Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa
File:                     ca57515a-3058-4353-ab16-a7d94657f8f8.roa (raw, json)
Hash identifier:          nDG3BEIMRAuNfeS3txfO75ubnPd8lWtdiRxpbzMR/60=
Subject key identifier:   D2:28:16:28:CD:66:B9:17:F1:69:12:C6:DC:AD:25:94:61:5F:1C:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32339BF52086BFE5F965167F96BEECBE6BF95C4E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.252.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:33:9b:f5:20:86:bf:e5:f9:65:16:7f:96:be:ec:be:6b:f9:5c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=80b41b135cd21b61a6498a44b2c3348252571510cc5c1bcdb83ae1beaf1e20a3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:81:6f:04:33:fa:b6:61:dc:30:67:cd:78:e3:
                    cf:64:58:7c:5c:42:57:2b:b2:eb:63:59:ed:27:5b:
                    60:5b:a0:30:09:12:00:d0:ad:e6:ae:f5:45:9a:24:
                    82:6d:8e:47:8a:ad:b1:b1:bc:ec:bc:58:5d:0f:7b:
                    b0:53:47:c3:68:f1:a7:35:ce:1e:92:02:b2:72:2f:
                    a8:17:4f:49:97:b4:a7:c4:1f:86:f8:ab:23:d0:aa:
                    79:6e:55:b6:8e:92:ff:93:79:29:dd:7d:d1:31:a4:
                    2d:03:06:d7:e3:bd:b7:07:b1:76:7f:d8:97:bf:d5:
                    3d:0c:39:cd:f4:18:57:b0:08:42:ef:2b:9c:ad:fb:
                    99:a8:75:2e:8c:10:a7:31:3b:f9:f0:df:6b:8e:c0:
                    c2:b2:bf:a9:7f:30:24:93:0b:6d:74:9f:8f:52:97:
                    39:9a:e1:23:6f:55:24:8c:d4:b9:c7:88:08:a1:a2:
                    d5:98:dc:56:b9:4a:1b:0a:22:23:3d:16:2c:a2:5b:
                    eb:15:46:01:94:3b:a1:f6:e7:f5:55:02:1c:1e:c5:
                    e2:62:cc:e8:42:6c:d1:fc:cb:80:d2:01:18:d6:32:
                    ad:c4:91:66:ca:61:e5:c0:6f:10:66:da:81:13:47:
                    7e:1c:a9:0c:d5:07:1e:f2:08:63:9c:6c:0c:d1:a1:
                    84:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:28:16:28:CD:66:B9:17:F1:69:12:C6:DC:AD:25:94:61:5F:1C:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:02:fc:28:04:8a:03:3e:c3:83:a6:13:88:7c:54:c8:a2:2f:
         39:f9:cd:ab:82:e3:6d:8d:23:8d:f0:fc:67:66:e4:1d:f4:d7:
         6f:2e:30:03:81:10:9a:64:e2:2f:1b:77:e4:28:1d:32:9f:2a:
         f9:d3:94:9e:5e:db:38:43:8d:7a:5d:91:26:96:6d:01:09:43:
         bf:36:18:91:c5:c3:0d:9a:dd:89:4a:94:ff:60:64:62:24:38:
         4a:9d:ea:ab:3d:50:2b:dc:d1:36:ba:ed:e4:b5:af:89:16:73:
         2c:09:59:56:09:fd:5d:12:2a:4d:ff:45:ba:f1:0d:78:26:7d:
         9b:fa:2b:dc:3a:62:f6:9f:0a:96:e1:63:c8:25:d9:3b:d5:07:
         5c:21:3b:49:19:85:d4:11:cc:d0:e0:e5:4a:50:8a:b1:fa:78:
         0d:a4:aa:f0:6b:92:9f:47:01:2e:da:1f:4d:9a:af:10:b3:19:
         67:47:eb:78:bd:11:d4:5b:ed:55:de:01:eb:d7:2d:ce:d0:a8:
         4c:04:1e:35:6a:75:c8:21:1b:6f:1f:9d:93:6b:6b:78:c2:7a:
         07:6a:e3:89:8f:4e:67:ba:66:22:96:13:e2:9a:a0:8b:36:f9:
         83:03:89:85:1d:98:37:dd:bf:6c:c3:7c:61:6f:8f:87:67:4d:
         44:29:3b:ed
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMjOb9SCGv+X5ZRZ/lr7svmv5XE4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MGI0MWIxMzVjZDIxYjYxYTY0OThhNDRiMmMzMzQ4MjUy
NTcxNTEwY2M1YzFiY2RiODNhZTFiZWFmMWUyMGEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtgW8EM/q2YdwwZ814489kWHxcQlcrsutjWe0nW2BboDAJ
EgDQreau9UWaJIJtjkeKrbGxvOy8WF0Pe7BTR8No8ac1zh6SArJyL6gXT0mXtKfE
H4b4qyPQqnluVbaOkv+TeSndfdExpC0DBtfjvbcHsXZ/2Je/1T0MOc30GFewCELv
K5yt+5modS6MEKcxO/nw32uOwMKyv6l/MCSTC210n49Slzma4SNvVSSM1LnHiAih
otWY3Fa5ShsKIiM9FiyiW+sVRgGUO6H25/VVAhwexeJizOhCbNH8y4DSARjWMq3E
kWbKYeXAbxBm2oETR34cqQzVBx7yCGOcbAzRoYTHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0igWKM1muRfxaRLG3K0llGFfHNEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhNTc1MTVhLTMwNTgtNDM1My1hYjE2LWE3ZDk0NjU3ZjhmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo/DANBgkqhkiG9w0BAQsFAAOCAQEAQQL8KASKAz7Dg6YTiHxUyKIvOfnN
q4LjbY0jjfD8Z2bkHfTXby4wA4EQmmTiLxt35CgdMp8q+dOUnl7bOEONel2RJpZt
AQlDvzYYkcXDDZrdiUqU/2BkYiQ4Sp3qqz1QK9zRNrrt5LWviRZzLAlZVgn9XRIq
Tf9FuvENeCZ9m/or3Dpi9p8KluFjyCXZO9UHXCE7SRmF1BHM0ODlSlCKsfp4DaSq
8GuSn0cBLtofTZqvELMZZ0freL0R1FvtVd4B69ctztCoTAQeNWp1yCEbbx+dk2tr
eMJ6B2rjiY9OZ7pmIpYT4pqgizb5gwOJhR2YN92/bMN8YW+Ph2dNRCk77Q==
-----END CERTIFICATE-----