Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c1564a-03d7-493a-959b-6e79233e689b.roa
File:                     f2c1564a-03d7-493a-959b-6e79233e689b.roa (raw, json)
Hash identifier:          8z4rcxYJFcahuZk+rjip6WRrwee3Nv7dWwAC2ZSF0Yg=
Subject key identifier:   DA:2A:E3:4D:3B:E7:4F:E4:E3:DF:49:1F:B8:0A:69:C6:CE:6A:BA:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4582931FBC6DC8E2260093810AEA9D961E0DCECB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c1564a-03d7-493a-959b-6e79233e689b.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.72.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:82:93:1f:bc:6d:c8:e2:26:00:93:81:0a:ea:9d:96:1e:0d:ce:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=4129f8ad572b050b15310b88d26a4f350af8716bfde4bc0a534dfde7b8ca22a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c0:d8:c5:8b:af:1e:92:5e:83:7f:b4:f2:8e:
                    1a:86:3b:88:2b:57:61:a2:6b:11:1c:3c:5d:3a:80:
                    79:27:d6:75:fc:58:1a:a4:c8:43:16:fb:76:4f:d4:
                    4b:86:3b:03:70:96:03:6e:4e:3d:34:cb:5a:23:a6:
                    d1:05:6f:4a:c6:4f:46:f3:0d:53:c0:26:c5:c4:bf:
                    f2:20:90:6c:53:50:49:68:30:f4:85:2d:09:e6:54:
                    4e:70:c3:bb:7a:31:cd:c9:be:43:e4:ca:a9:a6:3c:
                    47:45:2a:49:cd:44:4c:81:a6:7c:72:c8:91:d5:ab:
                    10:ac:a8:d2:89:d7:c9:47:54:24:75:97:f3:9e:94:
                    d7:b0:a8:15:a3:08:25:e5:1a:3f:30:95:eb:48:11:
                    ad:14:8c:c2:94:34:d2:d8:19:42:6d:a3:c9:ed:80:
                    88:c2:b3:d2:a9:f9:5d:b3:ac:d3:25:9a:6c:ea:d7:
                    fa:62:68:37:15:ee:a1:ba:37:f4:ec:58:1b:83:de:
                    22:3e:c5:90:d5:ca:56:d0:70:b4:4b:31:b9:63:90:
                    75:aa:d5:08:0e:c8:77:16:d6:89:62:83:bd:c2:4d:
                    48:0e:fa:0c:c3:05:5c:de:b8:27:84:4e:e1:4c:84:
                    ee:7f:64:73:e1:ba:e2:d0:23:32:6a:f9:37:61:79:
                    9e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2A:E3:4D:3B:E7:4F:E4:E3:DF:49:1F:B8:0A:69:C6:CE:6A:BA:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c1564a-03d7-493a-959b-6e79233e689b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4f:55:9a:e4:75:0c:34:6d:4d:31:89:54:e5:ad:55:b4:16:3f:
         9c:51:f5:b5:95:b4:b1:e7:87:0a:5d:1c:7f:95:8d:3c:78:06:
         b3:3e:9c:d9:2a:93:6e:cb:f7:30:b1:14:b2:b0:51:33:45:c2:
         b0:0f:52:13:01:7a:09:5f:af:b5:e4:1f:e6:32:c4:5c:91:d9:
         8a:04:42:cc:b5:0c:bc:4e:c1:bb:1d:13:5e:18:ae:5a:6f:a9:
         bc:13:86:31:8f:51:49:f2:5c:a2:e1:d6:83:a0:b9:90:52:58:
         a0:a9:47:90:cc:5e:ec:b7:53:4a:10:a0:59:fb:0a:a6:94:e8:
         f4:4b:0b:29:8b:3a:c7:cb:14:5e:19:3f:16:17:9c:f9:2a:1b:
         5d:44:fc:00:c9:fd:dd:5d:18:1c:a7:25:bc:bc:bb:b9:12:a9:
         fa:bc:aa:0d:56:aa:5c:62:c3:7d:96:7c:58:58:96:75:62:fe:
         0b:32:2f:df:c7:cf:46:48:da:61:f1:34:b8:f6:1f:92:14:07:
         f5:b4:8f:57:80:c5:49:10:50:ec:24:df:66:d0:16:1a:58:da:
         29:90:dc:ab:16:1a:e8:66:48:51:be:e7:7e:1a:6b:23:4a:b5:
         3c:c2:e0:c8:ef:51:bb:5b:c3:06:5b:64:78:7e:71:b4:70:d3:
         fa:b5:80:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURYKTH7xtyOImAJOBCuqdlh4NzsswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTI5ZjhhZDU3MmIwNTBiMTUzMTBiODhkMjZhNGYzNTBh
Zjg3MTZiZmRlNGJjMGE1MzRkZmRlN2I4Y2EyMmE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxwNjFi68ekl6Df7TyjhqGO4grV2GiaxEcPF06gHkn1nX8
WBqkyEMW+3ZP1EuGOwNwlgNuTj00y1ojptEFb0rGT0bzDVPAJsXEv/IgkGxTUElo
MPSFLQnmVE5ww7t6Mc3JvkPkyqmmPEdFKknNREyBpnxyyJHVqxCsqNKJ18lHVCR1
l/OelNewqBWjCCXlGj8wletIEa0UjMKUNNLYGUJto8ntgIjCs9Kp+V2zrNMlmmzq
1/piaDcV7qG6N/TsWBuD3iI+xZDVylbQcLRLMbljkHWq1QgOyHcW1olig73CTUgO
+gzDBVzeuCeETuFMhO5/ZHPhuuLQIzJq+TdheZ6jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2irjTTvnT+Tj30kfuAppxs5qunEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyYzE1NjRhLTAzZDctNDkzYS05NTliLTZlNzkyMzNlNjg5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlkgwDQYJKoZIhvcNAQELBQADggEBAE9VmuR1DDRtTTGJVOWtVbQWP5xR
9bWVtLHnhwpdHH+VjTx4BrM+nNkqk27L9zCxFLKwUTNFwrAPUhMBeglfr7XkH+Yy
xFyR2YoEQsy1DLxOwbsdE14YrlpvqbwThjGPUUnyXKLh1oOguZBSWKCpR5DMXuy3
U0oQoFn7CqaU6PRLCymLOsfLFF4ZPxYXnPkqG11E/ADJ/d1dGBynJby8u7kSqfq8
qg1Wqlxiw32WfFhYlnVi/gsyL9/Hz0ZI2mHxNLj2H5IUB/W0j1eAxUkQUOwk32bQ
FhpY2imQ3KsWGuhmSFG+534aayNKtTzC4MjvUbtbwwZbZHh+cbRw0/q1gCg=
-----END CERTIFICATE-----