Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e261c24b-13a0-4019-b3b3-0562e86aea2f.roa
File:                     e261c24b-13a0-4019-b3b3-0562e86aea2f.roa (raw, json)
Hash identifier:          PHJ5AcLNmqFXLoq3N8qSsl+N9TlvHFaz3UX5cOFHcp4=
Subject key identifier:   26:F9:42:E3:86:56:96:72:EF:37:D9:23:AC:A1:DD:B6:42:8E:08:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       284B57D3C4FB918BF874CAB228407E9745F903C3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e261c24b-13a0-4019-b3b3-0562e86aea2f.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        68.223.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:4b:57:d3:c4:fb:91:8b:f8:74:ca:b2:28:40:7e:97:45:f9:03:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=d5aa50686c85a3eb3a386432a9f6735f4c6fbb760550fa6806b2096b894933c3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:f5:6d:10:57:5b:64:e2:2f:79:3f:21:fb:ee:
                    d0:e7:87:21:eb:15:6b:6b:6f:7c:02:85:a2:7f:e7:
                    28:82:57:fb:3c:dc:98:55:87:6d:ef:84:e4:88:39:
                    a9:eb:c9:ac:99:0d:5c:f5:d1:68:4d:af:a5:c7:af:
                    5c:93:0e:17:97:17:26:e4:f4:30:ff:7e:2d:51:24:
                    e5:d0:dc:a2:12:a3:62:7b:5c:78:1c:3e:b8:c3:5d:
                    d6:f6:1c:15:66:a0:30:c7:0d:c0:31:4f:dd:4f:0e:
                    c1:fc:e8:3f:9c:97:eb:53:ee:65:d6:f7:08:7b:f1:
                    63:0e:56:29:c2:59:30:72:cc:e3:09:b7:9b:36:0e:
                    cc:9a:e4:d6:83:78:4a:fa:df:9e:d2:fe:7f:ac:75:
                    af:6a:30:4d:9a:56:63:64:17:d2:06:71:5e:27:4c:
                    f7:3c:5d:c8:61:a7:c0:46:db:88:32:57:20:a4:17:
                    4c:47:f8:1b:5a:a5:ac:bd:0f:41:4e:7a:82:96:48:
                    4e:c7:26:a2:46:1d:b2:d9:9d:f4:30:a4:0e:3e:ea:
                    0f:45:b4:94:39:44:af:3e:a4:c2:77:d4:1a:29:c2:
                    af:75:0d:e5:0b:4a:d4:22:c2:86:3b:3f:1d:d8:78:
                    28:37:4f:16:48:63:07:10:19:82:97:47:26:43:15:
                    03:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:F9:42:E3:86:56:96:72:EF:37:D9:23:AC:A1:DD:B6:42:8E:08:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e261c24b-13a0-4019-b3b3-0562e86aea2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.223.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         16:39:18:fc:7f:58:40:65:fb:b8:34:c1:dd:ef:76:17:f8:74:
         1a:54:c8:b6:8c:25:fa:c9:d0:0e:c3:a7:5f:42:bf:a8:b2:84:
         a0:96:d9:e7:3d:d5:5a:87:68:40:60:65:16:77:4d:28:1d:1a:
         8b:d0:06:b0:61:fd:7d:5c:fb:e2:a4:a5:bd:49:4b:b1:7f:64:
         09:c0:27:ae:c1:79:a8:ad:89:a6:bb:49:18:b2:f0:f2:ef:ae:
         56:10:4a:8e:0a:91:93:24:14:3e:be:04:8d:8a:59:6e:c9:90:
         5f:2c:fc:4b:f6:02:a2:5c:55:3c:ef:8c:de:07:97:07:0d:62:
         60:14:80:22:75:77:20:01:c2:07:40:b9:b8:a3:bb:c9:ee:84:
         99:15:46:69:a5:32:76:50:d2:07:33:97:26:24:83:50:d3:fe:
         ef:00:a0:1c:6b:7c:4f:2d:88:39:f8:b0:e0:dd:1c:42:86:75:
         7a:4e:d0:e6:8c:4d:da:c5:ea:e2:76:d0:7b:bc:21:7f:a8:fb:
         12:cb:3a:71:0f:7a:d0:20:8f:f1:d7:6a:37:24:82:18:8a:73:
         32:ef:62:e6:48:24:be:68:26:d1:ac:c6:e5:eb:3c:39:1f:dd:
         8e:c6:00:fd:f9:31:74:b8:f0:e9:61:85:b5:12:3a:93:92:da:
         ba:07:f4:40
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKEtX08T7kYv4dMqyKEB+l0X5A8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWFhNTA2ODZjODVhM2ViM2EzODY0MzJhOWY2NzM1ZjRj
NmZiYjc2MDU1MGZhNjgwNmIyMDk2Yjg5NDkzM2MzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDy9W0QV1tk4i95PyH77tDnhyHrFWtrb3wChaJ/5yiCV/s8
3JhVh23vhOSIOanryayZDVz10WhNr6XHr1yTDheXFybk9DD/fi1RJOXQ3KISo2J7
XHgcPrjDXdb2HBVmoDDHDcAxT91PDsH86D+cl+tT7mXW9wh78WMOVinCWTByzOMJ
t5s2Dsya5NaDeEr6357S/n+sda9qME2aVmNkF9IGcV4nTPc8Xchhp8BG24gyVyCk
F0xH+Btapay9D0FOeoKWSE7HJqJGHbLZnfQwpA4+6g9FtJQ5RK8+pMJ31Bopwq91
DeULStQiwoY7Px3YeCg3TxZIYwcQGYKXRyZDFQMNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJvlC44ZWlnLvN9kjrKHdtkKOCJcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyNjFjMjRiLTEzYTAtNDAxOS1iM2IzLTA1NjJlODZhZWEyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBE3zANBgkqhkiG9w0BAQsFAAOCAQEAFjkY/H9YQGX7uDTB3e92F/h0GlTI
towl+snQDsOnX0K/qLKEoJbZ5z3VWodoQGBlFndNKB0ai9AGsGH9fVz74qSlvUlL
sX9kCcAnrsF5qK2JprtJGLLw8u+uVhBKjgqRkyQUPr4EjYpZbsmQXyz8S/YColxV
PO+M3geXBw1iYBSAInV3IAHCB0C5uKO7ye6EmRVGaaUydlDSBzOXJiSDUNP+7wCg
HGt8Ty2IOfiw4N0cQoZ1ek7Q5oxN2sXq4nbQe7whf6j7Ess6cQ960CCP8ddqNySC
GIpzMu9i5kgkvmgm0azG5es8OR/djsYA/fkxdLjw6WGFtRI6k5Laugf0QA==
-----END CERTIFICATE-----