Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf517b2e-8f05-4d24-bfe1-6207c312e178.roa
File:                     bf517b2e-8f05-4d24-bfe1-6207c312e178.roa (raw, json)
Hash identifier:          s3Kj0xc3JLYxQXFnyHZe38Ixjrcl75X95pTPrw50c7I=
Subject key identifier:   89:89:98:74:62:39:6E:0A:6C:2A:89:0C:35:09:7A:84:B2:FF:EA:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E58F29CD30F2325E4BCBA7B2320A2DF2B812C95
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf517b2e-8f05-4d24-bfe1-6207c312e178.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.246.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:58:f2:9c:d3:0f:23:25:e4:bc:ba:7b:23:20:a2:df:2b:81:2c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=ecaff69cf19dc7f286570c4aac451764b065bdf02d86eeeb05c7c391923f750f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a2:30:26:b2:4e:f6:fd:e4:36:03:36:db:bb:
                    95:73:98:03:ce:aa:66:8d:80:ab:55:c0:11:87:74:
                    97:a8:db:5f:72:7d:a2:4f:e1:78:de:39:d1:c0:a3:
                    58:cb:76:53:04:27:80:3f:bc:de:30:d5:88:d2:0d:
                    e2:76:f6:de:a1:83:6f:8c:c5:13:f8:f5:c4:10:8a:
                    69:b5:50:49:60:da:f1:d2:91:7d:d2:32:a3:d0:3e:
                    d6:b5:ff:f9:bd:2d:b6:ca:4a:de:a5:fd:85:b4:ab:
                    cb:c9:72:1f:11:ab:fd:3f:87:b6:7f:f9:12:2b:04:
                    1d:eb:52:61:eb:2f:b1:d3:74:ab:7f:65:2a:ed:ab:
                    0b:97:72:58:8c:26:67:96:61:e4:56:22:51:c4:c8:
                    49:78:e0:23:03:cd:79:c5:1c:f1:9d:39:86:e7:74:
                    b5:26:88:57:8a:72:11:88:b0:8c:80:87:27:63:5e:
                    43:be:91:e1:1d:42:64:0d:3d:66:fc:fe:1a:cf:a9:
                    29:a2:a7:00:41:d1:1e:57:0f:a3:8d:b0:1c:c5:45:
                    8b:bc:b9:45:ff:90:8b:24:8c:62:99:40:b8:cf:df:
                    03:e5:77:e8:29:be:cd:b2:39:66:0c:ad:46:8e:21:
                    7f:96:db:9f:19:79:17:7e:ff:a7:60:2b:43:7c:96:
                    46:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:89:98:74:62:39:6E:0A:6C:2A:89:0C:35:09:7A:84:B2:FF:EA:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf517b2e-8f05-4d24-bfe1-6207c312e178.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.246.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c9:61:de:4e:80:0a:b8:5b:91:06:bd:a4:02:88:19:59:87:a9:
         54:f7:e8:dd:f6:4e:15:e3:6b:7a:67:37:64:19:43:6a:ff:48:
         fb:01:e4:46:c2:b5:a8:a3:be:ab:2d:5c:69:e9:83:45:24:9c:
         87:68:5a:d5:43:f7:03:64:59:99:a1:31:24:29:e9:30:41:49:
         6f:19:fd:32:52:f9:45:3c:53:cf:23:dd:f5:9a:b2:a4:96:88:
         d7:3e:58:57:6c:86:3b:b5:a0:5d:aa:83:61:35:2f:09:75:73:
         f0:c9:85:35:bc:eb:0a:2d:58:33:48:0d:7c:24:56:77:21:c9:
         94:60:9e:cc:ad:c5:7c:23:20:d7:ed:d6:97:be:fe:87:32:ff:
         8e:72:b7:60:26:ad:4f:b1:e0:9c:c9:fb:b8:28:7b:04:49:ac:
         af:af:c6:d2:01:6b:82:39:38:56:76:d9:92:71:34:b1:02:bd:
         17:53:3f:18:4b:0d:c5:47:ad:02:de:fa:1f:77:01:b3:57:bd:
         95:cc:07:f6:42:3d:8c:07:d8:51:21:43:5d:28:ca:a6:61:91:
         78:f6:d2:ee:dc:5d:af:fc:13:ba:64:3e:68:0c:fc:81:a2:d7:
         6f:c5:53:cf:57:aa:07:38:df:68:b9:da:a0:37:d9:b7:24:5d:
         d5:0c:d1:98
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbljynNMPIyXkvLp7IyCi3yuBLJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2FmZjY5Y2YxOWRjN2YyODY1NzBjNGFhYzQ1MTc2NGIw
NjViZGYwMmQ4NmVlZWIwNWM3YzM5MTkyM2Y3NTBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwojAmsk72/eQ2Azbbu5VzmAPOqmaNgKtVwBGHdJeo219y
faJP4XjeOdHAo1jLdlMEJ4A/vN4w1YjSDeJ29t6hg2+MxRP49cQQimm1UElg2vHS
kX3SMqPQPta1//m9LbbKSt6l/YW0q8vJch8Rq/0/h7Z/+RIrBB3rUmHrL7HTdKt/
ZSrtqwuXcliMJmeWYeRWIlHEyEl44CMDzXnFHPGdOYbndLUmiFeKchGIsIyAhydj
XkO+keEdQmQNPWb8/hrPqSmipwBB0R5XD6ONsBzFRYu8uUX/kIskjGKZQLjP3wPl
d+gpvs2yOWYMrUaOIX+W258ZeRd+/6dgK0N8lkapAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiYmYdGI5bgpsKokMNQl6hLL/6vwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNTE3YjJlLThmMDUtNGQyNC1iZmUxLTYyMDdjMzEyZTE3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA59jANBgkqhkiG9w0BAQsFAAOCAQEAyWHeToAKuFuRBr2kAogZWYepVPfo
3fZOFeNremc3ZBlDav9I+wHkRsK1qKO+qy1caemDRSSch2ha1UP3A2RZmaExJCnp
MEFJbxn9MlL5RTxTzyPd9ZqypJaI1z5YV2yGO7WgXaqDYTUvCXVz8MmFNbzrCi1Y
M0gNfCRWdyHJlGCezK3FfCMg1+3Wl77+hzL/jnK3YCatT7HgnMn7uCh7BEmsr6/G
0gFrgjk4VnbZknE0sQK9F1M/GEsNxUetAt76H3cBs1e9lcwH9kI9jAfYUSFDXSjK
pmGRePbS7txdr/wTumQ+aAz8gaLXb8VTz1eqBzjfaLnaoDfZtyRd1QzRmA==
-----END CERTIFICATE-----