Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c81689da-9859-446e-ac73-705fc08fb300.roa
File:                     c81689da-9859-446e-ac73-705fc08fb300.roa (raw, json)
Hash identifier:          ga5loXRiQnNBsdiOrEeL4PDkSLZE0KTEPG4PosNMDKE=
Subject key identifier:   8B:B3:9F:37:B3:ED:3E:39:F3:AE:D7:8F:F8:09:79:11:E5:EF:B3:FF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01B439DB3307025FA03D10C25EAEDC389CC85D09
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c81689da-9859-446e-ac73-705fc08fb300.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.41.0.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b4:39:db:33:07:02:5f:a0:3d:10:c2:5e:ae:dc:38:9c:c8:5d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=be09eb0bfe5743aaac4d634cb5cdeaba8ea1001395728c75121b06b7857eee8d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:ad:26:b7:db:76:e2:81:40:7c:8b:7a:e6:
                    15:af:32:2f:c9:cb:0c:1f:23:8a:75:50:60:b3:32:
                    98:62:23:76:37:d0:52:ad:64:e3:f6:87:b0:1d:cd:
                    7c:35:06:b3:eb:39:13:12:d2:3b:49:d7:a3:fa:fd:
                    91:fd:35:7b:4b:f6:09:34:70:2e:66:57:f9:29:ea:
                    e7:9f:52:2d:bf:eb:14:36:2e:d4:87:6d:e1:d6:09:
                    c6:62:90:ca:6f:bf:c8:ee:37:c1:da:eb:f0:ff:d5:
                    03:c2:26:29:99:60:7d:b4:b6:bc:77:93:2d:a1:1b:
                    7a:41:1a:0a:93:8b:41:18:25:a6:03:5d:7c:aa:5c:
                    be:e3:04:b3:55:be:e6:7d:1c:dc:5a:03:4c:1c:7d:
                    20:cf:41:6d:f3:e6:8d:62:39:0d:43:e7:c0:d4:75:
                    a5:04:9b:50:86:68:cb:96:39:75:1f:a1:fc:20:39:
                    cf:b1:3b:21:e9:cf:f5:26:c4:f4:cb:c2:cf:00:7d:
                    23:c9:4d:bd:fa:9c:3e:46:59:87:30:6b:0c:4d:39:
                    9c:7d:dd:a0:22:69:6e:e2:5f:62:f5:69:61:fa:6b:
                    61:2c:21:ed:55:ac:7f:d8:08:32:5b:3f:c1:6e:27:
                    b1:60:79:ba:85:f9:65:e4:c1:7d:9e:ac:f1:9c:ad:
                    53:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B3:9F:37:B3:ED:3E:39:F3:AE:D7:8F:F8:09:79:11:E5:EF:B3:FF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c81689da-9859-446e-ac73-705fc08fb300.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.41.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         24:de:3b:71:e8:b6:7a:e3:a9:32:67:2c:95:f8:c3:69:f8:b6:
         fb:19:65:7a:8b:c3:e6:69:58:a4:d3:29:db:c9:92:91:4e:bf:
         65:d7:ff:c4:5f:43:fe:4a:60:95:27:f1:ee:f5:ef:a2:55:df:
         87:13:53:ba:a4:6b:12:f5:f7:e2:32:42:2f:4c:81:d2:9b:31:
         58:69:7b:ce:53:f5:e3:54:24:1e:e3:dc:5f:1a:35:48:e2:03:
         6f:79:f7:33:c6:66:cd:48:96:3a:c7:e9:ed:10:7f:8f:da:a4:
         b8:eb:7a:e6:cb:9c:e7:6e:ca:7c:4b:30:10:db:d6:7b:c4:ae:
         fe:01:c1:64:f4:34:a5:0c:b1:cd:d5:ec:b4:e6:05:38:83:e7:
         4f:93:73:9d:57:3d:d9:25:af:10:16:f1:c0:57:6d:14:91:5b:
         91:b4:70:53:bb:b6:7a:94:b0:f8:7e:5a:61:13:a6:37:ed:1d:
         19:bb:07:1b:e7:f3:b6:31:57:bb:57:e9:07:5b:b5:47:18:a0:
         8c:6e:46:10:a1:de:3a:27:3b:fd:d0:67:f5:e9:e0:ec:83:19:
         44:c1:4f:33:72:5c:df:54:d5:5b:c9:26:13:ad:d4:b0:87:5c:
         32:09:ae:cc:c4:e6:03:fd:1d:12:9e:77:ed:04:0b:fc:43:b7:
         df:e6:50:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAbQ52zMHAl+gPRDCXq7cOJzIXQkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTA5ZWIwYmZlNTc0M2FhYWM0ZDYzNGNiNWNkZWFiYThl
YTEwMDEzOTU3MjhjNzUxMjFiMDZiNzg1N2VlZThkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBDK0mt9t24oFAfIt65hWvMi/JywwfI4p1UGCzMphiI3Y3
0FKtZOP2h7AdzXw1BrPrORMS0jtJ16P6/ZH9NXtL9gk0cC5mV/kp6uefUi2/6xQ2
LtSHbeHWCcZikMpvv8juN8Ha6/D/1QPCJimZYH20trx3ky2hG3pBGgqTi0EYJaYD
XXyqXL7jBLNVvuZ9HNxaA0wcfSDPQW3z5o1iOQ1D58DUdaUEm1CGaMuWOXUfofwg
Oc+xOyHpz/UmxPTLws8AfSPJTb36nD5GWYcwawxNOZx93aAiaW7iX2L1aWH6a2Es
Ie1VrH/YCDJbP8FuJ7FgebqF+WXkwX2erPGcrVN5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi7OfN7PtPjnzrteP+Al5EeXvs/8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4MTY4OWRhLTk4NTktNDQ2ZS1hYzczLTcwNWZjMDhmYjMwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARIKQAwDQYJKoZIhvcNAQELBQADggEBACTeO3HotnrjqTJnLJX4w2n4tvsZ
ZXqLw+ZpWKTTKdvJkpFOv2XX/8RfQ/5KYJUn8e7176JV34cTU7qkaxL19+IyQi9M
gdKbMVhpe85T9eNUJB7j3F8aNUjiA2959zPGZs1IljrH6e0Qf4/apLjreubLnOdu
ynxLMBDb1nvErv4BwWT0NKUMsc3V7LTmBTiD50+Tc51XPdklrxAW8cBXbRSRW5G0
cFO7tnqUsPh+WmETpjftHRm7Bxvn87YxV7tX6QdbtUcYoIxuRhCh3jonO/3QZ/Xp
4OyDGUTBTzNyXN9U1VvJJhOt1LCHXDIJrszE5gP9HRKed+0EC/xDt9/mUA8=
-----END CERTIFICATE-----