Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa
File:                     c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa (raw, json)
Hash identifier:          8MmTf77s9c2WE/mR2+yy9Gca/8mSEfTHVanl1/JJlmU=
Subject key identifier:   82:E4:2B:F7:CE:57:97:87:31:08:A7:7A:2E:D6:C8:E2:20:5D:9A:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54014E86D28D008B40A5ED13334C1BC91DCA6561
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.130.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:01:4e:86:d2:8d:00:8b:40:a5:ed:13:33:4c:1b:c9:1d:ca:65:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=97dce5692162172b1b0b3947418f7255e98a15970ff361a9db4af7abb8f240ae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bb:63:41:78:c4:f2:e1:52:da:16:1d:15:ab:
                    23:5b:e8:aa:a6:7f:b4:cd:08:da:7b:74:9c:e0:91:
                    d6:c2:17:bf:6b:62:bf:59:46:e4:ec:c9:78:e3:e1:
                    12:f1:46:58:77:26:af:7f:fa:3b:55:4d:7b:f8:0b:
                    f7:58:e4:ca:7e:57:4c:fe:01:4a:42:72:0f:db:4a:
                    56:4f:4a:4e:75:ea:62:02:34:e3:96:28:e5:fb:8d:
                    36:ca:b0:1e:e5:eb:3c:08:e3:38:fe:5c:dc:0c:25:
                    52:d9:37:b7:fe:29:21:c7:33:5c:f4:e7:0c:fe:57:
                    de:5c:3d:66:95:b9:d7:5c:82:d3:bf:6c:14:69:88:
                    3a:07:6e:7b:8a:7d:05:c7:f2:36:45:2d:d5:01:98:
                    8a:b3:86:ed:75:3e:55:fc:4d:eb:e0:f3:09:ba:ea:
                    60:c7:af:46:7a:11:6a:75:72:8f:25:a1:19:b8:2b:
                    20:01:0f:f7:49:d0:1c:1d:94:07:bd:cf:2b:7f:1f:
                    3c:ef:00:c6:05:f8:b2:26:e5:ba:3d:61:11:9e:56:
                    dd:45:5d:96:75:68:ae:76:70:ec:ba:e1:c9:a1:1d:
                    a4:f6:b3:c0:55:15:6d:5f:89:2c:04:e9:61:e2:b0:
                    66:72:fe:fe:48:c6:58:a3:36:24:70:6f:6b:42:e8:
                    31:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E4:2B:F7:CE:57:97:87:31:08:A7:7A:2E:D6:C8:E2:20:5D:9A:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.130.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7b:27:76:e4:1d:15:3e:bb:f8:0c:6b:0e:62:49:93:ef:15:97:
         e6:73:03:53:38:dc:f3:e3:ef:ab:f4:8d:0f:7a:c8:26:d0:02:
         0d:cf:75:68:3b:76:ee:f5:98:4f:a8:9c:08:77:1a:26:d2:35:
         23:1d:9f:d6:ae:ff:aa:f0:0d:34:57:f0:b0:fb:16:1e:0e:a7:
         5b:43:8f:b7:16:8d:1b:a1:da:e9:70:1c:df:2e:ca:db:69:50:
         08:52:18:d0:8d:30:75:72:72:07:8f:a3:0b:1a:96:b3:da:ec:
         79:49:2b:77:ac:f7:f9:f5:5c:e0:93:98:0c:71:2d:66:86:59:
         f9:9a:50:5a:04:af:2c:80:7e:0f:dc:03:7f:d4:16:6a:80:3b:
         95:93:89:4d:46:8c:38:9b:59:b5:bb:ad:b6:a8:9d:5f:ac:08:
         38:72:ec:7f:b3:56:55:70:f3:ba:31:4f:58:09:8f:a9:98:fb:
         67:53:16:bf:c3:3b:6f:e9:25:3f:be:58:94:91:c9:87:81:62:
         2d:d4:b6:7c:ef:09:b6:5e:9c:d2:94:f9:a0:4c:37:02:61:54:
         54:c1:a0:18:03:2c:da:39:65:60:81:7b:fa:eb:e0:dc:2d:0e:
         fa:df:e1:17:ad:42:5b:77:8d:4f:b2:91:0f:4b:96:af:35:9e:
         31:11:32:47
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVAFOhtKNAItApe0TM0wbyR3KZWEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2RjZTU2OTIxNjIxNzJiMWIwYjM5NDc0MThmNzI1NWU5
OGExNTk3MGZmMzYxYTlkYjRhZjdhYmI4ZjI0MGFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9u2NBeMTy4VLaFh0VqyNb6Kqmf7TNCNp7dJzgkdbCF79r
Yr9ZRuTsyXjj4RLxRlh3Jq9/+jtVTXv4C/dY5Mp+V0z+AUpCcg/bSlZPSk516mIC
NOOWKOX7jTbKsB7l6zwI4zj+XNwMJVLZN7f+KSHHM1z05wz+V95cPWaVuddcgtO/
bBRpiDoHbnuKfQXH8jZFLdUBmIqzhu11PlX8Tevg8wm66mDHr0Z6EWp1co8loRm4
KyABD/dJ0BwdlAe9zyt/HzzvAMYF+LIm5bo9YRGeVt1FXZZ1aK52cOy64cmhHaT2
s8BVFW1fiSwE6WHisGZy/v5IxlijNiRwb2tC6DELAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUguQr985Xl4cxCKd6LtbI4iBdmiUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1N2YzMDgwLWM4NjgtNGM2OS1hMjNlLThkOWQ3ZGNlOTFjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQgjANBgkqhkiG9w0BAQsFAAOCAQEAeyd25B0VPrv4DGsOYkmT7xWX5nMD
Uzjc8+Pvq/SND3rIJtACDc91aDt27vWYT6icCHcaJtI1Ix2f1q7/qvANNFfwsPsW
Hg6nW0OPtxaNG6Ha6XAc3y7K22lQCFIY0I0wdXJyB4+jCxqWs9rseUkrd6z3+fVc
4JOYDHEtZoZZ+ZpQWgSvLIB+D9wDf9QWaoA7lZOJTUaMOJtZtbuttqidX6wIOHLs
f7NWVXDzujFPWAmPqZj7Z1MWv8M7b+klP75YlJHJh4FiLdS2fO8Jtl6c0pT5oEw3
AmFUVMGgGAMs2jllYIF7+uvg3C0O+t/hF61CW3eNT7KRD0uWrzWeMREyRw==
-----END CERTIFICATE-----