Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2dc74d5-1d66-4789-9e00-6d439865221c.roa
File:                     e2dc74d5-1d66-4789-9e00-6d439865221c.roa (raw, json)
Hash identifier:          K5iAksLtCAR7tk9BmYWWvSOGJZNr0QPNQJp6XYhPi5s=
Subject key identifier:   5B:F8:21:FC:A7:45:39:90:18:C5:75:2E:76:51:20:9D:5E:B9:64:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24A1563FE2A311BAABF5F39938DCE0C4ACDC04FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2dc74d5-1d66-4789-9e00-6d439865221c.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.54.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:a1:56:3f:e2:a3:11:ba:ab:f5:f3:99:38:dc:e0:c4:ac:dc:04:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=3afbd17d8c4dc87960382983d85595a7fa8566ea11c7903089617ec6d6a80505, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9d:7c:2a:d9:19:0a:8a:49:1f:ba:96:35:f7:
                    0a:2c:85:cc:a5:ce:80:a7:a7:c3:05:bd:17:86:3e:
                    2e:16:8e:6e:6b:40:b5:38:01:07:0e:86:11:78:bb:
                    7b:83:50:3e:c4:6f:ce:77:9f:30:a6:74:8e:f7:16:
                    ae:6e:fa:ee:d9:e2:fa:2f:5c:3c:32:46:c9:d6:be:
                    26:46:3b:31:35:d3:24:38:be:5e:44:f4:10:8e:4b:
                    5d:2a:d3:c6:49:ec:30:3b:6f:ba:24:3a:f1:14:7f:
                    a3:28:eb:e9:23:55:27:e0:0d:8b:38:22:12:07:ee:
                    05:49:00:be:70:79:39:08:b3:f6:8e:63:c7:e9:a2:
                    83:33:4e:26:a5:ff:43:e2:18:15:7a:dd:a0:f9:ad:
                    ee:1d:6b:cb:f8:92:42:12:bc:e0:1a:0f:3c:8f:e8:
                    3b:a6:9f:06:a4:e1:05:7d:2f:bd:99:3b:46:63:ee:
                    84:3c:61:be:6c:d4:97:c8:04:ec:66:6e:89:62:b7:
                    37:38:04:e0:bb:20:c5:98:7b:fc:62:6b:8b:a4:f9:
                    5e:bd:25:fc:c1:63:9c:50:e3:c3:25:09:a4:bd:d3:
                    0a:e5:b9:27:18:4e:e8:1d:02:6d:4b:9e:ef:02:c4:
                    e1:00:c8:71:7d:c3:14:cd:f3:61:57:10:7f:c0:7b:
                    52:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F8:21:FC:A7:45:39:90:18:C5:75:2E:76:51:20:9D:5E:B9:64:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2dc74d5-1d66-4789-9e00-6d439865221c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.54.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c1:67:8a:a9:94:57:e6:1e:de:71:d1:1a:61:0a:58:49:72:73:
         57:c3:40:61:b6:e5:be:70:a7:64:2c:c9:48:bc:08:3a:af:fd:
         c5:70:74:3b:9b:32:ae:09:49:52:ee:4e:f1:8a:fd:a6:95:44:
         30:4c:ca:f1:43:d7:79:58:2a:f4:1d:a7:1d:0e:15:6e:9f:32:
         b2:99:60:9a:55:0b:b3:18:02:af:89:63:8b:6b:41:61:1a:7d:
         b0:f7:41:7f:2d:04:45:20:63:8f:85:e3:59:ec:3f:55:5f:ee:
         90:9e:c1:eb:8a:54:ed:6b:c1:23:b0:06:3f:03:4a:51:f7:f1:
         94:a0:4f:aa:6f:f4:fa:1b:75:41:28:01:65:42:3a:76:f0:8a:
         a8:0d:ed:95:3e:1c:6b:8f:c5:5b:21:15:a5:88:2c:ee:20:97:
         6b:59:ba:a1:0c:b7:94:4a:87:72:82:dc:f5:40:9a:2c:58:26:
         96:06:9b:44:4c:30:df:86:8a:03:e3:9b:e0:2f:15:27:cb:41:
         93:bf:6e:0e:af:85:b2:5c:82:76:9f:df:a4:25:f0:b8:60:c5:
         8d:19:c3:17:22:34:f9:22:c3:a3:46:99:13:ac:ea:07:00:a2:
         d1:a8:3e:05:fb:3b:1c:02:2c:2b:1f:56:70:95:06:ec:13:c2:
         54:43:30:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJKFWP+KjEbqr9fOZONzgxKzcBPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYWZiZDE3ZDhjNGRjODc5NjAzODI5ODNkODU1OTVhN2Zh
ODU2NmVhMTFjNzkwMzA4OTYxN2VjNmQ2YTgwNTA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDnXwq2RkKikkfupY19woshcylzoCnp8MFvReGPi4Wjm5r
QLU4AQcOhhF4u3uDUD7Eb853nzCmdI73Fq5u+u7Z4vovXDwyRsnWviZGOzE10yQ4
vl5E9BCOS10q08ZJ7DA7b7okOvEUf6Mo6+kjVSfgDYs4IhIH7gVJAL5weTkIs/aO
Y8fpooMzTial/0PiGBV63aD5re4da8v4kkISvOAaDzyP6Dumnwak4QV9L72ZO0Zj
7oQ8Yb5s1JfIBOxmbolitzc4BOC7IMWYe/xia4uk+V69JfzBY5xQ48MlCaS90wrl
uScYTugdAm1Lnu8CxOEAyHF9wxTN82FXEH/Ae1IDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUW/gh/KdFOZAYxXUudlEgnV65ZH0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyZGM3NGQ1LTFkNjYtNDc4OS05ZTAwLTZkNDM5ODY1MjIxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQNjANBgkqhkiG9w0BAQsFAAOCAQEAwWeKqZRX5h7ecdEaYQpYSXJzV8NA
YbblvnCnZCzJSLwIOq/9xXB0O5syrglJUu5O8Yr9ppVEMEzK8UPXeVgq9B2nHQ4V
bp8ysplgmlULsxgCr4lji2tBYRp9sPdBfy0ERSBjj4XjWew/VV/ukJ7B64pU7WvB
I7AGPwNKUffxlKBPqm/0+ht1QSgBZUI6dvCKqA3tlT4ca4/FWyEVpYgs7iCXa1m6
oQy3lEqHcoLc9UCaLFgmlgabREww34aKA+Ob4C8VJ8tBk79uDq+FslyCdp/fpCXw
uGDFjRnDFyI0+SLDo0aZE6zqBwCi0ag+Bfs7HAIsKx9WcJUG7BPCVEMwKw==
-----END CERTIFICATE-----