Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa
File:                     b1564f4a-7df0-4932-af96-1ebffff2e421.roa (raw, json)
Hash identifier:          o0RMHcOV3M98UnxzFt9kLd33xvE3EM5FX/9V3rLqVF0=
Subject key identifier:   A3:44:7A:51:DE:74:98:F5:C3:4A:65:69:47:7A:67:CB:F6:82:D3:47
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B237B1D1F50F6C55A5F8C7FE34F8142FCCABAFD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.29.0.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:23:7b:1d:1f:50:f6:c5:5a:5f:8c:7f:e3:4f:81:42:fc:ca:ba:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=3b6905d70a6be96b59621c9b281b29f8564effa6b7829c6358cb8f1186a026a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:08:ec:43:8c:56:ec:47:19:90:db:96:a1:82:
                    d0:d6:7d:3c:ca:a7:cb:f1:b9:5b:cb:93:bd:c5:fa:
                    ea:00:6f:c8:a9:fe:80:24:00:3e:3d:53:1d:51:96:
                    19:e6:f0:2a:be:51:c8:1f:a5:dd:cc:93:58:a0:f5:
                    6c:3f:aa:4d:80:47:5a:07:ca:06:ea:fb:05:1b:7f:
                    61:14:78:fa:37:b3:02:7a:f5:2f:91:98:75:a1:0e:
                    e0:a8:f7:6c:ac:08:5a:90:64:dc:16:4d:9b:6b:06:
                    b7:41:e4:20:6f:b2:2f:0d:33:3f:ae:74:6f:97:4e:
                    72:2c:f6:8a:9a:23:18:d2:bd:9b:6a:43:23:a3:cd:
                    07:7f:8e:23:9d:18:73:85:6a:e7:84:82:03:47:21:
                    a1:93:f5:d4:60:a6:e0:66:cd:6f:0c:2a:95:1f:47:
                    28:05:1f:38:95:c3:76:4a:97:ef:70:cd:d9:ae:44:
                    90:ec:99:81:96:72:22:6e:38:07:ef:cf:35:5d:95:
                    08:0f:02:40:e2:74:07:cf:43:39:bc:a4:66:de:d5:
                    3f:83:98:7c:e6:0d:5b:49:f4:73:ca:78:65:a6:a4:
                    eb:f6:18:41:7a:fd:43:78:52:8c:5a:3c:6a:73:30:
                    ce:57:73:72:2c:ae:e3:c0:12:b7:3a:5f:cf:ea:0d:
                    2c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:44:7A:51:DE:74:98:F5:C3:4A:65:69:47:7A:67:CB:F6:82:D3:47
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.29.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         90:5d:cd:a7:aa:83:85:a5:ca:fa:6a:a6:3a:65:1c:d9:ec:af:
         58:32:0a:07:73:cb:72:45:36:98:1d:1e:3f:1a:5e:3f:09:ef:
         e9:0f:2d:85:a3:36:e5:35:33:df:85:3b:b8:35:67:2d:55:82:
         9e:16:f1:8f:a5:c4:c6:bd:ef:c7:cb:fb:0f:ca:1d:a3:61:80:
         ed:be:7c:d0:85:48:22:de:69:db:ef:10:76:36:0e:8f:c6:60:
         d5:d7:ff:d2:1f:cf:08:5b:8f:95:e2:d5:f4:d7:09:f9:c8:d2:
         97:09:04:21:df:fd:d3:ae:62:65:f2:68:87:17:b5:84:d1:3e:
         3f:3a:bc:db:22:14:0e:33:38:a6:11:59:b3:9e:5c:79:7c:4e:
         e1:f7:5f:73:24:11:02:5a:73:51:2d:c4:03:c0:dd:3e:b0:de:
         ca:94:dc:db:16:f2:ab:7d:af:8c:ea:16:8e:00:50:a2:8e:80:
         57:e7:97:61:1e:e5:58:a7:d6:f3:da:68:dc:e1:eb:65:50:1f:
         bf:19:9f:74:61:bd:f9:8c:74:56:d6:ff:f7:07:a6:ed:ce:e4:
         d1:cf:dc:3b:71:50:c3:27:f0:bd:83:71:73:38:87:2f:07:f2:
         0d:85:ef:25:62:67:c8:bd:7e:6a:33:22:6c:fb:18:fa:9d:5f:
         20:a6:0a:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeyN7HR9Q9sVaX4x/40+BQvzKuv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjY5MDVkNzBhNmJlOTZiNTk2MjFjOWIyODFiMjlmODU2
NGVmZmE2Yjc4MjljNjM1OGNiOGYxMTg2YTAyNmExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9COxDjFbsRxmQ25ahgtDWfTzKp8vxuVvLk73F+uoAb8ip
/oAkAD49Ux1Rlhnm8Cq+Ucgfpd3Mk1ig9Ww/qk2AR1oHygbq+wUbf2EUePo3swJ6
9S+RmHWhDuCo92ysCFqQZNwWTZtrBrdB5CBvsi8NMz+udG+XTnIs9oqaIxjSvZtq
QyOjzQd/jiOdGHOFaueEggNHIaGT9dRgpuBmzW8MKpUfRygFHziVw3ZKl+9wzdmu
RJDsmYGWciJuOAfvzzVdlQgPAkDidAfPQzm8pGbe1T+DmHzmDVtJ9HPKeGWmpOv2
GEF6/UN4UoxaPGpzMM5Xc3IsruPAErc6X8/qDSwvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo0R6Ud50mPXDSmVpR3pny/aC00cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxNTY0ZjRhLTdkZjAtNDkzMi1hZjk2LTFlYmZmZmYyZTQyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVIHQAwDQYJKoZIhvcNAQELBQADggEBAJBdzaeqg4WlyvpqpjplHNnsr1gy
Cgdzy3JFNpgdHj8aXj8J7+kPLYWjNuU1M9+FO7g1Zy1Vgp4W8Y+lxMa978fL+w/K
HaNhgO2+fNCFSCLeadvvEHY2Do/GYNXX/9Ifzwhbj5Xi1fTXCfnI0pcJBCHf/dOu
YmXyaIcXtYTRPj86vNsiFA4zOKYRWbOeXHl8TuH3X3MkEQJac1EtxAPA3T6w3sqU
3NsW8qt9r4zqFo4AUKKOgFfnl2Ee5Vin1vPaaNzh62VQH78Zn3RhvfmMdFbW//cH
pu3O5NHP3DtxUMMn8L2DcXM4hy8H8g2F7yViZ8i9fmozImz7GPqdXyCmCq8=
-----END CERTIFICATE-----