Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd9f3588-1807-4d0e-a046-92081925c4c7.roa
File:                     bd9f3588-1807-4d0e-a046-92081925c4c7.roa (raw, json)
Hash identifier:          1IlNxf0nn6W4KWlf8BxuGS2eacFejpbWauWkD/EOznI=
Subject key identifier:   4D:80:41:DB:BB:D5:CD:19:DA:E7:DC:79:34:88:15:56:98:79:81:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F273DAA468D248222275757C7A07C7316C05FEE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd9f3588-1807-4d0e-a046-92081925c4c7.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.39.168.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:27:3d:aa:46:8d:24:82:22:27:57:57:c7:a0:7c:73:16:c0:5f:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=6e34690fe37fdbbdb20a256bae7fcdea8e6965bbd9ab10d90cb4a5ddac04cb10, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e7:82:65:9b:1a:85:69:08:aa:9e:f9:0d:cf:
                    f3:93:cb:84:41:82:32:b5:0c:91:9f:e9:b6:e4:61:
                    ef:a2:e5:d0:9d:51:db:fb:4e:9e:e3:af:f8:e2:90:
                    b1:19:95:64:a0:c9:45:92:c1:f5:df:96:b5:d6:e0:
                    37:ca:40:f1:01:a0:97:14:98:99:ee:72:fb:d7:4a:
                    f2:70:da:a8:d2:35:d2:82:df:ab:e2:c1:de:b6:48:
                    e0:6f:1d:3e:06:b6:a4:a3:0c:3c:2c:28:83:14:5d:
                    36:2a:7a:62:fe:c8:bc:a2:9e:8e:b2:1b:0f:a3:9e:
                    94:d3:c6:1b:70:4a:3b:22:6e:1c:26:95:31:d2:84:
                    fc:45:bd:73:29:3c:16:38:dc:05:f1:d1:67:15:b7:
                    97:5d:ff:ac:52:c6:bf:84:eb:00:f4:2e:24:74:69:
                    bd:bc:4d:cd:47:d6:f4:27:f4:a8:05:df:04:16:e6:
                    ba:e0:eb:3c:be:1a:e9:44:7a:2a:5d:85:87:c2:c6:
                    42:ee:4d:0b:d8:27:d9:83:71:07:9c:a1:9e:f4:3a:
                    68:44:01:02:7a:f0:91:a4:7d:8a:57:c6:d5:e5:5c:
                    f4:19:6a:53:75:2d:51:cd:4d:78:99:99:e0:f6:6a:
                    f4:51:07:1e:a9:7b:71:7f:55:11:2b:2b:9b:38:1a:
                    dc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:80:41:DB:BB:D5:CD:19:DA:E7:DC:79:34:88:15:56:98:79:81:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd9f3588-1807-4d0e-a046-92081925c4c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.39.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:81:ae:a5:be:c7:71:f5:4d:10:73:e4:59:6b:b7:76:2b:1d:
         85:50:54:6b:fb:d9:9c:57:f3:34:dd:cb:a4:2e:07:6a:e8:64:
         73:ab:8c:dc:4e:ec:3f:d8:01:da:e6:7d:05:44:d1:f2:30:4d:
         22:8f:e9:02:e0:b7:07:c2:5f:2e:9c:22:02:d3:e0:8c:90:78:
         75:8a:42:9e:50:80:ab:ab:ba:31:72:e8:8f:b7:93:41:be:46:
         f0:d2:4b:ec:f2:8c:9d:cb:3e:a8:c2:be:10:e5:0f:38:95:7e:
         62:a4:91:99:e5:9b:fc:63:fe:b1:29:ec:f8:37:ec:62:1a:a8:
         64:e6:ab:99:11:91:78:57:a1:9d:33:a1:4a:3c:f4:3d:98:ea:
         3c:9a:76:b6:ca:10:bc:6e:50:73:76:33:1d:37:5d:68:12:c5:
         7d:2e:f0:46:ab:86:7e:c7:4a:3a:96:5e:e7:0e:13:12:e3:ea:
         00:a5:89:1e:ca:fa:9a:60:c7:36:28:ad:f2:c8:32:17:99:63:
         0a:81:41:8f:e5:14:12:4e:b3:bf:29:2f:46:80:21:2b:98:64:
         46:cc:4d:28:5a:57:2b:69:6e:24:60:ab:22:c2:e9:50:7d:32:
         7b:38:e6:61:7a:bc:cf:fc:04:66:61:1c:ca:64:ad:0d:67:0e:
         61:9b:32:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbyc9qkaNJIIiJ1dXx6B8cxbAX+4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTM0NjkwZmUzN2ZkYmJkYjIwYTI1NmJhZTdmY2RlYThl
Njk2NWJiZDlhYjEwZDkwY2I0YTVkZGFjMDRjYjEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDL54JlmxqFaQiqnvkNz/OTy4RBgjK1DJGf6bbkYe+i5dCd
Udv7Tp7jr/jikLEZlWSgyUWSwfXflrXW4DfKQPEBoJcUmJnucvvXSvJw2qjSNdKC
36viwd62SOBvHT4GtqSjDDwsKIMUXTYqemL+yLyino6yGw+jnpTTxhtwSjsibhwm
lTHShPxFvXMpPBY43AXx0WcVt5dd/6xSxr+E6wD0LiR0ab28Tc1H1vQn9KgF3wQW
5rrg6zy+GulEeipdhYfCxkLuTQvYJ9mDcQecoZ70OmhEAQJ68JGkfYpXxtXlXPQZ
alN1LVHNTXiZmeD2avRRBx6pe3F/VRErK5s4GtzFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTYBB27vVzRna59x5NIgVVph5gXAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkOWYzNTg4LTE4MDctNGQwZS1hMDQ2LTkyMDgxOTI1YzRjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYJ6gwDQYJKoZIhvcNAQELBQADggEBAGSBrqW+x3H1TRBz5Flrt3YrHYVQ
VGv72ZxX8zTdy6QuB2roZHOrjNxO7D/YAdrmfQVE0fIwTSKP6QLgtwfCXy6cIgLT
4IyQeHWKQp5QgKurujFy6I+3k0G+RvDSS+zyjJ3LPqjCvhDlDziVfmKkkZnlm/xj
/rEp7Pg37GIaqGTmq5kRkXhXoZ0zoUo89D2Y6jyadrbKELxuUHN2Mx03XWgSxX0u
8Earhn7HSjqWXucOExLj6gCliR7K+ppgxzYorfLIMheZYwqBQY/lFBJOs78pL0aA
ISuYZEbMTShaVytpbiRgqyLC6VB9Mns45mF6vM/8BGZhHMpkrQ1nDmGbMpY=
-----END CERTIFICATE-----