Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e667b7e1-5dc4-4746-8d88-876fe7eccbc9.roa
File:                     e667b7e1-5dc4-4746-8d88-876fe7eccbc9.roa (raw, json)
Hash identifier:          N5eNOq1Lp1xUgma7nDFMkHC7nlZhFdoiF16qZX+QAB0=
Subject key identifier:   FD:9F:D7:4D:B4:82:70:A5:50:BF:F6:21:D4:EE:65:49:66:A2:5C:E1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       666A972868D9E458A195FD1B55450B78C7BBC534
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e667b7e1-5dc4-4746-8d88-876fe7eccbc9.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        204.126.24.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:6a:97:28:68:d9:e4:58:a1:95:fd:1b:55:45:0b:78:c7:bb:c5:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=5082be85a10855b84d2f4c99b5dfcea88fc9f2ae8e41cd512f9d328cc63aab9a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:72:28:80:43:f7:fb:66:f1:f4:d8:71:c6:
                    c5:b3:62:33:85:d8:a4:4f:a1:20:69:8e:39:fb:73:
                    53:58:5d:2c:ea:de:18:db:5a:27:9b:87:22:41:aa:
                    ca:6d:84:54:51:73:9b:ce:93:ae:cc:f1:3e:be:a0:
                    8a:d6:63:52:7f:d3:84:9f:f1:d9:97:6a:4b:0b:a1:
                    cc:ca:3b:d9:25:62:3e:34:94:ff:4d:5e:27:eb:67:
                    50:6a:7e:2e:c9:8c:27:83:8d:77:65:ad:f7:51:12:
                    d7:e9:92:7b:86:49:e0:ef:ab:63:63:3e:78:81:0a:
                    cb:3a:94:07:33:21:18:3d:87:34:7b:de:51:61:b4:
                    53:79:ae:d5:b1:97:28:ac:49:fa:c0:45:7f:1f:72:
                    de:ca:28:02:64:86:58:e8:d2:af:5a:fd:90:af:af:
                    cd:35:57:b2:47:cb:04:07:dc:13:27:63:52:8c:35:
                    65:8f:49:4f:19:64:6a:3b:0c:12:37:9d:89:09:77:
                    bb:98:60:5c:91:b5:f4:d3:f2:82:b5:52:fa:fb:da:
                    4c:e0:74:55:67:00:8d:cf:3b:5e:45:10:62:25:ad:
                    8a:1f:2a:93:bc:a7:a5:3f:f5:4c:43:f1:94:f7:18:
                    ef:77:a8:1d:aa:51:de:45:54:71:64:1b:63:67:5d:
                    22:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9F:D7:4D:B4:82:70:A5:50:BF:F6:21:D4:EE:65:49:66:A2:5C:E1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e667b7e1-5dc4-4746-8d88-876fe7eccbc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.126.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:85:bd:d1:82:f2:b6:f5:95:7a:25:44:10:ce:bc:42:06:06:
         5c:59:c3:56:12:6a:c2:07:80:72:47:dc:74:56:eb:1d:c8:9c:
         bd:d7:7f:8f:a6:6e:73:f3:56:c6:e0:2e:bc:b9:28:63:e4:83:
         6a:27:b4:35:e5:5d:56:f5:bb:09:cb:41:c7:23:7a:cb:cd:c5:
         7e:48:eb:bd:cf:0f:97:e9:b8:ce:e8:99:d7:69:84:71:3d:1c:
         ab:1e:12:a1:62:6f:4c:2b:2b:d5:59:b3:25:e4:06:6c:5d:3d:
         56:d3:71:5f:1d:8a:46:66:54:c4:0a:25:8f:17:ba:60:35:c2:
         39:e0:98:90:9f:ee:23:4f:16:09:8f:7b:be:19:53:84:ab:a0:
         e3:db:57:c5:40:a6:20:fc:be:4c:74:df:96:f6:77:0e:fe:ae:
         8f:65:15:11:fd:5b:07:4c:d6:38:eb:8f:ec:12:f1:6e:9a:b1:
         84:05:08:54:e2:8b:b4:32:a7:c8:8c:ea:76:fa:a2:2d:08:ce:
         4f:d8:bb:08:14:2f:ea:a6:96:f3:d3:0a:68:3f:d9:61:76:d6:
         6a:ee:0b:10:81:8a:06:63:86:df:8b:09:08:26:3d:5e:f0:ee:
         ca:da:eb:cd:99:fd:50:d2:54:e4:c7:0e:20:7a:f2:a5:54:30:
         ca:b1:07:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZmqXKGjZ5Fihlf0bVUULeMe7xTQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDgyYmU4NWExMDg1NWI4NGQyZjRjOTliNWRmY2VhODhm
YzlmMmFlOGU0MWNkNTEyZjlkMzI4Y2M2M2FhYjlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsBXIogEP3+2bx9NhxxsWzYjOF2KRPoSBpjjn7c1NYXSzq
3hjbWiebhyJBqspthFRRc5vOk67M8T6+oIrWY1J/04Sf8dmXaksLoczKO9klYj40
lP9NXifrZ1Bqfi7JjCeDjXdlrfdREtfpknuGSeDvq2NjPniBCss6lAczIRg9hzR7
3lFhtFN5rtWxlyisSfrARX8fct7KKAJkhljo0q9a/ZCvr801V7JHywQH3BMnY1KM
NWWPSU8ZZGo7DBI3nYkJd7uYYFyRtfTT8oK1Uvr72kzgdFVnAI3PO15FEGIlrYof
KpO8p6U/9UxD8ZT3GO93qB2qUd5FVHFkG2NnXSKFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/Z/XTbSCcKVQv/Yh1O5lSWaiXOEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U2NjdiN2UxLTVkYzQtNDc0Ni04ZDg4LTg3NmZlN2VjY2JjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADMfhgwDQYJKoZIhvcNAQELBQADggEBAJqFvdGC8rb1lXolRBDOvEIGBlxZ
w1YSasIHgHJH3HRW6x3InL3Xf4+mbnPzVsbgLry5KGPkg2ontDXlXVb1uwnLQccj
esvNxX5I673PD5fpuM7omddphHE9HKseEqFib0wrK9VZsyXkBmxdPVbTcV8dikZm
VMQKJY8XumA1wjngmJCf7iNPFgmPe74ZU4SroOPbV8VApiD8vkx035b2dw7+ro9l
FRH9WwdM1jjrj+wS8W6asYQFCFTii7Qyp8iM6nb6oi0Izk/YuwgUL+qmlvPTCmg/
2WF21mruCxCBigZjht+LCQgmPV7w7sra682Z/VDSVOTHDiB68qVUMMqxB+g=
-----END CERTIFICATE-----