Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2417053-332a-4d0f-aecb-16c3b0241ca9.roa
File:                     e2417053-332a-4d0f-aecb-16c3b0241ca9.roa (raw, json)
Hash identifier:          GXvZ+QLGe5C/sJ35OxkW8Ty0nAZOaS4fI3JGPx/2y9w=
Subject key identifier:   1C:69:EA:18:8E:1C:BD:76:99:A9:98:F7:06:EB:E9:99:99:31:E1:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       098C8BDE39EBE584A90CF45BC1D826329A4FA52B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2417053-332a-4d0f-aecb-16c3b0241ca9.roa
Signing time:             Wed 22 Jan 2025 00:00:00 +0000
ROA not before:           Wed 22 Jan 2025 00:00:00 +0000
ROA not after:            Wed 26 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.88.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:8c:8b:de:39:eb:e5:84:a9:0c:f4:5b:c1:d8:26:32:9a:4f:a5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 22 00:00:00 2025 GMT
            Not After : Feb 26 23:59:59 2025 GMT
        Subject: serialNumber=9049b6ecf555dd4a3444225c6daddb412d6adc8b1f8992a0039c9db4aa16a829, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3e:5c:22:22:93:fb:5f:67:d4:af:2e:cc:21:
                    f8:12:b4:78:1a:6d:8b:ba:dd:d8:d9:e2:11:41:c5:
                    4b:d4:aa:99:5f:2b:97:1c:1e:6c:99:68:1b:37:1a:
                    44:ec:76:a4:37:9b:b5:8c:0c:df:fc:81:96:14:27:
                    3a:fd:91:15:e6:63:01:7f:89:fd:39:ae:b3:52:a6:
                    a7:eb:33:a2:24:0c:54:9c:77:46:9d:d1:e1:af:1c:
                    16:5b:68:f3:be:1e:d4:85:bb:fa:c1:11:cd:2d:13:
                    f5:46:a2:75:80:c6:23:b3:58:1d:97:eb:60:f2:ca:
                    ae:75:f5:bc:93:61:d2:ca:be:ef:87:e2:0f:12:16:
                    57:b2:32:a5:84:a4:eb:0c:56:7f:ad:aa:15:02:22:
                    9f:2e:56:74:1f:9d:86:ab:83:aa:c5:be:4f:28:6c:
                    81:51:43:67:32:cb:55:5a:10:4d:c5:57:54:d7:a7:
                    70:57:69:d8:c0:d6:44:23:f1:0e:42:01:25:9b:35:
                    eb:43:de:09:ce:c3:82:4f:71:49:cb:13:8f:23:86:
                    1f:27:3e:b0:c6:0a:f7:11:7c:e6:a3:23:77:03:b7:
                    9c:bb:f9:1d:e0:3b:f4:9b:a9:32:4d:52:7e:54:54:
                    58:d9:57:79:a7:72:eb:59:b5:72:e4:cf:10:96:4f:
                    4b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:69:EA:18:8E:1C:BD:76:99:A9:98:F7:06:EB:E9:99:99:31:E1:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2417053-332a-4d0f-aecb-16c3b0241ca9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         67:4d:96:3d:3b:63:c5:92:bd:62:62:3e:53:d8:5c:2a:e5:4c:
         c2:a3:8d:45:c1:33:ed:57:3a:66:7f:bb:bb:a2:a7:bb:6b:66:
         35:16:50:ea:70:0f:4f:12:46:09:73:3b:39:c4:54:93:f1:d9:
         f2:03:ef:7f:7f:8b:00:bb:2f:4f:d8:90:5f:45:c6:c6:99:99:
         84:a4:8c:14:7e:33:4d:c5:e1:64:46:41:2e:82:fa:05:30:42:
         0f:a1:34:21:35:80:9c:20:17:41:34:71:47:35:df:8d:72:89:
         b4:d5:83:95:07:2a:db:53:d7:fe:9e:76:ab:cf:82:b4:92:9c:
         08:c9:87:5c:1a:23:c7:db:cf:ce:9a:ec:d9:b2:75:d2:4d:02:
         76:a1:7b:55:30:0c:ed:94:48:35:f3:c3:fa:8b:b5:09:32:fa:
         0a:59:99:05:6e:b8:a5:d8:d7:8a:51:21:57:53:9b:e2:53:4e:
         67:81:c6:e9:58:2f:d4:19:90:11:24:f8:6e:fe:cf:a4:aa:ba:
         9b:63:cf:fa:00:dc:55:1e:51:b2:59:df:0f:9b:24:a5:cf:bf:
         95:4b:9a:9c:18:c6:47:3d:43:27:23:8d:91:65:af:d9:63:88:
         20:e6:bb:4d:8d:8b:65:0a:2e:38:d8:81:18:08:35:ed:22:0c:
         a3:0c:b2:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCYyL3jnr5YSpDPRbwdgmMppPpSswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIyMDAwMDAwWhcNMjUwMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDQ5YjZlY2Y1NTVkZDRhMzQ0NDIyNWM2ZGFkZGI0MTJk
NmFkYzhiMWY4OTkyYTAwMzljOWRiNGFhMTZhODI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpPlwiIpP7X2fUry7MIfgStHgabYu63djZ4hFBxUvUqplf
K5ccHmyZaBs3GkTsdqQ3m7WMDN/8gZYUJzr9kRXmYwF/if05rrNSpqfrM6IkDFSc
d0ad0eGvHBZbaPO+HtSFu/rBEc0tE/VGonWAxiOzWB2X62Dyyq519byTYdLKvu+H
4g8SFleyMqWEpOsMVn+tqhUCIp8uVnQfnYarg6rFvk8obIFRQ2cyy1VaEE3FV1TX
p3BXadjA1kQj8Q5CASWbNetD3gnOw4JPcUnLE48jhh8nPrDGCvcRfOajI3cDt5y7
+R3gO/SbqTJNUn5UVFjZV3mncutZtXLkzxCWT0sHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHGnqGI4cvXaZqZj3BuvpmZkx4ZUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyNDE3MDUzLTMzMmEtNGQwZi1hZWNiLTE2YzNiMDI0MWNhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQWDANBgkqhkiG9w0BAQsFAAOCAQEAZ02WPTtjxZK9YmI+U9hcKuVMwqON
RcEz7Vc6Zn+7u6Knu2tmNRZQ6nAPTxJGCXM7OcRUk/HZ8gPvf3+LALsvT9iQX0XG
xpmZhKSMFH4zTcXhZEZBLoL6BTBCD6E0ITWAnCAXQTRxRzXfjXKJtNWDlQcq21PX
/p52q8+CtJKcCMmHXBojx9vPzprs2bJ10k0CdqF7VTAM7ZRINfPD+ou1CTL6ClmZ
BW64pdjXilEhV1Ob4lNOZ4HG6Vgv1BmQEST4bv7PpKq6m2PP+gDcVR5RslnfD5sk
pc+/lUuanBjGRz1DJyONkWWv2WOIIOa7TY2LZQouONiBGAg17SIMowyyYQ==
-----END CERTIFICATE-----