Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c861fdbb-0046-4afd-b8e6-bbc3b8cb50f9.roa
File:                     c861fdbb-0046-4afd-b8e6-bbc3b8cb50f9.roa (raw, json)
Hash identifier:          0os20WA4k39wFsFH74Y2+KoEPgoxbbG7eOp7+q4ZCpc=
Subject key identifier:   9F:55:D2:6C:19:F0:CC:90:AB:C2:AC:17:EF:DD:AA:24:6D:00:79:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54E90FA2686B331A20585CB22168D1492ABEDFCC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c861fdbb-0046-4afd-b8e6-bbc3b8cb50f9.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        165.67.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:e9:0f:a2:68:6b:33:1a:20:58:5c:b2:21:68:d1:49:2a:be:df:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=0c5f3f02bcc72a04bdf897fc2ae861c82303bdf3c049129e845f27ec93c2aa8b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c7:7a:90:02:b8:1f:3b:13:ab:ac:0e:dc:de:
                    ea:25:14:e1:4d:02:c2:4c:98:04:85:6f:09:3e:65:
                    3e:4a:bb:26:b1:e2:87:a4:4c:e5:dd:bb:ff:91:07:
                    83:ca:f5:39:17:dd:7c:9c:28:45:4d:ad:1e:c6:c0:
                    4b:89:fa:9c:54:46:3b:41:39:88:31:b7:7c:f2:6d:
                    88:8f:ec:37:4f:93:e7:75:b2:92:bc:ce:e1:9a:99:
                    75:b2:1b:d2:4e:03:06:26:c0:e8:04:1c:6c:d7:5c:
                    dc:b6:b0:b2:9c:e4:93:8a:97:d9:ae:a2:08:72:4d:
                    6e:20:eb:e2:04:43:fa:62:73:5c:d0:96:c6:3e:5c:
                    28:db:9a:45:88:22:65:13:6f:65:de:0e:9c:04:24:
                    76:64:cc:41:58:ed:18:44:36:23:6f:dd:3d:44:bb:
                    a7:2c:90:20:05:a7:41:83:6f:f1:f6:f4:4a:0e:a6:
                    4b:e2:29:d9:76:e7:78:b1:3a:b6:60:95:7f:35:7c:
                    2c:f8:20:e4:3a:8f:cf:96:2c:0d:46:8b:44:dc:77:
                    a1:47:78:e3:66:d1:70:c2:36:f4:95:12:27:e8:0f:
                    ee:ae:ec:86:af:1a:aa:d7:6c:8f:e6:db:46:d9:59:
                    f6:ba:33:4b:91:8c:30:ce:0a:4a:13:61:49:e5:b7:
                    6a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:55:D2:6C:19:F0:CC:90:AB:C2:AC:17:EF:DD:AA:24:6D:00:79:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c861fdbb-0046-4afd-b8e6-bbc3b8cb50f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.67.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:1e:48:0a:39:90:9b:51:97:a9:a2:22:30:5c:23:e5:ce:84:
         f0:cc:5d:99:f3:83:20:8a:26:c8:f6:0b:89:5d:6c:0b:cc:5c:
         1d:b8:92:84:bc:58:d4:30:ba:0a:db:f5:62:67:47:6a:a8:0a:
         d5:04:f2:9f:1a:01:0c:46:7c:1c:87:1f:98:32:72:4f:9f:75:
         cd:75:7f:ad:10:f2:99:e0:98:25:df:f1:70:04:6b:89:76:dc:
         19:c1:0b:84:bc:bd:ac:53:2b:c0:74:5b:94:39:54:57:5d:2e:
         49:8a:a4:d9:41:a1:c4:30:6f:c4:dd:38:63:c2:b8:78:54:53:
         02:50:01:ea:f3:66:d0:cd:5a:d3:50:7b:d3:df:4c:c1:54:04:
         32:ac:76:d1:44:98:da:84:55:81:71:b6:86:34:9f:9e:9a:c3:
         1d:c2:ff:32:a1:7b:32:44:bb:9b:7d:75:71:2c:58:6b:bd:6e:
         ba:3d:4e:98:7c:1f:ab:46:a3:5b:09:06:07:2c:3c:f2:c0:a1:
         ca:af:e6:1f:2c:89:0d:40:dd:56:79:e4:d6:51:5b:6a:da:9c:
         1a:c2:07:ad:76:eb:e5:fa:83:80:40:07:05:32:fb:b9:23:a4:
         a9:66:4d:47:da:7e:dd:ea:82:10:93:e8:ca:88:0b:20:12:87:
         b4:26:06:9e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVOkPomhrMxogWFyyIWjRSSq+38wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzVmM2YwMmJjYzcyYTA0YmRmODk3ZmMyYWU4NjFjODIz
MDNiZGYzYzA0OTEyOWU4NDVmMjdlYzkzYzJhYThiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRx3qQArgfOxOrrA7c3uolFOFNAsJMmASFbwk+ZT5Kuyax
4oekTOXdu/+RB4PK9TkX3XycKEVNrR7GwEuJ+pxURjtBOYgxt3zybYiP7DdPk+d1
spK8zuGamXWyG9JOAwYmwOgEHGzXXNy2sLKc5JOKl9muoghyTW4g6+IEQ/pic1zQ
lsY+XCjbmkWIImUTb2XeDpwEJHZkzEFY7RhENiNv3T1Eu6cskCAFp0GDb/H29EoO
pkviKdl253ixOrZglX81fCz4IOQ6j8+WLA1Gi0Tcd6FHeONm0XDCNvSVEifoD+6u
7IavGqrXbI/m20bZWfa6M0uRjDDOCkoTYUnlt2olAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUn1XSbBnwzJCrwqwX792qJG0AeZ8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4NjFmZGJiLTAwNDYtNGFmZC1iOGU2LWJiYzNiOGNiNTBmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwClQzANBgkqhkiG9w0BAQsFAAOCAQEACR5ICjmQm1GXqaIiMFwj5c6E8Mxd
mfODIIomyPYLiV1sC8xcHbiShLxY1DC6Ctv1YmdHaqgK1QTynxoBDEZ8HIcfmDJy
T591zXV/rRDymeCYJd/xcARriXbcGcELhLy9rFMrwHRblDlUV10uSYqk2UGhxDBv
xN04Y8K4eFRTAlAB6vNm0M1a01B7099MwVQEMqx20USY2oRVgXG2hjSfnprDHcL/
MqF7MkS7m311cSxYa71uuj1OmHwfq0ajWwkGByw88sChyq/mHyyJDUDdVnnk1lFb
atqcGsIHrXbr5fqDgEAHBTL7uSOkqWZNR9p+3eqCEJPoyogLIBKHtCYGng==
-----END CERTIFICATE-----