Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9c65ad6-72a2-4464-8c5f-50a3e14f1c34.roa
File:                     d9c65ad6-72a2-4464-8c5f-50a3e14f1c34.roa (raw, json)
Hash identifier:          RnfyB9aVUz8rUKFRJIEkWvB7YJsaAmlkp5CGV6JwHiM=
Subject key identifier:   79:9F:4F:46:22:D7:13:65:C7:F9:12:2D:CA:0D:8A:82:B9:C8:DF:D5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1050CA5BF24A6848D1E8B775ACFD50D2963169DC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9c65ad6-72a2-4464-8c5f-50a3e14f1c34.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.148.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:50:ca:5b:f2:4a:68:48:d1:e8:b7:75:ac:fd:50:d2:96:31:69:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=53775a399019c8469298d52ff8a5471b4cb6050e6b7b44f30af2dc16fa45dc89, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d1:f6:28:9e:d2:50:c1:c9:d5:69:7b:64:f3:
                    6a:9e:20:fd:70:e8:13:c6:9c:80:80:15:fb:c5:5c:
                    62:a3:cb:5d:e4:f2:b8:60:1d:02:08:6e:ee:9c:e6:
                    46:b2:0b:95:b7:b2:8f:fb:a2:ab:88:77:ec:9c:f9:
                    dc:49:97:27:39:4f:32:8f:81:54:d0:48:47:17:dd:
                    98:d1:d0:75:d1:22:c0:9a:b0:f1:e8:57:ee:43:c2:
                    9b:92:fa:59:86:47:fb:c6:50:75:03:5d:9c:44:36:
                    24:30:77:37:42:ce:48:b9:9b:29:fd:d8:3c:3e:b5:
                    fd:5a:ab:a5:72:b9:bc:36:8a:1a:8f:cb:13:d0:52:
                    75:6b:17:a0:f8:c7:cb:a3:da:fe:39:fd:3f:0e:2f:
                    01:08:c3:13:8a:73:35:1f:d3:25:72:74:bd:6c:bf:
                    53:12:76:9e:53:b2:6f:01:3c:d1:86:c2:f6:1f:c2:
                    b3:38:e9:9c:1f:a5:7e:92:2c:67:32:6c:51:35:89:
                    5c:91:56:c4:b2:ce:e7:48:07:d4:ba:e5:77:60:84:
                    4f:05:45:8b:06:01:c9:7e:b9:64:76:62:f0:ad:33:
                    86:cb:9c:31:82:a4:cd:98:39:d2:e0:41:65:30:90:
                    87:4a:01:0d:6e:d6:d2:e9:9d:e7:08:2f:60:ed:c0:
                    97:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9F:4F:46:22:D7:13:65:C7:F9:12:2D:CA:0D:8A:82:B9:C8:DF:D5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9c65ad6-72a2-4464-8c5f-50a3e14f1c34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.148.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:9f:26:f8:e9:39:52:ad:45:d3:c5:b7:b7:6c:a3:69:b6:ef:
         fe:5a:48:f0:e1:4b:6b:ca:0d:22:80:36:ca:50:9d:ae:cf:4a:
         7f:20:60:6c:5e:5c:e3:b0:96:9b:ee:5f:d0:29:de:e6:03:cf:
         74:a2:a4:13:80:ea:36:e2:c6:4d:40:0f:6f:b6:46:96:bc:d6:
         b1:03:40:87:ec:c0:9d:7d:8f:21:fa:ee:ab:0a:21:ba:3e:7e:
         1c:6a:f2:53:ed:40:a3:1a:7a:d3:dd:34:8a:f7:4e:e5:9d:e4:
         51:d2:77:97:8e:5a:e1:bb:5f:7f:f5:44:34:7a:fc:a0:69:61:
         9c:44:05:a3:1b:2a:a4:0c:74:a2:5d:e7:06:4e:a9:79:65:52:
         8a:eb:0a:ee:c5:d0:bb:e2:aa:da:96:1d:33:56:21:2f:b7:cd:
         76:fe:6b:aa:c8:25:2f:c2:58:81:31:ec:e8:af:e3:52:01:ca:
         3e:66:a2:10:cb:40:80:72:83:48:7f:86:12:9b:2e:8c:98:b4:
         cf:72:43:ce:bc:dd:5b:2a:23:8e:e9:8c:02:66:47:8e:2d:e9:
         0b:3a:98:cf:e6:5b:a0:5b:18:a7:1a:e0:af:bd:24:07:97:dd:
         31:00:41:09:7c:5d:6e:b5:61:c4:1e:75:bb:b9:28:6e:67:fc:
         10:7f:f6:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEFDKW/JKaEjR6Ld1rP1Q0pYxadwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Mzc3NWEzOTkwMTljODQ2OTI5OGQ1MmZmOGE1NDcxYjRj
YjYwNTBlNmI3YjQ0ZjMwYWYyZGMxNmZhNDVkYzg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD0fYontJQwcnVaXtk82qeIP1w6BPGnICAFfvFXGKjy13k
8rhgHQIIbu6c5kayC5W3so/7oquId+yc+dxJlyc5TzKPgVTQSEcX3ZjR0HXRIsCa
sPHoV+5DwpuS+lmGR/vGUHUDXZxENiQwdzdCzki5myn92Dw+tf1aq6Vyubw2ihqP
yxPQUnVrF6D4x8uj2v45/T8OLwEIwxOKczUf0yVydL1sv1MSdp5Tsm8BPNGGwvYf
wrM46ZwfpX6SLGcybFE1iVyRVsSyzudIB9S65XdghE8FRYsGAcl+uWR2YvCtM4bL
nDGCpM2YOdLgQWUwkIdKAQ1u1tLpnecIL2DtwJftAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeZ9PRiLXE2XH+RItyg2KgrnI39UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5YzY1YWQ2LTcyYTItNDQ2NC04YzVmLTUwYTNlMTRmMWMzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQlDANBgkqhkiG9w0BAQsFAAOCAQEADp8m+Ok5Uq1F08W3t2yjabbv/lpI
8OFLa8oNIoA2ylCdrs9KfyBgbF5c47CWm+5f0Cne5gPPdKKkE4DqNuLGTUAPb7ZG
lrzWsQNAh+zAnX2PIfruqwohuj5+HGryU+1Aoxp60900ivdO5Z3kUdJ3l45a4btf
f/VENHr8oGlhnEQFoxsqpAx0ol3nBk6peWVSiusK7sXQu+Kq2pYdM1YhL7fNdv5r
qsglL8JYgTHs6K/jUgHKPmaiEMtAgHKDSH+GEpsujJi0z3JDzrzdWyojjumMAmZH
ji3pCzqYz+ZboFsYpxrgr70kB5fdMQBBCXxdbrVhxB51u7kobmf8EH/2Lw==
-----END CERTIFICATE-----