:7e:3a:87:88:
         65:fa:1f:42:2e:ce:46:6d:ac:df:e4:f4:b6:8c:6e:e7:f6:c4:
         cc:b7:af:92:31:68:f9:53:f6:ef:3c:f8:fc:77:e8:0d:98:72:
         1e:60:26:31
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHHpruxhWWUP+Fusq4Vp4hZdXr8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDVmNmJkYzg0YmZlY2QwZjUwODRjNzgxNDBhZDJjMWRi
NzY0NGZkMDM4Y2Y3OWZhNWZkMjZjZDY4MjIxYmQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdnmmRqQ2mJjXwvezkaleuSJMJEW/lJzL139ujodgYlrHC
YcRUvXy0b8ApNcyOt4Pq/oN03EdPMHvZQz77ESum4TbyUFZI6DVDKmdYrW3+15YR
hf8giKogIthoHsPlAXocH6xz1lKG/eQcA9WLKndgK67fSKoKuOmis1BIIsINdI3y
1OHKKd4EcF7rx7MpLadGiHjMDHr3T7jgLoLQBZ8q9I/7UgS3zZSPV4jCCZuOyyAe
Xpnbl5xeYrqAOrAFqlPWUsDVJDRQAls10WK1ZDv2aAME+YQH6AyO+Ttnv6kjh2En
wA4E+O8OmoS17T1qVyTT167V1PUjN78yUNG8n8m7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFOqJzgEQG2vDrnZMUoDZqHNyzZcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1ZGUxMmY0LTM3OWItNGU3My1iN2ZmLTkyODIwNjRmZTA5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQSTANBgkqhkiG9w0BAQsFAAOCAQEAnOvszpg2ZW7kSUi5NhCVNXz7dvsf
SNm+lMkl7Zqy2ZbLyoKo97YT5qmC9yLTr39TTcVA8rbR1UxylZM4hjDuOUK/OGkl
M+HCjUTquzX6S7NptdvC5fKeD0OyxkQ2SQ0qWURoQ0nOck5ZrNQogtLQsgyVn23S
zYPP7QBtsQX1E6RE+8+9DxTA6WdZRFFN8Kjkzd7+fUYXDLJvIyxXoU6Z4UNAWN+g
mNQaLLR2/3HKkJvI2k2MEiyzM19XeOf2HdCYDqV9a7xig7ME27EUMItOOyDVy3J+
OoeIZfofQi7ORm2s3+T0toxu5/bEzLevkjFo+VP27zz4/HfoDZhyHmAmMQ==
-----END CERTIFICATE-----