Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f003f8b3-3437-44b7-a0b7-0988bc303328.roa
File:                     f003f8b3-3437-44b7-a0b7-0988bc303328.roa (raw, json)
Hash identifier:          l818HqltjHBPyZJeyBB2aybEquDGsVPiCHLSt8SI8vM=
Subject key identifier:   A3:1D:DC:E6:7E:AD:E6:2D:51:D3:47:F0:6A:88:FC:67:D5:04:DA:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D5DD12C6DC1F3B692FE4F1151360AA60227902F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f003f8b3-3437-44b7-a0b7-0988bc303328.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.8.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:5d:d1:2c:6d:c1:f3:b6:92:fe:4f:11:51:36:0a:a6:02:27:90:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=b5b346e5269805972bdcbe49cad095a95ededa7228cb19a0d260ce22d1e31679, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:79:fe:d6:74:43:fc:ba:11:65:b0:44:29:f2:
                    f2:d0:f4:02:15:d0:ef:ae:d7:e1:ec:34:78:67:6e:
                    8c:b4:7e:41:a5:aa:d0:d4:23:1b:4e:2c:5a:e4:66:
                    8a:0e:2c:93:bb:80:3e:fc:1e:ed:c7:0d:63:ca:ba:
                    65:a3:e6:26:fc:7a:eb:d0:24:4d:2d:d8:9b:ca:c1:
                    85:87:32:29:d5:c5:5c:ac:2b:87:90:fe:18:1a:b6:
                    7a:0b:e9:33:17:21:19:a5:a2:83:5c:0e:58:de:3c:
                    6e:92:90:bd:97:b4:cc:79:18:28:bb:bc:26:6f:8c:
                    5a:e5:3f:1a:63:a3:2e:87:b7:e7:d5:4b:88:f5:e5:
                    4f:47:f1:d8:e6:a7:14:08:f7:99:45:83:8a:27:9e:
                    93:d9:40:2f:0e:28:a8:15:2f:9a:f4:32:98:f2:1c:
                    44:f7:84:10:0e:da:3c:8e:d9:b9:24:37:05:a2:d9:
                    67:16:67:fe:3e:a4:b2:06:61:7c:75:b7:5b:ad:b3:
                    75:c9:06:cf:8a:a4:c1:92:b3:17:70:c6:cf:24:9b:
                    d5:c1:4c:6d:a4:cc:87:35:0e:63:7f:83:2a:79:71:
                    2a:3f:3c:53:5a:cf:df:f2:70:17:41:8c:34:34:a6:
                    e0:a6:40:5c:28:65:d4:5a:73:e1:fd:d5:63:e6:48:
                    5b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:1D:DC:E6:7E:AD:E6:2D:51:D3:47:F0:6A:88:FC:67:D5:04:DA:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f003f8b3-3437-44b7-a0b7-0988bc303328.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.8.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:6e:f3:1a:59:09:45:a7:1d:ae:98:b7:e2:ca:7a:ba:52:01:
         0d:62:5a:cb:c7:a5:6a:68:97:47:e4:86:5e:60:34:39:99:2c:
         19:58:40:87:2e:20:c7:d9:3a:e5:34:34:72:66:3e:ad:d6:ef:
         af:43:c0:af:6c:37:15:ae:d1:88:bb:74:02:74:59:83:5f:da:
         0b:fc:f0:0b:0c:2b:71:78:b4:9a:fd:ae:a5:a6:46:64:b7:10:
         35:cf:91:20:13:08:69:21:3a:13:f6:26:95:57:1b:87:0b:bd:
         68:c9:06:16:69:bf:37:c2:ed:da:17:44:b6:ef:01:8b:f2:95:
         66:83:4c:3f:25:94:35:91:b9:f1:39:18:39:43:c7:be:4a:e0:
         9c:31:69:1a:e3:fd:f3:90:41:05:73:3d:d3:bc:8e:09:ec:54:
         51:27:39:a5:e9:c4:73:e7:75:60:8d:b8:15:76:c5:7a:4e:95:
         91:ec:02:8c:63:07:78:b8:1a:37:33:41:3e:b6:54:a8:cb:f3:
         b9:9c:e1:7d:0f:ea:6f:29:ee:8b:7e:3a:d0:56:cc:8c:77:d8:
         4e:9d:f2:e2:4a:68:99:f4:f6:71:0c:ff:5e:43:04:27:f6:91:
         dd:4a:80:71:1a:60:eb:6b:01:40:f0:35:e6:3c:b2:32:0f:0a:
         9d:f2:65:cb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfV3RLG3B87aS/k8RUTYKpgInkC8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNWIzNDZlNTI2OTgwNTk3MmJkY2JlNDljYWQwOTVhOTVl
ZGVkYTcyMjhjYjE5YTBkMjYwY2UyMmQxZTMxNjc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6ef7WdEP8uhFlsEQp8vLQ9AIV0O+u1+HsNHhnboy0fkGl
qtDUIxtOLFrkZooOLJO7gD78Hu3HDWPKumWj5ib8euvQJE0t2JvKwYWHMinVxVys
K4eQ/hgatnoL6TMXIRmlooNcDljePG6SkL2XtMx5GCi7vCZvjFrlPxpjoy6Ht+fV
S4j15U9H8djmpxQI95lFg4onnpPZQC8OKKgVL5r0MpjyHET3hBAO2jyO2bkkNwWi
2WcWZ/4+pLIGYXx1t1uts3XJBs+KpMGSsxdwxs8km9XBTG2kzIc1DmN/gyp5cSo/
PFNaz9/ycBdBjDQ0puCmQFwoZdRac+H91WPmSFs7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUox3c5n6t5i1R00fwaoj8Z9UE2oEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YwMDNmOGIzLTM0MzctNDRiNy1hMGI3LTA5ODhiYzMwMzMyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2CDANBgkqhkiG9w0BAQsFAAOCAQEAs27zGlkJRacdrpi34sp6ulIBDWJa
y8elamiXR+SGXmA0OZksGVhAhy4gx9k65TQ0cmY+rdbvr0PAr2w3Fa7RiLt0AnRZ
g1/aC/zwCwwrcXi0mv2upaZGZLcQNc+RIBMIaSE6E/YmlVcbhwu9aMkGFmm/N8Lt
2hdEtu8Bi/KVZoNMPyWUNZG58TkYOUPHvkrgnDFpGuP985BBBXM907yOCexUUSc5
penEc+d1YI24FXbFek6VkewCjGMHeLgaNzNBPrZUqMvzuZzhfQ/qbynui3460FbM
jHfYTp3y4kpomfT2cQz/XkMEJ/aR3UqAcRpg62sBQPA15jyyMg8KnfJlyw==
-----END CERTIFICATE-----