Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa
File:                     db7a66bc-8f79-4047-8130-2672617f220a.roa (raw, json)
Hash identifier:          E2XIUF3SzyxjJ+eM84cdqgcManHJn/M0M3rVo5NK/5U=
Subject key identifier:   F5:97:6B:9F:F9:DA:F7:39:13:5D:F7:B5:30:F6:8F:95:03:1A:75:40
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13986CE7B704EE2AE0F5D2CECCC881A09FA70430
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.3.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:98:6c:e7:b7:04:ee:2a:e0:f5:d2:ce:cc:c8:81:a0:9f:a7:04:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=152b9ebca3092a569407a266ca6cf62efa91b878f62a1fdeb06bb243ef9273c1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:98:da:c1:d2:50:56:7b:02:83:29:ca:9a:c8:
                    26:e7:79:54:5a:ed:58:a9:99:ec:5c:b4:a5:65:8e:
                    49:b5:61:78:9d:80:9a:5d:ea:bc:59:91:66:67:49:
                    34:c1:82:0b:59:5d:a0:42:ea:33:a3:31:71:b6:d4:
                    88:d9:d8:a5:02:c4:d2:56:c8:b2:89:9d:82:30:41:
                    a4:7e:87:87:c8:fc:19:92:a1:8a:c8:ff:b2:33:7c:
                    80:d5:ec:f8:11:31:c7:a1:64:9d:72:fb:45:eb:f9:
                    3b:52:6b:ae:f3:ee:71:ea:4c:3c:eb:f0:f4:30:be:
                    eb:b9:a4:77:e5:80:11:4b:b5:5d:80:ce:86:e4:5e:
                    2e:33:23:17:27:e9:ac:5d:c7:9a:6e:8c:e4:cd:ea:
                    a7:68:05:bb:00:8a:6b:71:b6:c4:89:6b:12:97:53:
                    59:81:f9:67:64:54:2f:14:e4:21:b9:8e:af:31:e3:
                    99:d4:3e:ec:51:66:67:7d:13:d7:1e:be:3a:13:22:
                    1b:de:14:44:53:52:b7:00:e2:ce:fe:15:73:8f:fb:
                    c3:64:65:8a:a3:8c:e3:8a:a8:e3:61:1d:93:e3:b5:
                    df:cd:1e:52:d0:f8:0a:80:40:b9:e3:35:02:d5:0c:
                    aa:23:ab:08:b1:84:fd:4f:7e:5e:39:25:49:ac:1c:
                    4e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:97:6B:9F:F9:DA:F7:39:13:5D:F7:B5:30:F6:8F:95:03:1A:75:40
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.3.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d5:93:f3:33:cf:50:81:d7:3d:fe:e4:c2:41:f8:2a:d6:87:13:
         57:b0:8c:94:fb:46:11:65:05:de:20:d0:3d:47:85:2f:59:71:
         67:cc:1a:19:39:7c:75:9e:31:8d:08:45:c4:32:41:9f:c6:4d:
         a9:02:38:28:93:6e:0b:4e:8b:77:cf:8e:4b:f0:c9:6d:4c:ad:
         b6:e9:77:c2:cb:d6:ae:9d:ac:c7:36:7c:ce:24:ec:57:63:18:
         d4:d5:a7:89:f1:6c:5f:05:83:33:15:02:c6:c1:f4:fd:1a:14:
         2d:94:7d:d6:51:92:18:27:bd:e2:7d:6a:ad:4f:40:54:07:f2:
         5d:04:eb:fc:e3:f6:c1:69:f4:93:1d:28:c2:e1:04:1a:72:9f:
         72:0e:7d:6c:16:fe:c7:bb:2d:42:4d:74:b3:cd:56:20:d0:ef:
         f4:7d:24:9e:00:6a:41:63:4f:26:fa:f3:6a:a0:4b:bd:97:a0:
         8b:3e:73:cf:32:21:d0:4e:f5:dd:a2:79:79:c8:45:f9:d1:1c:
         05:c9:0f:64:a7:c4:4b:f5:a4:19:ba:3b:91:22:12:53:4f:3f:
         38:a0:66:c2:e0:47:a8:a2:f7:35:19:91:01:21:05:34:f5:b4:
         2d:14:ff:80:b6:b4:a4:e8:f5:9f:10:9f:b2:41:67:f2:62:a4:
         cf:3e:11:e0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE5hs57cE7irg9dLOzMiBoJ+nBDAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTJiOWViY2EzMDkyYTU2OTQwN2EyNjZjYTZjZjYyZWZh
OTFiODc4ZjYyYTFmZGViMDZiYjI0M2VmOTI3M2MxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSmNrB0lBWewKDKcqayCbneVRa7VipmexctKVljkm1YXid
gJpd6rxZkWZnSTTBggtZXaBC6jOjMXG21IjZ2KUCxNJWyLKJnYIwQaR+h4fI/BmS
oYrI/7IzfIDV7PgRMcehZJ1y+0Xr+TtSa67z7nHqTDzr8PQwvuu5pHflgBFLtV2A
zobkXi4zIxcn6axdx5pujOTN6qdoBbsAimtxtsSJaxKXU1mB+WdkVC8U5CG5jq8x
45nUPuxRZmd9E9cevjoTIhveFERTUrcA4s7+FXOP+8NkZYqjjOOKqONhHZPjtd/N
HlLQ+AqAQLnjNQLVDKojqwixhP1Pfl45JUmsHE7dAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9Zdrn/na9zkTXfe1MPaPlQMadUAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiN2E2NmJjLThmNzktNDA0Ny04MTMwLTI2NzI2MTdmMjIwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQAzANBgkqhkiG9w0BAQsFAAOCAQEA1ZPzM89Qgdc9/uTCQfgq1ocTV7CM
lPtGEWUF3iDQPUeFL1lxZ8waGTl8dZ4xjQhFxDJBn8ZNqQI4KJNuC06Ld8+OS/DJ
bUyttul3wsvWrp2sxzZ8ziTsV2MY1NWnifFsXwWDMxUCxsH0/RoULZR91lGSGCe9
4n1qrU9AVAfyXQTr/OP2wWn0kx0owuEEGnKfcg59bBb+x7stQk10s81WINDv9H0k
ngBqQWNPJvrzaqBLvZegiz5zzzIh0E713aJ5echF+dEcBckPZKfES/WkGbo7kSIS
U08/OKBmwuBHqKL3NRmRASEFNPW0LRT/gLa0pOj1nxCfskFn8mKkzz4R4A==
-----END CERTIFICATE-----