Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d687e7a1-6ed2-4234-955c-5cf33207f3d4.roa
File:                     d687e7a1-6ed2-4234-955c-5cf33207f3d4.roa (raw, json)
Hash identifier:          cXqKuSkYDJstu7+9EoDeRk0Q8UNdlolrSlNogpjIU7c=
Subject key identifier:   27:98:85:CD:92:96:17:13:0E:B8:A7:CC:0B:27:81:5C:0C:3F:85:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45056F58AC11DF489D9BF4EC7CAF60A11882849F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d687e7a1-6ed2-4234-955c-5cf33207f3d4.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        147.205.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:05:6f:58:ac:11:df:48:9d:9b:f4:ec:7c:af:60:a1:18:82:84:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=73cc9ed0ec8307ae3b7a7002c81756ced9e96237fd4a67e365eb34ce1a8995fe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d5:d8:e8:56:01:ca:81:1a:e1:32:90:f4:87:
                    0b:15:83:21:a6:bd:76:1f:95:9f:57:72:1c:c8:77:
                    17:9b:42:f8:f1:73:4d:cf:b0:d0:5f:f1:b7:a2:57:
                    90:b3:78:ff:52:16:79:bf:8d:e5:3f:a0:53:32:1a:
                    be:8e:dd:51:3d:ef:04:c8:14:bd:ff:5f:16:d4:d5:
                    d1:0c:ea:0e:2e:6e:c3:f5:08:44:20:fb:06:b6:c1:
                    4e:c9:37:13:b1:1c:f2:1c:6a:ae:25:cd:31:aa:4f:
                    c0:35:73:5e:5a:5a:12:ac:73:12:52:5a:16:23:c2:
                    73:a6:77:c8:61:9a:a3:8d:2c:94:cd:69:96:41:de:
                    7d:94:96:d5:34:7e:b7:14:f8:2c:00:d6:87:88:82:
                    56:e2:87:f8:06:bc:9c:7b:31:69:57:9e:c3:15:19:
                    7d:17:a1:13:e5:fa:c0:91:6e:ff:86:81:3a:c4:dd:
                    d7:db:42:ca:01:35:f7:40:4a:6b:9d:18:bc:2b:4f:
                    35:c1:b1:be:8d:a6:37:c2:58:f3:d7:f6:71:c2:3a:
                    9f:b7:fc:1b:58:93:90:59:44:a3:5f:61:56:b5:e5:
                    ac:59:69:4d:d1:05:b2:81:c2:cc:25:e3:1c:c3:ac:
                    0a:c5:cd:4f:46:b6:e6:b9:b3:0c:c0:3b:f5:c8:0d:
                    fa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:98:85:CD:92:96:17:13:0E:B8:A7:CC:0B:27:81:5C:0C:3F:85:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d687e7a1-6ed2-4234-955c-5cf33207f3d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.205.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:6e:00:4e:d0:45:dc:b6:dc:29:be:e9:99:26:fe:d6:74:0e:
         21:41:f0:84:f6:07:e9:98:f7:4e:d9:47:4b:df:56:62:69:b8:
         c1:2b:ca:9d:ef:c8:3c:99:25:38:23:8c:73:2f:77:0f:f4:00:
         b6:8e:94:a6:a3:9e:5c:6c:86:90:d6:e5:76:20:b6:88:05:ed:
         f0:5a:44:7e:44:f8:22:76:8f:c1:e3:84:3d:70:2b:b2:65:4e:
         88:68:f5:5a:8d:45:99:1c:04:6a:35:b9:6a:1a:0a:d6:ea:33:
         c8:1f:7e:62:b8:96:43:06:a6:a9:04:d5:16:54:6b:b8:b5:b2:
         df:d7:03:d3:2a:0d:ac:fd:7c:cf:9e:13:24:66:39:69:2d:6d:
         a6:09:a6:12:d4:8b:1c:83:a8:80:2f:07:8f:11:c6:35:d9:2f:
         92:22:23:a5:c0:08:b7:e0:b1:52:3a:a5:1e:47:cc:91:f4:23:
         d5:fa:5a:d0:79:d5:f3:df:c3:96:1a:0f:35:30:d5:17:66:91:
         ba:78:63:a0:83:0c:de:26:6b:e2:30:1c:7c:09:e4:49:ca:cd:
         ff:3f:04:40:48:bd:e5:1a:7b:28:68:74:9c:38:80:74:b6:87:
         8a:5a:fd:a5:38:e8:d5:d7:20:e1:3d:0b:b2:70:75:b5:c6:24:
         13:a9:af:33
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURQVvWKwR30idm/TsfK9goRiChJ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2NjOWVkMGVjODMwN2FlM2I3YTcwMDJjODE3NTZjZWQ5
ZTk2MjM3ZmQ0YTY3ZTM2NWViMzRjZTFhODk5NWZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDr1djoVgHKgRrhMpD0hwsVgyGmvXYflZ9XchzIdxebQvjx
c03PsNBf8beiV5CzeP9SFnm/jeU/oFMyGr6O3VE97wTIFL3/XxbU1dEM6g4ubsP1
CEQg+wa2wU7JNxOxHPIcaq4lzTGqT8A1c15aWhKscxJSWhYjwnOmd8hhmqONLJTN
aZZB3n2UltU0frcU+CwA1oeIglbih/gGvJx7MWlXnsMVGX0XoRPl+sCRbv+GgTrE
3dfbQsoBNfdASmudGLwrTzXBsb6NpjfCWPPX9nHCOp+3/BtYk5BZRKNfYVa15axZ
aU3RBbKBwswl4xzDrArFzU9Gtua5swzAO/XIDfp7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJ5iFzZKWFxMOuKfMCyeBXAw/hX0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2ODdlN2ExLTZlZDItNDIzNC05NTVjLTVjZjMzMjA3ZjNkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCTzTANBgkqhkiG9w0BAQsFAAOCAQEAWm4ATtBF3LbcKb7pmSb+1nQOIUHw
hPYH6Zj3TtlHS99WYmm4wSvKne/IPJklOCOMcy93D/QAto6UpqOeXGyGkNbldiC2
iAXt8FpEfkT4InaPweOEPXArsmVOiGj1Wo1FmRwEajW5ahoK1uozyB9+YriWQwam
qQTVFlRruLWy39cD0yoNrP18z54TJGY5aS1tpgmmEtSLHIOogC8HjxHGNdkvkiIj
pcAIt+CxUjqlHkfMkfQj1fpa0HnV89/DlhoPNTDVF2aRunhjoIMM3iZr4jAcfAnk
ScrN/z8EQEi95Rp7KGh0nDiAdLaHilr9pTjo1dcg4T0LsnB1tcYkE6mvMw==
-----END CERTIFICATE-----