Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c13f0527-b12a-49f7-8dbe-daf973329145.roa
File:                     c13f0527-b12a-49f7-8dbe-daf973329145.roa (raw, json)
Hash identifier:          NJH1nB4kIXvN1vsPQQoJBzRl82Mk9aVHKS0ray7YTeE=
Subject key identifier:   7D:5C:4A:11:67:DC:1C:DE:D9:69:A3:2F:CC:3E:3A:F1:E7:8D:3F:E8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       040EACE65D8FED79073B122931B5D4D593C95063
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c13f0527-b12a-49f7-8dbe-daf973329145.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.181.219.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:0e:ac:e6:5d:8f:ed:79:07:3b:12:29:31:b5:d4:d5:93:c9:50:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=ec838205b6d34cc8cda06fdc7c86721a647408a8bacde720426ad23f1bc2f989, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:96:6e:74:60:ff:43:db:4d:3d:77:87:ef:1a:
                    08:57:1a:23:08:d5:32:e0:10:24:da:6d:9c:42:c9:
                    75:fa:84:47:53:b0:69:ea:18:0f:ec:33:99:22:d9:
                    29:7c:72:19:be:77:2b:1f:e0:97:47:5d:ec:bf:17:
                    d3:f5:4d:bd:5e:90:ab:1a:a8:d6:91:52:48:be:9c:
                    0a:10:7e:92:be:28:ad:a4:8b:81:91:e0:fe:8e:37:
                    39:0f:f3:f1:37:12:98:89:fd:a8:e8:e4:c9:88:8d:
                    28:e8:1c:53:7d:d2:fe:f9:da:5e:c9:93:71:d4:ac:
                    53:ae:2e:85:f5:c7:e6:8f:1e:f1:d4:e3:11:67:2d:
                    d4:4a:0c:b2:72:88:33:0a:4f:41:fa:c0:81:1f:c9:
                    2a:84:f4:37:e5:ba:94:60:a8:47:47:02:93:6b:1f:
                    7a:bb:b1:02:eb:2a:6d:36:5d:2b:4e:d3:e2:62:6e:
                    42:ed:f2:9e:5e:ac:6e:26:36:37:93:b4:de:1e:34:
                    ac:64:1b:92:57:f2:26:34:d7:f1:a6:5b:39:c3:e0:
                    d9:7b:57:43:82:c7:f7:ed:57:14:04:82:b9:26:7a:
                    e3:43:07:b2:68:66:0d:da:76:8e:d0:4c:8a:d3:69:
                    8d:4e:ea:6a:78:a0:a9:fb:bc:67:e8:36:34:53:4d:
                    fe:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:5C:4A:11:67:DC:1C:DE:D9:69:A3:2F:CC:3E:3A:F1:E7:8D:3F:E8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c13f0527-b12a-49f7-8dbe-daf973329145.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.181.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:28:53:74:1d:46:13:07:81:0c:89:c2:8a:b9:b8:fc:23:31:
         0a:c0:7a:22:54:74:a0:de:21:0f:96:f2:6f:16:ed:cf:18:43:
         26:8f:fd:e9:d1:5d:84:dd:3b:26:dc:7e:4a:dd:d6:a7:c3:fa:
         ab:42:2e:81:5d:f6:46:00:db:a3:a0:d9:f7:45:42:73:da:5b:
         2b:2d:2e:f4:66:1b:d4:12:59:7b:17:10:2d:a1:6c:a1:7c:ce:
         94:99:8d:e8:42:95:12:a3:6c:32:aa:a9:5f:77:04:bf:66:69:
         5b:e4:4b:07:6f:15:9f:08:80:ec:4d:70:16:39:75:26:5a:61:
         8c:44:a3:ac:c6:6b:83:e3:90:27:90:14:a1:9a:04:8d:d2:7e:
         36:7f:ce:e2:bf:fb:43:3f:8c:7d:4f:71:a9:55:6c:12:b1:d1:
         3c:99:88:97:38:85:12:7b:33:9e:3c:2d:62:15:44:25:c5:2c:
         4d:0f:34:43:e1:ef:bc:87:03:e4:fc:04:10:e5:a2:3b:79:5a:
         01:04:39:1e:6c:f7:92:93:a4:bf:f7:ef:81:1e:6e:73:e2:14:
         70:d4:d9:21:4a:70:84:fe:3c:92:c8:08:e9:c3:95:c4:ee:79:
         f8:68:b4:22:97:d9:2e:61:37:c8:68:9d:ff:92:df:c7:ad:d3:
         0c:d2:2a:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBA6s5l2P7XkHOxIpMbXU1ZPJUGMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzgzODIwNWI2ZDM0Y2M4Y2RhMDZmZGM3Yzg2NzIxYTY0
NzQwOGE4YmFjZGU3MjA0MjZhZDIzZjFiYzJmOTg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDblm50YP9D2009d4fvGghXGiMI1TLgECTabZxCyXX6hEdT
sGnqGA/sM5ki2Sl8chm+dysf4JdHXey/F9P1Tb1ekKsaqNaRUki+nAoQfpK+KK2k
i4GR4P6ONzkP8/E3EpiJ/ajo5MmIjSjoHFN90v752l7Jk3HUrFOuLoX1x+aPHvHU
4xFnLdRKDLJyiDMKT0H6wIEfySqE9DflupRgqEdHApNrH3q7sQLrKm02XStO0+Ji
bkLt8p5erG4mNjeTtN4eNKxkG5JX8iY01/GmWznD4Nl7V0OCx/ftVxQEgrkmeuND
B7JoZg3ado7QTIrTaY1O6mp4oKn7vGfoNjRTTf4xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfVxKEWfcHN7ZaaMvzD468eeNP+gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxM2YwNTI3LWIxMmEtNDlmNy04ZGJlLWRhZjk3MzMyOTE0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADKtdswDQYJKoZIhvcNAQELBQADggEBAKgoU3QdRhMHgQyJwoq5uPwjMQrA
eiJUdKDeIQ+W8m8W7c8YQyaP/enRXYTdOybcfkrd1qfD+qtCLoFd9kYA26Og2fdF
QnPaWystLvRmG9QSWXsXEC2hbKF8zpSZjehClRKjbDKqqV93BL9maVvkSwdvFZ8I
gOxNcBY5dSZaYYxEo6zGa4PjkCeQFKGaBI3SfjZ/zuK/+0M/jH1PcalVbBKx0TyZ
iJc4hRJ7M548LWIVRCXFLE0PNEPh77yHA+T8BBDlojt5WgEEOR5s95KTpL/374Ee
bnPiFHDU2SFKcIT+PJLICOnDlcTuefhotCKX2S5hN8honf+S38et0wzSKqw=
-----END CERTIFICATE-----