Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2526c3a-77ad-4669-af27-f2171d468d2d.roa
File:                     d2526c3a-77ad-4669-af27-f2171d468d2d.roa (raw, json)
Hash identifier:          n2akDoLO9tvzRIgwQyIaFW5hHDJa+ZJJoP2OYVq260Y=
Subject key identifier:   73:A0:5D:9D:E0:C2:67:A8:2B:00:3C:CC:42:39:45:6E:75:4E:43:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       684B371596D0C9AA54D18ED66AD4C96C8C0D1E12
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2526c3a-77ad-4669-af27-f2171d468d2d.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.246.116.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:4b:37:15:96:d0:c9:aa:54:d1:8e:d6:6a:d4:c9:6c:8c:0d:1e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=2c35d49759ea0ae4006c29d3f1767066c06fb29371c765ceda96a07f1142900f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a0:47:bc:64:f4:4b:9e:92:c8:15:b8:06:5a:
                    c6:0c:00:a6:83:85:36:d2:91:9c:79:93:df:3f:b3:
                    55:41:5e:e6:19:ab:85:47:87:5b:fe:1c:dd:a3:7f:
                    10:14:97:10:32:91:3d:67:ad:f3:00:c6:25:cf:b8:
                    09:62:b9:ab:93:a5:9b:2b:8f:35:12:72:33:6a:44:
                    ed:ce:5e:a3:b2:a5:f2:64:21:4f:7e:93:78:d7:c7:
                    ae:c3:c4:52:02:61:fe:41:eb:ba:d2:2c:a3:23:2b:
                    dd:ab:66:36:5c:ef:e8:9d:ab:4d:ab:8f:a0:73:87:
                    83:c9:e8:6e:51:10:13:02:6e:28:ef:8e:17:b4:4f:
                    85:98:4c:21:9b:76:d9:26:e3:14:b4:7b:78:f3:bc:
                    7c:13:40:6c:24:88:9b:e0:43:fd:90:05:bb:73:4e:
                    fd:a6:73:84:12:f6:af:f9:22:2c:14:77:df:2c:00:
                    83:c8:62:20:4c:4e:af:19:01:fc:7d:01:fa:ae:a6:
                    11:7b:c5:74:ff:71:66:95:2b:fe:38:9f:eb:43:4d:
                    86:48:69:80:f4:7c:e4:a4:5e:7c:e7:20:f5:db:e2:
                    7b:2d:c6:84:bb:1f:e3:33:2a:f3:42:e2:e3:59:0d:
                    26:14:a1:d5:26:57:92:98:be:0b:43:e2:e4:49:a1:
                    36:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:A0:5D:9D:E0:C2:67:A8:2B:00:3C:CC:42:39:45:6E:75:4E:43:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2526c3a-77ad-4669-af27-f2171d468d2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.246.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:8b:38:7a:45:32:7f:51:fe:72:15:8a:b6:66:fd:4b:a7:47:
         44:c0:70:7a:ef:f9:cb:e9:75:ed:ea:b3:8a:b7:cb:f8:f4:8b:
         f8:70:6b:80:3a:01:b2:18:81:a5:66:e7:f1:bf:16:25:e1:86:
         a3:d7:0d:72:f7:a8:f3:08:9f:3e:23:c4:db:2e:72:20:51:d6:
         14:7f:ec:ab:14:c7:52:5b:28:33:57:77:8a:13:ae:e8:c7:95:
         a4:70:46:ec:e4:8f:cf:42:3f:3f:96:ee:f1:1d:68:8f:7a:bb:
         f0:a4:8d:98:68:f6:19:7e:bd:2c:fb:a7:f2:0c:cb:31:20:ae:
         98:55:89:6c:5b:6f:99:17:b0:ca:66:6b:f3:5d:6d:47:94:9e:
         f6:49:a5:8b:78:dc:bc:91:fa:e7:23:fd:d4:37:f6:a3:d4:87:
         06:94:17:7d:6f:de:dd:3c:2d:c0:52:14:2a:58:9a:4d:a5:a3:
         1d:66:d6:3c:97:bb:4b:7b:c5:9f:b7:5d:a2:2b:da:98:a0:4f:
         60:88:15:0e:d0:c1:78:bc:f2:a5:8b:7f:68:f5:e1:6c:a1:df:
         f6:7f:d4:8c:a3:cd:0f:39:8f:bc:cc:38:7c:94:39:5d:91:3c:
         6e:b3:0f:3d:de:62:a8:1a:26:30:2d:18:5a:91:8f:3f:a8:37:
         31:57:a3:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaEs3FZbQyapU0Y7WatTJbIwNHhIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzM1ZDQ5NzU5ZWEwYWU0MDA2YzI5ZDNmMTc2NzA2NmMw
NmZiMjkzNzFjNzY1Y2VkYTk2YTA3ZjExNDI5MDBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8oEe8ZPRLnpLIFbgGWsYMAKaDhTbSkZx5k98/s1VBXuYZ
q4VHh1v+HN2jfxAUlxAykT1nrfMAxiXPuAliuauTpZsrjzUScjNqRO3OXqOypfJk
IU9+k3jXx67DxFICYf5B67rSLKMjK92rZjZc7+idq02rj6Bzh4PJ6G5REBMCbijv
jhe0T4WYTCGbdtkm4xS0e3jzvHwTQGwkiJvgQ/2QBbtzTv2mc4QS9q/5IiwUd98s
AIPIYiBMTq8ZAfx9AfquphF7xXT/cWaVK/44n+tDTYZIaYD0fOSkXnznIPXb4nst
xoS7H+MzKvNC4uNZDSYUodUmV5KYvgtD4uRJoTY5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc6BdneDCZ6grADzMQjlFbnVOQz8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyNTI2YzNhLTc3YWQtNDY2OS1hZjI3LWYyMTcxZDQ2OGQyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA/9nQwDQYJKoZIhvcNAQELBQADggEBAMqLOHpFMn9R/nIVirZm/UunR0TA
cHrv+cvpde3qs4q3y/j0i/hwa4A6AbIYgaVm5/G/FiXhhqPXDXL3qPMInz4jxNsu
ciBR1hR/7KsUx1JbKDNXd4oTrujHlaRwRuzkj89CPz+W7vEdaI96u/CkjZho9hl+
vSz7p/IMyzEgrphViWxbb5kXsMpma/NdbUeUnvZJpYt43LyR+ucj/dQ39qPUhwaU
F31v3t08LcBSFCpYmk2lox1m1jyXu0t7xZ+3XaIr2pigT2CIFQ7QwXi88qWLf2j1
4Wyh3/Z/1IyjzQ85j7zMOHyUOV2RPG6zDz3eYqgaJjAtGFqRjz+oNzFXo7Y=
-----END CERTIFICATE-----