Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa
File:                     c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa (raw, json)
Hash identifier:          NVKstjit0ijSpwtgdxixQRex29/fG/GtSIb3ohkzNXA=
Subject key identifier:   9A:5E:15:4B:7D:28:4C:B7:3E:A7:CD:90:66:78:B9:E0:55:B9:4C:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34E5FA4087B358BA4A33A5424DEAB99B8F7B4B40
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        148.65.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e5:fa:40:87:b3:58:ba:4a:33:a5:42:4d:ea:b9:9b:8f:7b:4b:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=cefd9be5b613149396d23d572571f400f97710150c7c36066a632e7cfbb4cb1d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d0:15:4a:65:da:e2:30:65:b0:9a:fc:9a:85:
                    4c:aa:02:e2:13:11:ae:38:c5:bb:03:71:22:35:01:
                    e5:c9:07:28:96:c2:2b:18:f2:2e:a5:0d:dc:29:ee:
                    df:bf:d4:b9:6b:0f:16:cd:b6:af:d0:13:81:09:6c:
                    53:44:d1:13:33:8b:c7:8b:a3:c7:eb:9b:75:1c:ff:
                    4a:31:01:69:96:fc:ca:22:ff:c4:89:dc:57:b6:a3:
                    95:3a:71:bf:a3:35:89:3a:3b:92:fb:f8:b1:4c:07:
                    52:18:4d:6b:fe:42:f3:eb:a8:f8:4b:21:41:e3:f6:
                    1d:e6:1a:b1:e0:98:f5:1c:b2:33:ab:d1:2a:03:9d:
                    8c:b4:54:4d:fb:ab:9a:b2:cb:d0:79:b4:0a:56:85:
                    f2:c7:76:a9:c5:69:f7:0a:71:a6:9f:38:97:84:1b:
                    fb:d6:01:a6:6c:9a:26:2c:0c:cb:b8:ce:31:db:49:
                    0b:76:17:7a:9c:81:9e:74:c4:84:1d:93:7f:64:a9:
                    67:71:e6:bc:37:52:52:89:ab:50:21:d1:e5:a7:6e:
                    a0:61:90:c9:e4:61:65:12:84:0e:67:00:0e:03:f8:
                    5d:67:59:dc:30:84:82:50:75:16:b9:81:cf:98:6f:
                    c9:d6:1a:1c:26:3b:ad:b3:56:75:a4:6e:51:fe:3d:
                    0c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:5E:15:4B:7D:28:4C:B7:3E:A7:CD:90:66:78:B9:E0:55:B9:4C:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:a9:72:e1:8f:43:10:99:ee:1a:cb:66:92:42:10:46:87:26:
         01:ac:8c:fd:39:3d:84:2e:a2:0b:72:0f:32:26:d5:1d:6c:d4:
         60:29:ba:80:60:8c:54:19:9d:89:4e:46:cb:a6:d9:8a:e9:b2:
         b3:ac:8b:08:a9:ad:ed:8a:ce:67:fb:c4:6c:e6:7c:cd:bb:27:
         d4:1a:88:e1:75:96:bd:8b:4a:de:d7:5a:88:4a:0d:4c:33:5b:
         e2:3a:42:f0:b2:80:ff:8b:78:45:32:66:2b:ba:3b:1c:04:3b:
         c8:ca:fa:e4:f0:e5:f9:24:e9:34:fa:ed:c8:11:05:d5:c1:12:
         7f:1c:cc:3e:2f:c4:02:09:5a:13:11:da:2a:c3:b3:fd:d9:8e:
         cd:be:4d:c5:ab:b8:df:7d:46:ab:43:a6:c7:53:db:3e:dd:7d:
         a8:a1:47:7d:94:43:60:30:b3:0a:5a:27:5a:c0:df:f0:38:a6:
         5f:53:f3:2b:19:29:fe:ca:ce:83:a0:44:54:e4:1c:cb:cb:9c:
         38:ac:0b:39:5c:7f:78:89:de:d9:39:be:e8:be:53:34:87:98:
         05:e6:eb:02:d5:27:f6:d6:86:1f:bc:96:30:72:53:bf:5a:f8:
         4a:af:3d:34:40:45:c2:31:8d:1b:e5:0a:2e:39:2a:04:d1:27:
         52:85:38:58
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNOX6QIezWLpKM6VCTeq5m497S0AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWZkOWJlNWI2MTMxNDkzOTZkMjNkNTcyNTcxZjQwMGY5
NzcxMDE1MGM3YzM2MDY2YTYzMmU3Y2ZiYjRjYjFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI0BVKZdriMGWwmvyahUyqAuITEa44xbsDcSI1AeXJByiW
wisY8i6lDdwp7t+/1LlrDxbNtq/QE4EJbFNE0RMzi8eLo8frm3Uc/0oxAWmW/Moi
/8SJ3Fe2o5U6cb+jNYk6O5L7+LFMB1IYTWv+QvPrqPhLIUHj9h3mGrHgmPUcsjOr
0SoDnYy0VE37q5qyy9B5tApWhfLHdqnFafcKcaafOJeEG/vWAaZsmiYsDMu4zjHb
SQt2F3qcgZ50xIQdk39kqWdx5rw3UlKJq1Ah0eWnbqBhkMnkYWUShA5nAA4D+F1n
WdwwhIJQdRa5gc+Yb8nWGhwmO62zVnWkblH+PQxxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUml4VS30oTLc+p82QZni54FW5TF0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3OWRjZmUwLWRhNDQtNDdkMC1iOGY0LTE0NGJiNWUyNDRmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCUQTANBgkqhkiG9w0BAQsFAAOCAQEAlqly4Y9DEJnuGstmkkIQRocmAayM
/Tk9hC6iC3IPMibVHWzUYCm6gGCMVBmdiU5Gy6bZiumys6yLCKmt7YrOZ/vEbOZ8
zbsn1BqI4XWWvYtK3tdaiEoNTDNb4jpC8LKA/4t4RTJmK7o7HAQ7yMr65PDl+STp
NPrtyBEF1cESfxzMPi/EAglaExHaKsOz/dmOzb5Nxau4331Gq0Omx1PbPt19qKFH
fZRDYDCzClonWsDf8DimX1PzKxkp/srOg6BEVOQcy8ucOKwLOVx/eIne2Tm+6L5T
NIeYBebrAtUn9taGH7yWMHJTv1r4Sq89NEBFwjGNG+UKLjkqBNEnUoU4WA==
-----END CERTIFICATE-----