Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec2a25c7-03d3-41ca-9778-621ae3af6930.roa
File:                     ec2a25c7-03d3-41ca-9778-621ae3af6930.roa (raw, json)
Hash identifier:          TN/x+8l8rqym0wjHvPzD/moyP+st1an7dQlvAFoGdDw=
Subject key identifier:   1A:DD:89:88:7A:AF:B6:9E:31:45:B5:E6:FE:42:49:0E:21:F9:40:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       502CAC93684DD04E97625C52F3F5E56E1FD356F9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec2a25c7-03d3-41ca-9778-621ae3af6930.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        162.208.123.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:2c:ac:93:68:4d:d0:4e:97:62:5c:52:f3:f5:e5:6e:1f:d3:56:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=4169be361484edbbff8c8bffe53e7594bd96bfaeb0f1c0738e057683190d2873, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f7:8c:fe:ce:85:6c:fa:1b:00:0f:06:ba:1b:
                    e9:7d:7c:1a:f5:fb:ae:5d:dd:1c:f8:71:d3:c9:2b:
                    6b:c5:f4:bc:11:31:af:1e:80:8a:d1:e7:10:58:29:
                    9e:97:72:d8:30:28:2a:9b:e5:ff:0e:6b:03:e2:72:
                    3e:a9:9b:21:36:93:3c:98:78:c9:26:67:9b:5a:5f:
                    c0:9e:d6:e6:fe:a0:6e:6f:b8:77:c8:59:76:43:0d:
                    12:1b:ac:9c:1b:a1:83:46:0b:8a:c5:fd:c1:05:af:
                    b2:f0:ee:f9:fd:41:55:c8:80:a4:4f:71:81:6c:60:
                    35:f2:79:9f:de:ea:f1:f1:0f:bb:3f:b7:f6:ff:c8:
                    2d:d9:14:cf:39:f7:a7:f3:23:c2:0e:fb:eb:86:5c:
                    03:24:6b:a2:10:2f:84:8b:32:95:39:3e:09:e6:e8:
                    7b:0e:00:f5:65:18:d6:2d:85:f7:d7:54:16:5c:e7:
                    0c:ed:09:de:00:10:5e:62:80:7c:1c:ed:9d:d4:04:
                    68:33:7a:a6:a6:a4:78:80:7c:29:6c:eb:91:58:d6:
                    e5:da:27:35:d2:e2:9c:af:60:0f:c4:ff:0d:b6:09:
                    09:a2:8c:f8:4f:71:37:5c:a4:5e:27:53:2a:54:71:
                    3d:53:07:80:ff:c2:d6:7a:a5:5e:e6:48:8a:99:14:
                    95:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:DD:89:88:7A:AF:B6:9E:31:45:B5:E6:FE:42:49:0E:21:F9:40:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec2a25c7-03d3-41ca-9778-621ae3af6930.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.208.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:f0:90:d9:2c:6f:f5:89:d8:49:25:f7:fa:93:b1:b8:07:98:
         86:43:54:fd:4e:59:9c:56:b9:5f:e6:94:17:75:12:bc:1c:5e:
         75:66:95:d2:76:07:06:5e:36:9e:93:17:74:2d:64:97:0b:71:
         42:3b:ed:80:58:1c:9a:73:13:b6:99:74:9d:a6:89:0c:4a:84:
         48:3b:6e:7b:58:cf:e5:14:6f:7d:73:d4:1c:5a:21:4f:88:ab:
         50:2f:b2:a0:2b:d9:67:29:ef:87:da:38:29:39:cf:4c:a5:ec:
         dc:ac:10:8a:b1:c7:b5:6e:ba:c3:24:d8:92:32:69:ce:07:45:
         7e:a1:9c:6f:67:06:7a:a9:96:db:ce:bb:eb:dd:2d:f1:b5:b6:
         98:24:27:da:87:08:c3:8e:8d:c7:2a:65:ec:31:94:9a:18:be:
         91:58:3e:51:d5:01:b5:0d:51:00:45:61:07:e7:33:7c:54:ad:
         89:91:51:9c:4a:aa:8d:cd:47:65:f4:9f:95:d6:5c:c4:28:21:
         b0:bf:db:a9:2e:5b:58:e5:0e:7e:38:36:f7:05:58:b6:db:b2:
         49:dc:af:39:00:eb:ea:a4:97:9c:89:77:45:6d:7f:94:2e:b8:
         b1:8f:40:a5:c3:1c:fe:a4:6b:8f:5d:f2:a0:d5:f3:be:e6:0e:
         cb:73:07:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUCysk2hN0E6XYlxS8/Xlbh/TVvkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTY5YmUzNjE0ODRlZGJiZmY4YzhiZmZlNTNlNzU5NGJk
OTZiZmFlYjBmMWMwNzM4ZTA1NzY4MzE5MGQyODczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC994z+zoVs+hsADwa6G+l9fBr1+65d3Rz4cdPJK2vF9LwR
Ma8egIrR5xBYKZ6XctgwKCqb5f8OawPicj6pmyE2kzyYeMkmZ5taX8Ce1ub+oG5v
uHfIWXZDDRIbrJwboYNGC4rF/cEFr7Lw7vn9QVXIgKRPcYFsYDXyeZ/e6vHxD7s/
t/b/yC3ZFM8596fzI8IO++uGXAMka6IQL4SLMpU5Pgnm6HsOAPVlGNYthffXVBZc
5wztCd4AEF5igHwc7Z3UBGgzeqampHiAfCls65FY1uXaJzXS4pyvYA/E/w22CQmi
jPhPcTdcpF4nUypUcT1TB4D/wtZ6pV7mSIqZFJXFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGt2JiHqvtp4xRbXm/kJJDiH5QFcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjMmEyNWM3LTAzZDMtNDFjYS05Nzc4LTYyMWFlM2FmNjkzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACi0HswDQYJKoZIhvcNAQELBQADggEBAJfwkNksb/WJ2Ekl9/qTsbgHmIZD
VP1OWZxWuV/mlBd1ErwcXnVmldJ2BwZeNp6TF3QtZJcLcUI77YBYHJpzE7aZdJ2m
iQxKhEg7bntYz+UUb31z1BxaIU+Iq1AvsqAr2Wcp74faOCk5z0yl7NysEIqxx7Vu
usMk2JIyac4HRX6hnG9nBnqpltvOu+vdLfG1tpgkJ9qHCMOOjccqZewxlJoYvpFY
PlHVAbUNUQBFYQfnM3xUrYmRUZxKqo3NR2X0n5XWXMQoIbC/26kuW1jlDn44NvcF
WLbbskncrzkA6+qkl5yJd0Vtf5QuuLGPQKXDHP6ka49d8qDV877mDstzBxY=
-----END CERTIFICATE-----