Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef414d28-7d98-4c41-931b-d7958ded262d.roa
File:                     ef414d28-7d98-4c41-931b-d7958ded262d.roa (raw, json)
Hash identifier:          NZJdJhH9wIQ3PJbDsLJuG9GMOGSVv+pvdmPFDxfTDtw=
Subject key identifier:   69:64:46:63:E1:9A:BF:E9:F4:E0:A4:42:07:CD:0F:0E:41:C9:EF:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7166973D87A823771AD53556F8CCBFB336E88635
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef414d28-7d98-4c41-931b-d7958ded262d.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.89.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:66:97:3d:87:a8:23:77:1a:d5:35:56:f8:cc:bf:b3:36:e8:86:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=6c575bc54adc778d2549a73c98aaf0d00c29d1552156ec60a28bf587256bf816, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:21:d5:2a:48:64:54:05:d8:3a:1d:0e:bf:8a:
                    78:9f:e3:c2:c1:f0:37:1a:cb:70:30:ca:99:4d:99:
                    5f:62:42:a7:c0:0b:4a:6f:08:06:ab:cb:ca:d4:8c:
                    05:5a:4e:fe:80:24:79:c3:8e:a7:76:b5:ee:60:5c:
                    fc:83:a0:bb:3f:c6:c1:65:55:39:22:1d:4f:9a:c6:
                    ea:c3:3a:9e:a2:fe:4b:a9:3f:29:4c:f0:a4:13:fe:
                    3f:3b:64:f5:c8:62:a0:24:ca:a2:73:a5:54:0b:c8:
                    87:06:3a:e8:92:c7:e2:70:2d:fd:41:07:bd:e4:bf:
                    68:b8:ce:21:97:d8:75:4b:9e:ff:a2:fd:bd:74:18:
                    d1:f3:e2:ed:8e:2f:12:32:18:f6:9a:f0:46:af:50:
                    89:33:43:04:5b:24:a8:9c:01:92:e3:a9:ba:46:a8:
                    ba:ab:77:4e:77:50:f2:9a:ed:34:a4:7e:f4:6e:c7:
                    d3:a8:5b:91:49:ba:f9:d6:c0:e7:0b:66:14:e0:a2:
                    67:6a:89:05:35:2b:74:3b:02:71:30:b0:cb:7f:17:
                    25:da:11:2e:eb:d3:f2:f7:4c:54:40:c3:3c:fb:20:
                    8f:86:b3:b6:3d:fd:f7:a5:a1:47:c2:19:fa:2c:c8:
                    66:7d:33:fb:c2:22:3f:6f:70:c2:8d:7f:3e:b8:9f:
                    4a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:64:46:63:E1:9A:BF:E9:F4:E0:A4:42:07:CD:0F:0E:41:C9:EF:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef414d28-7d98-4c41-931b-d7958ded262d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:1a:f5:49:b1:d7:24:2e:0d:c6:3b:7e:24:95:cc:cd:8e:3e:
         10:08:85:91:4a:c2:54:42:b5:08:e0:98:fa:63:7a:31:98:98:
         c9:a9:be:ec:66:11:22:0f:78:c4:83:11:93:3f:7a:d5:b9:2c:
         c5:92:8d:c6:ee:6b:bd:d3:3c:a9:f0:ed:57:96:dc:b0:32:d0:
         b8:c1:82:47:e1:ce:c0:ea:09:6b:ff:51:2f:7f:21:2b:26:62:
         b7:9a:3d:90:9c:56:81:73:23:61:c6:4e:76:36:bb:59:85:dc:
         68:cb:16:cd:c6:1b:97:ef:99:82:42:24:32:56:6c:4f:55:ad:
         ac:62:79:9c:86:bf:5a:27:17:44:c4:74:d4:fe:a6:20:61:99:
         d9:c4:9b:59:ef:73:f0:b5:0d:ab:7f:2b:33:47:da:ed:f0:74:
         2b:11:62:30:b2:5e:d2:d8:2d:be:a7:0a:8b:c4:3d:2c:7b:64:
         5d:ec:55:d6:92:51:ce:85:cb:ce:2e:3e:29:50:a9:b7:88:5d:
         ba:60:0c:af:1d:c6:c6:4a:48:77:6d:9a:13:45:00:dc:a4:b1:
         2a:c3:cd:af:7b:61:10:5c:5c:73:51:2d:99:7e:7c:87:be:99:
         cc:46:7b:5f:09:e7:5a:60:fa:0e:92:a9:24:de:9b:d9:fa:a5:
         ce:c7:2c:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcWaXPYeoI3ca1TVW+My/szbohjUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzU3NWJjNTRhZGM3NzhkMjU0OWE3M2M5OGFhZjBkMDBj
MjlkMTU1MjE1NmVjNjBhMjhiZjU4NzI1NmJmODE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/IdUqSGRUBdg6HQ6/inif48LB8Dcay3AwyplNmV9iQqfA
C0pvCAary8rUjAVaTv6AJHnDjqd2te5gXPyDoLs/xsFlVTkiHU+axurDOp6i/kup
PylM8KQT/j87ZPXIYqAkyqJzpVQLyIcGOuiSx+JwLf1BB73kv2i4ziGX2HVLnv+i
/b10GNHz4u2OLxIyGPaa8EavUIkzQwRbJKicAZLjqbpGqLqrd053UPKa7TSkfvRu
x9OoW5FJuvnWwOcLZhTgomdqiQU1K3Q7AnEwsMt/FyXaES7r0/L3TFRAwzz7II+G
s7Y9/feloUfCGfosyGZ9M/vCIj9vcMKNfz64n0rxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUaWRGY+Gav+n04KRCB80PDkHJ760wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmNDE0ZDI4LTdkOTgtNGM0MS05MzFiLWQ3OTU4ZGVkMjYyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5WTANBgkqhkiG9w0BAQsFAAOCAQEAqBr1SbHXJC4Nxjt+JJXMzY4+EAiF
kUrCVEK1COCY+mN6MZiYyam+7GYRIg94xIMRkz961bksxZKNxu5rvdM8qfDtV5bc
sDLQuMGCR+HOwOoJa/9RL38hKyZit5o9kJxWgXMjYcZOdja7WYXcaMsWzcYbl++Z
gkIkMlZsT1WtrGJ5nIa/WicXRMR01P6mIGGZ2cSbWe9z8LUNq38rM0fa7fB0KxFi
MLJe0tgtvqcKi8Q9LHtkXexV1pJRzoXLzi4+KVCpt4hdumAMrx3GxkpId22aE0UA
3KSxKsPNr3thEFxcc1EtmX58h76ZzEZ7XwnnWmD6DpKpJN6b2fqlzscsqQ==
-----END CERTIFICATE-----