Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa
File:                     b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa (raw, json)
Hash identifier:          vZRmhuIXAwODj26lE6qfER8cizjX+J0OunEDJqZWpcw=
Subject key identifier:   B8:04:30:85:50:6E:27:3B:98:11:62:E9:09:D4:32:8A:9A:44:CC:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D527E8C9072D7C933187BA645DAE2A435FC36C7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        168.185.4.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:52:7e:8c:90:72:d7:c9:33:18:7b:a6:45:da:e2:a4:35:fc:36:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=fa23006df9a6d1bbee9b075e02808ab2d65bb5c2c2f73f03b709ab918a82a3ec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:98:81:c3:0f:9c:56:45:b7:7f:ba:35:a7:75:
                    52:3b:ba:7d:34:a7:dc:1b:d8:52:5d:04:e1:75:22:
                    06:de:0e:a0:85:bd:8b:e0:6f:a3:32:2f:0d:34:c6:
                    3a:3d:b9:c7:38:3d:b9:84:82:00:63:6e:bc:8e:10:
                    fd:bc:c3:77:f3:05:8d:7a:6e:8b:1b:dc:98:e9:27:
                    ec:c3:e9:c7:f5:c8:c3:e8:ea:16:63:f5:f6:86:d8:
                    e3:9f:60:ba:4b:f9:f3:ce:da:b2:6e:f4:35:7c:c1:
                    f0:98:a6:3d:96:d8:ce:91:cc:7b:78:95:71:14:bf:
                    5e:0d:7c:49:94:91:21:f2:b2:c3:c9:14:db:66:91:
                    11:64:5f:c4:d9:8f:ab:68:cf:1d:76:60:23:e7:8d:
                    84:10:3f:64:68:a2:cb:4d:08:20:9d:d8:4b:42:26:
                    15:58:9f:a9:7d:a3:b5:3a:01:82:89:8a:16:7d:0b:
                    6b:fb:9b:e7:d4:ee:42:79:90:a7:ca:c4:e3:7a:de:
                    e9:91:9d:dc:2d:88:a6:b6:9d:7f:99:bd:fb:3c:5c:
                    76:db:cf:ab:90:bc:52:19:c3:bc:51:89:23:74:14:
                    ae:a9:5a:75:3d:ff:e6:5c:54:0d:4a:2c:f3:b8:b2:
                    5d:49:d1:0c:48:5c:42:48:9e:cb:1b:4a:7b:3b:74:
                    17:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:04:30:85:50:6E:27:3B:98:11:62:E9:09:D4:32:8A:9A:44:CC:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.185.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:75:d0:ee:6a:40:a2:71:5c:25:c1:35:c4:2e:f2:bf:72:81:
         ec:4b:94:dc:4f:93:50:73:dd:d4:88:6e:45:6a:a2:d5:2f:4c:
         e0:58:6d:a3:d9:36:cc:62:6e:b9:8a:14:7b:eb:97:e1:46:ca:
         87:7a:25:8e:fe:76:7d:fe:06:a7:83:85:bd:e5:c2:9f:75:fa:
         cf:af:18:b6:21:59:33:ee:db:1e:91:27:8a:2e:55:8f:e1:23:
         d2:3b:84:20:81:b0:80:4b:58:d0:4d:e9:c8:1e:ec:c0:f7:48:
         f4:b1:c8:6d:29:35:5e:f1:15:2a:fc:d3:e2:8c:b1:4f:84:51:
         23:1a:68:e2:14:70:6a:a1:1e:bc:5e:4a:8f:61:95:7b:1f:0b:
         30:89:f5:c7:f4:07:af:cc:86:89:37:e0:54:7c:6e:47:e6:ec:
         d5:e1:93:e0:30:b2:aa:9e:91:5a:cf:5f:5e:11:2e:61:d9:61:
         db:17:82:54:a3:dd:c0:97:04:06:95:2b:0b:ac:d1:67:1a:b2:
         62:a8:ce:c6:ab:52:18:0d:6c:ad:04:86:9f:4a:bd:dd:05:9d:
         ab:59:96:ee:2f:f4:44:75:01:58:8a:84:6e:5f:1c:8f:67:6a:
         f6:df:06:f7:d2:16:45:3a:7e:6f:34:32:fd:ab:bd:e5:68:ff:
         e4:25:0d:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfVJ+jJBy18kzGHumRdripDX8NscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTIzMDA2ZGY5YTZkMWJiZWU5YjA3NWUwMjgwOGFiMmQ2
NWJiNWMyYzJmNzNmMDNiNzA5YWI5MThhODJhM2VjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqmIHDD5xWRbd/ujWndVI7un00p9wb2FJdBOF1IgbeDqCF
vYvgb6MyLw00xjo9ucc4PbmEggBjbryOEP28w3fzBY16bosb3JjpJ+zD6cf1yMPo
6hZj9faG2OOfYLpL+fPO2rJu9DV8wfCYpj2W2M6RzHt4lXEUv14NfEmUkSHyssPJ
FNtmkRFkX8TZj6tozx12YCPnjYQQP2RoostNCCCd2EtCJhVYn6l9o7U6AYKJihZ9
C2v7m+fU7kJ5kKfKxON63umRndwtiKa2nX+Zvfs8XHbbz6uQvFIZw7xRiSN0FK6p
WnU9/+ZcVA1KLPO4sl1J0QxIXEJInssbSns7dBcxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuAQwhVBuJzuYEWLpCdQyippEzAEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1YWI3ODNmLWNlYzUtNGYzYy1hNjMxLTgwMDhhYTU3NGZkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKouQQwDQYJKoZIhvcNAQELBQADggEBAA910O5qQKJxXCXBNcQu8r9ygexL
lNxPk1Bz3dSIbkVqotUvTOBYbaPZNsxibrmKFHvrl+FGyod6JY7+dn3+BqeDhb3l
wp91+s+vGLYhWTPu2x6RJ4ouVY/hI9I7hCCBsIBLWNBN6cge7MD3SPSxyG0pNV7x
FSr80+KMsU+EUSMaaOIUcGqhHrxeSo9hlXsfCzCJ9cf0B6/Mhok34FR8bkfm7NXh
k+AwsqqekVrPX14RLmHZYdsXglSj3cCXBAaVKwus0WcasmKozsarUhgNbK0Ehp9K
vd0FnatZlu4v9ER1AViKhG5fHI9navbfBvfSFkU6fm80Mv2rveVo/+QlDd4=
-----END CERTIFICATE-----