Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b856ae51-66ec-4600-b64a-768473b00d4c.roa
File:                     b856ae51-66ec-4600-b64a-768473b00d4c.roa (raw, json)
Hash identifier:          jXUStivhhRXysGKQTBQauJkjtcK7mUDh/uxOrKqLay4=
Subject key identifier:   85:FF:88:7D:5D:C5:76:24:4C:65:AB:F8:11:AF:98:C9:F7:51:45:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39FEB24AE5780D41016EE9E765FDCA6959A030DE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b856ae51-66ec-4600-b64a-768473b00d4c.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.123.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:fe:b2:4a:e5:78:0d:41:01:6e:e9:e7:65:fd:ca:69:59:a0:30:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=6d1ce90d4bc5eb6f5dc812d5da04bb0821d1b0303842aefbca92f70019e7509e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:63:86:d9:12:a3:79:07:13:4d:fd:82:ad:58:
                    5b:4a:31:bc:45:de:7c:29:61:b9:7d:59:54:52:c7:
                    d9:e0:a8:f9:26:0f:b6:a9:77:4a:5a:72:b3:3d:7b:
                    c7:96:69:01:91:b6:86:eb:69:4e:6f:5c:ff:66:6f:
                    f4:ba:d2:f0:99:88:82:da:ed:8d:93:51:fc:14:f5:
                    ef:00:19:48:a8:a0:1b:69:67:c3:41:45:61:48:3d:
                    53:2d:ea:c2:9f:c9:9c:19:b4:1a:29:4b:97:df:9b:
                    2c:c6:f1:5a:8f:35:d5:7a:5b:0b:e6:1c:16:46:c7:
                    ee:ad:b3:6f:99:87:5b:5d:c9:2a:49:17:de:8e:5e:
                    61:28:87:f3:b9:a6:7b:8d:38:b6:56:3f:45:ea:05:
                    74:a1:83:13:91:50:61:c9:04:98:fc:c0:cb:19:72:
                    cc:7f:7d:50:1a:d3:95:f1:21:56:92:8b:83:1a:f7:
                    ce:8a:b1:54:43:3f:40:27:cb:e7:ce:1d:cf:84:42:
                    27:17:42:6d:28:d5:82:7e:79:d2:43:5f:14:12:b0:
                    44:37:98:4d:0a:46:43:1b:71:f3:d5:7e:47:1b:79:
                    33:45:28:d0:88:47:05:ea:27:43:ab:96:e7:89:40:
                    b8:2c:dd:69:b8:87:a2:8a:bc:c3:d0:08:60:a1:53:
                    56:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FF:88:7D:5D:C5:76:24:4C:65:AB:F8:11:AF:98:C9:F7:51:45:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b856ae51-66ec-4600-b64a-768473b00d4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:0c:92:d2:b9:0e:ff:77:b1:bb:21:99:74:06:e9:ea:46:a3:
         d2:0c:02:c7:f7:07:ff:28:5b:b5:26:63:d3:42:e5:38:de:53:
         c4:58:8b:bc:8f:87:b5:63:83:82:b8:d2:ef:49:d5:cd:6d:e8:
         ef:a1:f0:48:14:bf:84:73:0b:12:a2:14:47:ab:a9:8e:5a:dd:
         01:f3:bd:96:1d:93:0e:c1:51:28:21:5e:57:8b:1d:40:12:ce:
         ad:5d:a7:fe:ad:c5:97:8a:bb:d5:40:74:0a:98:c1:c1:cf:63:
         54:40:c7:70:55:49:a9:7d:e2:15:db:22:84:ad:54:3c:1f:f1:
         19:93:75:b5:b0:72:61:3d:ea:3a:7f:2e:e0:b0:5f:fc:0d:fc:
         63:0b:25:20:87:4a:38:35:de:89:e9:46:ab:2d:d4:a4:06:1d:
         88:5d:cc:b7:73:4f:34:cf:ee:ce:71:05:35:eb:2f:ff:0b:89:
         65:81:7a:08:e4:df:00:5d:96:a1:a0:b7:90:88:e1:ef:6d:72:
         51:92:9c:fb:ad:8d:e4:70:d6:20:23:39:e1:f3:d5:30:f0:16:
         d5:a2:e5:c5:a3:85:6e:22:bb:82:d8:a6:91:46:cd:ec:8b:98:
         8b:ec:80:19:36:cf:98:81:99:b5:83:6b:4e:c6:13:23:a6:92:
         93:ad:e1:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOf6ySuV4DUEBbunnZf3KaVmgMN4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDFjZTkwZDRiYzVlYjZmNWRjODEyZDVkYTA0YmIwODIx
ZDFiMDMwMzg0MmFlZmJjYTkyZjcwMDE5ZTc1MDllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjY4bZEqN5BxNN/YKtWFtKMbxF3nwpYbl9WVRSx9ngqPkm
D7apd0pacrM9e8eWaQGRtobraU5vXP9mb/S60vCZiILa7Y2TUfwU9e8AGUiooBtp
Z8NBRWFIPVMt6sKfyZwZtBopS5ffmyzG8VqPNdV6WwvmHBZGx+6ts2+Zh1tdySpJ
F96OXmEoh/O5pnuNOLZWP0XqBXShgxORUGHJBJj8wMsZcsx/fVAa05XxIVaSi4Ma
986KsVRDP0Any+fOHc+EQicXQm0o1YJ+edJDXxQSsEQ3mE0KRkMbcfPVfkcbeTNF
KNCIRwXqJ0OrlueJQLgs3Wm4h6KKvMPQCGChU1axAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhf+IfV3FdiRMZav4Ea+YyfdRRTYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4NTZhZTUxLTY2ZWMtNDYwMC1iNjRhLTc2ODQ3M2IwMGQ0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HswDQYJKoZIhvcNAQELBQADggEBACoMktK5Dv93sbshmXQG6epGo9IM
Asf3B/8oW7UmY9NC5TjeU8RYi7yPh7Vjg4K40u9J1c1t6O+h8EgUv4RzCxKiFEer
qY5a3QHzvZYdkw7BUSghXleLHUASzq1dp/6txZeKu9VAdAqYwcHPY1RAx3BVSal9
4hXbIoStVDwf8RmTdbWwcmE96jp/LuCwX/wN/GMLJSCHSjg13onpRqst1KQGHYhd
zLdzTzTP7s5xBTXrL/8LiWWBegjk3wBdlqGgt5CI4e9tclGSnPutjeRw1iAjOeHz
1TDwFtWi5cWjhW4iu4LYppFGzeyLmIvsgBk2z5iBmbWDa07GEyOmkpOt4ds=
-----END CERTIFICATE-----