Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a86ce653-a267-4a99-b0c5-99b2a3c45792.roa
File:                     a86ce653-a267-4a99-b0c5-99b2a3c45792.roa (raw, json)
Hash identifier:          yPtC+tVTMvM/Ky1NZTYgGGZSxvvlP8BMy/yv53+07wU=
Subject key identifier:   F2:8C:EE:0B:BB:8E:DB:8C:77:60:31:BB:51:92:E2:33:DB:54:AD:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       378FC7EF8EDF1312E026FDBDFFE981A681078C99
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a86ce653-a267-4a99-b0c5-99b2a3c45792.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.21.0.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:8f:c7:ef:8e:df:13:12:e0:26:fd:bd:ff:e9:81:a6:81:07:8c:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=50a38353008b196f6ed5967fe2a71badffa8c5b758acfb375f149116cc8fc7e1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:85:7e:0e:29:fe:0b:91:d9:68:87:a8:f9:dc:
                    fa:80:7d:2d:47:11:da:68:7a:0c:e5:f8:ed:25:d7:
                    e7:f9:b3:d2:6e:fb:6f:5a:ba:b6:79:0d:31:c1:4b:
                    f7:28:ae:36:5e:cf:45:e4:0f:23:56:36:55:b3:b5:
                    44:eb:00:44:e7:f9:18:9c:9b:f7:20:ea:c7:aa:02:
                    b9:8e:81:51:ee:01:0a:c0:a6:09:e7:14:f5:5e:a8:
                    34:51:e8:37:b2:07:25:44:ac:7a:78:f0:e8:c8:c1:
                    9c:f1:a7:2e:e2:bf:61:15:d0:03:f5:21:c9:96:dc:
                    57:6e:91:4e:c2:3e:5a:b0:9f:61:f0:a6:d8:45:74:
                    b6:c2:a2:35:b3:4e:0c:99:a3:53:b1:fb:aa:fb:3f:
                    56:fa:f9:e1:37:60:4f:7c:8b:ed:a9:a8:41:dc:2d:
                    c6:7f:d9:9f:b3:0a:c8:ef:a3:eb:57:f8:21:77:d9:
                    36:a5:bb:49:01:dc:5c:92:60:b7:d4:bc:40:aa:02:
                    08:78:84:95:8d:a4:95:17:87:4b:67:c3:26:00:ad:
                    8a:c3:f1:1f:2e:8c:13:84:69:d2:e6:ce:8f:01:ab:
                    86:0b:96:6d:b2:65:a2:e1:b4:8a:4b:eb:dd:c1:01:
                    3c:9c:0f:8b:d5:17:bc:c1:f0:22:80:c5:ae:36:5e:
                    7c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:8C:EE:0B:BB:8E:DB:8C:77:60:31:BB:51:92:E2:33:DB:54:AD:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a86ce653-a267-4a99-b0c5-99b2a3c45792.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.21.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7f:f4:43:62:36:9b:45:26:1a:ea:4b:1c:f7:8f:71:cd:4a:29:
         50:46:72:fd:ee:6c:2e:2d:67:bb:ea:56:67:48:d7:07:26:53:
         57:52:db:16:33:1e:2a:8c:eb:01:bc:83:e4:0b:e7:8a:de:ea:
         aa:b3:ee:f6:a6:01:58:ef:a2:73:16:e4:e0:9c:a2:9a:24:4d:
         62:99:d4:42:43:84:5e:8b:69:63:42:3e:cd:26:a1:fa:eb:4e:
         35:66:f7:36:d5:79:60:d3:d9:29:2e:ee:6a:62:b5:91:1b:1d:
         fa:1b:52:89:53:49:77:66:44:61:5d:76:7c:3c:56:8b:dd:ad:
         73:f7:18:48:62:83:be:fd:c9:ec:f0:f2:47:15:91:32:e2:fa:
         86:ee:1c:5f:f1:75:15:2e:a4:1d:fc:14:a0:86:cf:b8:80:ff:
         e7:ed:99:b7:3e:59:e0:63:da:ce:18:ba:3b:26:1f:79:19:bb:
         d2:ee:9e:50:f9:9c:f6:73:a4:a1:cb:7c:4d:8d:2e:38:2a:22:
         6c:a9:d8:d4:e4:78:1c:46:fc:07:7f:90:7f:73:c9:b0:5c:0f:
         c3:86:ad:e9:a3:61:f6:2b:c6:5b:ef:c4:ec:73:dd:dc:9e:2f:
         c1:e3:e8:70:e6:6c:97:a5:eb:0a:6b:eb:07:79:15:d3:46:70:
         d1:7c:59:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN4/H747fExLgJv29/+mBpoEHjJkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MGEzODM1MzAwOGIxOTZmNmVkNTk2N2ZlMmE3MWJhZGZm
YThjNWI3NThhY2ZiMzc1ZjE0OTExNmNjOGZjN2UxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMhX4OKf4Lkdloh6j53PqAfS1HEdpoegzl+O0l1+f5s9Ju
+29aurZ5DTHBS/corjZez0XkDyNWNlWztUTrAETn+Ricm/cg6seqArmOgVHuAQrA
pgnnFPVeqDRR6DeyByVErHp48OjIwZzxpy7iv2EV0AP1IcmW3FdukU7CPlqwn2Hw
pthFdLbCojWzTgyZo1Ox+6r7P1b6+eE3YE98i+2pqEHcLcZ/2Z+zCsjvo+tX+CF3
2Talu0kB3FySYLfUvECqAgh4hJWNpJUXh0tnwyYArYrD8R8ujBOEadLmzo8Bq4YL
lm2yZaLhtIpL693BATycD4vVF7zB8CKAxa42Xnw/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8ozuC7uO24x3YDG7UZLiM9tUrR4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4NmNlNjUzLWEyNjctNGE5OS1iMGM1LTk5YjJhM2M0NTc5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUXFQAwDQYJKoZIhvcNAQELBQADggEBAH/0Q2I2m0UmGupLHPePcc1KKVBG
cv3ubC4tZ7vqVmdI1wcmU1dS2xYzHiqM6wG8g+QL54re6qqz7vamAVjvonMW5OCc
opokTWKZ1EJDhF6LaWNCPs0mofrrTjVm9zbVeWDT2Sku7mpitZEbHfobUolTSXdm
RGFddnw8VovdrXP3GEhig779yezw8kcVkTLi+obuHF/xdRUupB38FKCGz7iA/+ft
mbc+WeBj2s4YujsmH3kZu9LunlD5nPZzpKHLfE2NLjgqImyp2NTkeBxG/Ad/kH9z
ybBcD8OGremjYfYrxlvvxOxz3dyeL8Hj6HDmbJel6wpr6wd5FdNGcNF8WSc=
-----END CERTIFICATE-----