Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa
File:                     caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa (raw, json)
Hash identifier:          z1S33qOPqndqQuCmTyjhQBPJHdHyx3Ec9VWklGyRAuQ=
Subject key identifier:   19:4F:0B:65:87:8E:4D:8D:7D:C8:B5:C3:D6:95:28:A0:EB:4D:30:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       474314FD52C4AC54E1F27E00967770CEC0933CFC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.154.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:43:14:fd:52:c4:ac:54:e1:f2:7e:00:96:77:70:ce:c0:93:3c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=023c13ddaa6c6ffb5fcd43fc2dc33ae9f26b0e203892d862e08d609d17ef52e2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:fd:a7:c3:15:66:b7:9b:d9:ec:ff:0b:5a:9f:
                    bb:60:a9:af:9a:cc:23:a0:68:e7:11:84:ba:52:cb:
                    a1:77:35:4e:56:06:f2:15:c7:4e:57:15:5e:a4:ed:
                    7c:2b:f7:71:86:14:ea:a1:cc:e6:3f:d8:e8:99:63:
                    43:6b:34:66:24:35:cf:8d:41:87:9a:6a:e9:5f:3c:
                    02:c9:b8:c0:a4:4b:af:1f:70:fd:4a:ff:14:09:3d:
                    2b:98:17:16:57:60:b2:a7:e4:3c:aa:fb:1b:b5:9c:
                    36:f5:91:ff:0f:51:4f:0c:e5:87:0b:72:be:42:a7:
                    47:ed:46:65:cf:3a:02:4a:28:80:f2:19:c5:a0:30:
                    6d:fc:26:55:57:7e:33:89:3f:b6:4c:10:b3:ea:38:
                    3a:59:aa:16:ce:46:a7:d6:78:43:00:05:16:63:f0:
                    ce:c1:60:c5:37:d5:a0:b8:ad:59:a9:bc:ce:80:23:
                    da:01:e0:44:e7:54:36:33:35:13:ab:47:12:f4:49:
                    8e:c7:13:02:52:eb:a6:07:d8:41:c0:20:13:8c:90:
                    73:5c:4d:08:53:35:80:e7:42:32:5f:c3:9f:61:47:
                    4a:74:11:88:9a:15:fc:1a:f8:c5:fc:1e:72:44:34:
                    9d:f7:1a:a7:18:fe:38:4a:f1:20:de:01:ea:7e:98:
                    ef:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:4F:0B:65:87:8E:4D:8D:7D:C8:B5:C3:D6:95:28:A0:EB:4D:30:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:7c:4d:e0:c1:b3:64:b7:36:18:4c:0a:c9:77:69:83:80:9b:
         7a:90:b3:0b:01:c3:8b:75:18:ba:e1:33:f9:7d:e1:f8:ed:83:
         55:22:b1:84:43:33:29:b1:69:e0:fc:6d:59:4d:62:b7:36:7f:
         d1:72:54:5a:f1:f9:25:fd:1b:88:b3:57:43:8a:53:f1:96:8b:
         d8:b3:f3:77:51:6f:d8:08:50:85:a2:f2:f6:da:fc:f8:dd:1e:
         af:53:21:e5:c2:01:22:59:72:7b:b2:fd:ad:d4:31:d6:4c:ee:
         94:13:c6:41:69:4e:81:5e:0b:d2:a6:5f:af:1e:2d:77:38:21:
         7e:02:70:eb:bc:3a:3c:67:c4:8d:13:bf:9d:42:d1:fc:21:61:
         c4:c7:3c:0c:4f:31:31:a6:fc:5f:5d:26:ab:94:91:1d:5c:8a:
         5f:96:81:26:ec:5e:53:95:e2:21:40:d6:e3:f6:68:e7:bf:7e:
         06:3c:35:62:05:4a:89:01:d5:00:74:86:3d:15:a9:53:b8:90:
         e5:fd:30:79:d1:29:1f:c4:9e:a5:36:cb:92:d3:6f:56:98:25:
         80:ad:a1:ac:34:fa:9a:88:31:0c:b4:41:00:00:f3:6d:ec:9c:
         30:c8:a8:68:a4:0f:7c:e7:88:ac:3b:b4:2a:5e:54:6f:60:39:
         70:2f:9b:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR0MU/VLErFTh8n4AlndwzsCTPPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjNjMTNkZGFhNmM2ZmZiNWZjZDQzZmMyZGMzM2FlOWYy
NmIwZTIwMzg5MmQ4NjJlMDhkNjA5ZDE3ZWY1MmUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD3/afDFWa3m9ns/wtan7tgqa+azCOgaOcRhLpSy6F3NU5W
BvIVx05XFV6k7Xwr93GGFOqhzOY/2OiZY0NrNGYkNc+NQYeaaulfPALJuMCkS68f
cP1K/xQJPSuYFxZXYLKn5Dyq+xu1nDb1kf8PUU8M5YcLcr5Cp0ftRmXPOgJKKIDy
GcWgMG38JlVXfjOJP7ZMELPqODpZqhbORqfWeEMABRZj8M7BYMU31aC4rVmpvM6A
I9oB4ETnVDYzNROrRxL0SY7HEwJS66YH2EHAIBOMkHNcTQhTNYDnQjJfw59hR0p0
EYiaFfwa+MX8HnJENJ33GqcY/jhK8SDeAep+mO8DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGU8LZYeOTY19yLXD1pUooOtNMLAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhYTZiZTVkLTVlNWQtNDhjYi1iMDkwLTQ5MmI1ZmNmNWRjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjl5owDQYJKoZIhvcNAQELBQADggEBAFB8TeDBs2S3NhhMCsl3aYOAm3qQ
swsBw4t1GLrhM/l94fjtg1UisYRDMymxaeD8bVlNYrc2f9FyVFrx+SX9G4izV0OK
U/GWi9iz83dRb9gIUIWi8vba/PjdHq9TIeXCASJZcnuy/a3UMdZM7pQTxkFpToFe
C9KmX68eLXc4IX4CcOu8OjxnxI0Tv51C0fwhYcTHPAxPMTGm/F9dJquUkR1cil+W
gSbsXlOV4iFA1uP2aOe/fgY8NWIFSokB1QB0hj0VqVO4kOX9MHnRKR/EnqU2y5LT
b1aYJYCtoaw0+pqIMQy0QQAA823snDDIqGikD3zniKw7tCpeVG9gOXAvm/U=
-----END CERTIFICATE-----