Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f29adbc5-b5cd-46c1-8740-37db8845b968.roa
File:                     f29adbc5-b5cd-46c1-8740-37db8845b968.roa (raw, json)
Hash identifier:          1xSkVArQy4rkx6FoflugoXZ4ZXKHLKCxLyJcWhMFUF0=
Subject key identifier:   AF:4A:F7:83:DF:B4:73:55:39:5A:90:AC:7B:B3:3B:72:33:14:7F:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09DFACD5016CE6F47549BADBEAA04AE30191162E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f29adbc5-b5cd-46c1-8740-37db8845b968.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        67.220.240.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:df:ac:d5:01:6c:e6:f4:75:49:ba:db:ea:a0:4a:e3:01:91:16:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=886af653b6e1bba6c0a44fb53981824a398a752f681a79e22dd2c4e4b8502b13, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a4:1e:7b:26:3a:c4:9e:71:7e:1c:bc:33:e6:
                    12:c1:8a:a5:af:37:b8:b1:87:d3:7a:22:1e:66:e7:
                    eb:96:17:dd:80:a4:a6:68:0b:dc:68:03:70:f4:c9:
                    29:1e:0a:61:97:d2:7a:f2:fe:05:85:a0:c0:b4:4d:
                    23:1b:f2:5d:4d:c4:fc:c2:4d:b3:08:c2:ed:2c:3a:
                    93:b7:4d:0c:ff:6d:2b:e6:e4:9f:38:4a:f7:25:91:
                    f2:28:6d:3a:7c:a9:d6:a8:7b:b2:3d:87:d2:e1:bd:
                    c6:1c:75:9f:45:41:fc:b9:8e:49:a3:d5:81:9c:44:
                    3e:00:84:fd:03:a0:5f:82:36:57:2f:af:51:5a:41:
                    7c:6c:80:93:ec:ad:fa:b7:7d:5a:50:56:3a:84:35:
                    87:0b:a4:eb:58:89:fd:c2:f5:18:f2:ca:d8:be:0f:
                    40:5b:2c:59:6a:ba:45:33:47:3f:5e:55:03:c0:6c:
                    22:b2:d5:8d:cf:8b:94:36:48:47:0a:22:22:23:4c:
                    4a:47:78:d5:0e:ec:61:69:8f:a4:74:88:33:c2:2a:
                    56:46:c1:18:a5:0e:60:a0:c6:d8:21:14:42:1f:a0:
                    38:69:ce:36:5c:30:51:ce:3c:f5:58:2e:a0:e6:10:
                    f5:fb:ce:22:89:1b:a5:af:46:b6:59:34:67:7b:2f:
                    b3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4A:F7:83:DF:B4:73:55:39:5A:90:AC:7B:B3:3B:72:33:14:7F:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f29adbc5-b5cd-46c1-8740-37db8845b968.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.220.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         bd:b3:5c:3d:ed:f6:c0:90:a4:2a:91:99:01:f9:14:30:10:b4:
         69:de:5c:11:bc:af:3e:34:aa:61:4e:e0:c9:13:31:4f:d6:af:
         55:7a:ef:59:4e:f6:04:fe:86:19:c5:c6:f9:ba:73:90:2c:a0:
         55:c8:a4:06:a3:e1:2a:79:3b:00:81:3b:f0:59:87:97:8d:10:
         e3:58:19:03:18:5e:5c:a4:a3:69:6e:71:33:d2:84:cf:05:e3:
         da:e4:30:c1:f7:bd:60:24:e3:fb:6c:c8:bc:46:db:91:cf:3e:
         0a:a4:1d:0b:46:7a:1e:45:4c:3a:12:de:0b:96:93:38:bb:ca:
         03:98:5c:de:1f:00:fc:09:ee:e8:c6:7b:e8:78:0c:5d:4a:65:
         40:b4:35:b3:c0:59:42:92:1c:9e:d0:ae:12:32:54:26:53:6e:
         22:cb:6e:98:9c:ad:5e:f0:86:e5:05:1e:88:02:cb:45:49:51:
         3e:63:86:23:ea:5e:35:07:6a:7d:1d:85:a8:89:2b:b9:bd:36:
         10:17:5f:c6:b7:6c:2c:6c:ad:20:2d:ff:a2:8c:9e:9c:05:78:
         c3:a1:8b:54:7a:fe:c6:9d:f8:9f:65:e4:a7:76:9e:85:d0:b3:
         c7:f7:91:81:42:f4:85:da:e1:d6:98:47:8e:9f:7c:ba:b5:6c:
         b4:c7:7b:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCd+s1QFs5vR1Sbrb6qBK4wGRFi4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODZhZjY1M2I2ZTFiYmE2YzBhNDRmYjUzOTgxODI0YTM5
OGE3NTJmNjgxYTc5ZTIyZGQyYzRlNGI4NTAyYjEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMpB57JjrEnnF+HLwz5hLBiqWvN7ixh9N6Ih5m5+uWF92A
pKZoC9xoA3D0ySkeCmGX0nry/gWFoMC0TSMb8l1NxPzCTbMIwu0sOpO3TQz/bSvm
5J84SvclkfIobTp8qdaoe7I9h9LhvcYcdZ9FQfy5jkmj1YGcRD4AhP0DoF+CNlcv
r1FaQXxsgJPsrfq3fVpQVjqENYcLpOtYif3C9Rjyyti+D0BbLFlqukUzRz9eVQPA
bCKy1Y3Pi5Q2SEcKIiIjTEpHeNUO7GFpj6R0iDPCKlZGwRilDmCgxtghFEIfoDhp
zjZcMFHOPPVYLqDmEPX7ziKJG6WvRrZZNGd7L7P5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr0r3g9+0c1U5WpCse7M7cjMUf18wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyOWFkYmM1LWI1Y2QtNDZjMS04NzQwLTM3ZGI4ODQ1Yjk2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARD3PAwDQYJKoZIhvcNAQELBQADggEBAL2zXD3t9sCQpCqRmQH5FDAQtGne
XBG8rz40qmFO4MkTMU/Wr1V671lO9gT+hhnFxvm6c5AsoFXIpAaj4Sp5OwCBO/BZ
h5eNEONYGQMYXlyko2lucTPShM8F49rkMMH3vWAk4/tsyLxG25HPPgqkHQtGeh5F
TDoS3guWkzi7ygOYXN4fAPwJ7ujGe+h4DF1KZUC0NbPAWUKSHJ7QrhIyVCZTbiLL
bpicrV7whuUFHogCy0VJUT5jhiPqXjUHan0dhaiJK7m9NhAXX8a3bCxsrSAt/6KM
npwFeMOhi1R6/sad+J9l5Kd2noXQs8f3kYFC9IXa4daYR46ffLq1bLTHe48=
-----END CERTIFICATE-----