Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c71c7203-a977-40d5-a22f-95e3ab24db4f.roa
File:                     c71c7203-a977-40d5-a22f-95e3ab24db4f.roa (raw, json)
Hash identifier:          2OM4PCfJPOzfmhZQzmN861U2NizT2Swe3bANZhr5tCQ=
Subject key identifier:   44:B3:61:77:0E:0F:10:E2:47:A1:BB:9B:A6:06:4A:58:44:28:DB:04
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AFED24597913D6790D9E23F949A55635E429008
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c71c7203-a977-40d5-a22f-95e3ab24db4f.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.166.224.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:fe:d2:45:97:91:3d:67:90:d9:e2:3f:94:9a:55:63:5e:42:90:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=f432791a518437fd6800e71e1fde6c678c9e9ba364ff34dd414518d123eb0322, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f8:e3:8d:fa:19:ef:8e:9b:db:cf:8a:24:1a:
                    34:5f:1a:5a:cb:60:72:c8:64:d3:6a:a0:01:e7:f5:
                    8d:72:ef:c9:58:67:82:60:ae:60:ab:70:91:8f:be:
                    bf:95:9f:6e:36:02:66:b2:94:e7:1a:5b:5e:a1:a4:
                    6d:60:10:a7:b4:41:11:28:29:c1:09:47:32:de:47:
                    43:94:53:06:d1:f7:5d:bb:b6:5c:70:36:fd:af:a7:
                    5e:87:aa:ad:f7:d3:9a:e4:c7:27:0f:8d:9a:98:5e:
                    57:11:2b:37:e9:7a:31:89:4b:da:55:fd:ca:f2:fe:
                    5c:1e:ec:33:e9:21:a4:32:52:5d:80:cd:e5:b0:28:
                    f4:2a:41:54:5b:9d:c7:32:db:8a:9f:60:56:c6:d9:
                    29:1e:76:63:6f:6c:ab:87:46:98:19:17:54:3c:11:
                    e8:9b:9b:47:9b:b6:2d:8d:ba:8f:e2:b5:23:ca:7a:
                    35:59:99:d9:49:18:dd:cd:7b:8f:d5:e2:7b:96:d8:
                    55:7e:84:a0:b7:af:31:d2:78:60:15:a4:43:6d:f7:
                    07:d5:42:61:e7:8a:44:cd:ea:97:9f:3b:81:6e:6e:
                    8e:d1:d2:36:77:25:e0:56:60:c2:d6:93:ec:f8:d6:
                    f4:8f:23:4b:97:e6:94:7e:f7:55:6a:bd:a0:0b:f2:
                    7f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B3:61:77:0E:0F:10:E2:47:A1:BB:9B:A6:06:4A:58:44:28:DB:04
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c71c7203-a977-40d5-a22f-95e3ab24db4f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.166.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8a:d5:9a:29:c8:e6:33:84:4f:5d:a7:21:ae:ab:fa:f9:8b:f5:
         39:e7:4d:12:46:23:07:4b:8d:41:50:fb:f3:04:fd:45:d2:40:
         db:54:4f:2c:06:1d:35:ec:65:79:62:b6:e2:e1:bb:fb:d1:bd:
         39:ce:05:10:6e:2a:f0:52:9c:80:0a:2a:7d:af:9d:99:94:93:
         96:18:79:91:4b:bf:40:f5:16:96:ab:28:3e:3a:54:61:ab:34:
         44:2e:1c:02:8e:8e:a6:8e:e1:d3:a7:a6:06:19:fe:60:82:54:
         64:6f:4e:db:03:0b:de:72:d4:cd:6d:fa:a9:db:b0:27:6f:31:
         47:c8:ea:60:0f:4c:eb:2f:79:7a:03:90:dd:79:b3:89:f1:73:
         a9:99:b3:9f:33:2d:ec:c8:94:f2:9e:92:e4:fb:45:12:fa:65:
         81:95:fe:a3:8e:e2:72:e2:65:72:9e:44:a8:fb:eb:99:d5:1b:
         9e:ff:f5:2a:e1:82:f4:ea:14:c5:9b:9d:ae:e3:0d:9c:0c:da:
         1e:05:02:ff:10:04:1d:67:d2:0e:84:ea:a1:75:88:f2:28:54:
         6d:d6:2f:78:94:77:6a:10:5d:a2:91:bd:41:0a:24:76:4a:e6:
         34:48:68:07:fd:c4:a9:0f:d3:ea:d0:e8:50:7d:64:37:20:33:
         ab:ae:3b:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUev7SRZeRPWeQ2eI/lJpVY15CkAgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDMyNzkxYTUxODQzN2ZkNjgwMGU3MWUxZmRlNmM2Nzhj
OWU5YmEzNjRmZjM0ZGQ0MTQ1MThkMTIzZWIwMzIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH+OON+hnvjpvbz4okGjRfGlrLYHLIZNNqoAHn9Y1y78lY
Z4JgrmCrcJGPvr+Vn242AmaylOcaW16hpG1gEKe0QREoKcEJRzLeR0OUUwbR9127
tlxwNv2vp16Hqq3305rkxycPjZqYXlcRKzfpejGJS9pV/cry/lwe7DPpIaQyUl2A
zeWwKPQqQVRbnccy24qfYFbG2SkedmNvbKuHRpgZF1Q8Eeibm0ebti2Nuo/itSPK
ejVZmdlJGN3Ne4/V4nuW2FV+hKC3rzHSeGAVpENt9wfVQmHnikTN6pefO4Fubo7R
0jZ3JeBWYMLWk+z41vSPI0uX5pR+91VqvaAL8n9rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURLNhdw4PEOJHobubpgZKWEQo2wQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3MWM3MjAzLWE5NzctNDBkNS1hMjJmLTk1ZTNhYjI0ZGI0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVspuAwDQYJKoZIhvcNAQELBQADggEBAIrVminI5jOET12nIa6r+vmL9Tnn
TRJGIwdLjUFQ+/ME/UXSQNtUTywGHTXsZXlituLhu/vRvTnOBRBuKvBSnIAKKn2v
nZmUk5YYeZFLv0D1FparKD46VGGrNEQuHAKOjqaO4dOnpgYZ/mCCVGRvTtsDC95y
1M1t+qnbsCdvMUfI6mAPTOsveXoDkN15s4nxc6mZs58zLezIlPKekuT7RRL6ZYGV
/qOO4nLiZXKeRKj765nVG57/9SrhgvTqFMWbna7jDZwM2h4FAv8QBB1n0g6E6qF1
iPIoVG3WL3iUd2oQXaKRvUEKJHZK5jRIaAf9xKkP0+rQ6FB9ZDcgM6uuO/M=
-----END CERTIFICATE-----