Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8587f66-a9c6-4256-b171-7bf2bdb7915f.roa
File:                     f8587f66-a9c6-4256-b171-7bf2bdb7915f.roa (raw, json)
Hash identifier:          jlVs80ZxZJt+MWgmTC9r6tGQJDTyqyapelwQ9XcCiDA=
Subject key identifier:   A5:83:13:2F:05:1E:E6:22:3A:B3:B1:96:C0:F7:DE:54:0A:EC:07:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15CC56BE6EB5E4780F879FFEAA0F528D274E6E2F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8587f66-a9c6-4256-b171-7bf2bdb7915f.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.15.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:cc:56:be:6e:b5:e4:78:0f:87:9f:fe:aa:0f:52:8d:27:4e:6e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=22165e30a5c46dd4c2fa8a85ac50a51ed33ae914bf12b649528a852690c15dc0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:66:c2:5a:01:0a:59:78:dc:26:17:84:b7:be:
                    d9:e9:34:4b:11:93:3f:b4:d9:51:c3:44:5d:7f:3e:
                    df:05:47:67:4a:3d:7c:f2:79:90:81:92:8d:f6:3a:
                    a8:0d:d7:e1:28:3b:ca:09:49:28:48:b4:81:29:05:
                    61:98:3d:39:cd:37:e1:61:1a:1b:a5:aa:b5:db:68:
                    25:67:44:ae:8d:8d:bf:b5:fc:f8:33:0b:87:4d:66:
                    99:eb:bc:61:02:b8:7b:57:08:0e:26:c2:39:53:2f:
                    a9:a7:1f:a4:f7:36:8a:5d:98:23:a8:0a:ba:27:75:
                    1c:23:8c:75:f9:5c:98:5f:dc:a2:d5:ca:f0:e8:eb:
                    fb:57:8d:43:5e:f1:20:35:f5:c5:53:16:ab:66:b5:
                    09:b2:69:24:63:78:f9:0e:1d:37:92:13:26:16:8e:
                    85:02:97:c5:98:6a:ff:fb:e9:d2:7f:a0:5a:08:f3:
                    0c:57:24:98:b7:db:d2:c0:ba:8f:2d:7c:84:b1:00:
                    27:df:b4:c6:de:c6:c2:2a:36:c0:57:d0:7d:00:fe:
                    16:fd:3f:e1:11:e5:f8:c8:bd:82:6c:f8:95:af:51:
                    15:dd:8e:1b:b6:5b:d2:4d:47:7a:ce:e9:38:59:2c:
                    63:6a:b2:91:a1:af:a7:36:31:86:f3:0b:ac:9b:8e:
                    e5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:83:13:2F:05:1E:E6:22:3A:B3:B1:96:C0:F7:DE:54:0A:EC:07:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8587f66-a9c6-4256-b171-7bf2bdb7915f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.15.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a8:04:26:dc:23:38:96:48:1d:1e:05:b9:d0:1f:de:28:82:f4:
         b3:6a:72:0f:50:4e:77:b1:9c:d8:26:a6:36:2d:21:0f:04:24:
         34:26:c1:20:61:bd:1d:a6:87:e3:df:a3:cc:f2:a0:6c:ac:79:
         5a:36:54:de:67:f0:88:71:44:7b:3e:5b:2e:d9:4a:e5:f4:75:
         c0:b3:0d:00:45:65:d1:3d:02:5d:ce:13:a1:8f:fc:90:83:62:
         2d:13:d8:c9:e6:18:9d:f8:21:b1:1c:3f:7e:0b:7a:27:19:ed:
         3c:92:9a:10:b5:cb:ec:ef:2c:76:63:5c:7f:d6:c2:9a:4f:c4:
         46:92:3a:54:15:c1:40:88:87:13:92:21:92:5d:06:9b:fa:fe:
         ba:51:40:1f:6d:99:c5:e2:63:2d:26:7a:2b:c6:da:b5:9d:fb:
         7e:67:13:cf:c6:95:c5:ce:68:6e:7d:f7:75:1b:1e:2c:4a:f1:
         ce:23:2f:35:ec:b5:1a:88:ad:be:96:7a:ee:ec:91:80:72:64:
         23:08:21:ea:b9:03:9d:6a:eb:a0:a5:92:db:22:2d:0d:fe:17:
         6a:c7:33:8f:d5:99:45:08:99:88:ca:35:79:37:ae:32:6d:32:
         e5:c7:98:a1:a6:52:9e:4d:c4:aa:04:9c:85:91:8d:a0:8d:5c:
         61:ce:1a:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFcxWvm615HgPh5/+qg9SjSdObi8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjE2NWUzMGE1YzQ2ZGQ0YzJmYThhODVhYzUwYTUxZWQz
M2FlOTE0YmYxMmI2NDk1MjhhODUyNjkwYzE1ZGMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrZsJaAQpZeNwmF4S3vtnpNEsRkz+02VHDRF1/Pt8FR2dK
PXzyeZCBko32OqgN1+EoO8oJSShItIEpBWGYPTnNN+FhGhulqrXbaCVnRK6Njb+1
/PgzC4dNZpnrvGECuHtXCA4mwjlTL6mnH6T3NopdmCOoCrondRwjjHX5XJhf3KLV
yvDo6/tXjUNe8SA19cVTFqtmtQmyaSRjePkOHTeSEyYWjoUCl8WYav/76dJ/oFoI
8wxXJJi329LAuo8tfISxACfftMbexsIqNsBX0H0A/hb9P+ER5fjIvYJs+JWvURXd
jhu2W9JNR3rO6ThZLGNqspGhr6c2MYbzC6ybjuUVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpYMTLwUe5iI6s7GWwPfeVArsB8kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4NTg3ZjY2LWE5YzYtNDI1Ni1iMTcxLTdiZjJiZGI3OTE1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfYD4AwDQYJKoZIhvcNAQELBQADggEBAKgEJtwjOJZIHR4FudAf3iiC9LNq
cg9QTnexnNgmpjYtIQ8EJDQmwSBhvR2mh+Pfo8zyoGyseVo2VN5n8IhxRHs+Wy7Z
SuX0dcCzDQBFZdE9Al3OE6GP/JCDYi0T2MnmGJ34IbEcP34LeicZ7TySmhC1y+zv
LHZjXH/WwppPxEaSOlQVwUCIhxOSIZJdBpv6/rpRQB9tmcXiYy0meivG2rWd+35n
E8/GlcXOaG5993UbHixK8c4jLzXstRqIrb6Weu7skYByZCMIIeq5A51q66Clktsi
LQ3+F2rHM4/VmUUImYjKNXk3rjJtMuXHmKGmUp5NxKoEnIWRjaCNXGHOGqE=
-----END CERTIFICATE-----