Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb749b21-d737-445d-8b86-397c0705e49c.roa
File:                     fb749b21-d737-445d-8b86-397c0705e49c.roa (raw, json)
Hash identifier:          Al/dmFj4WXbMuDbv6Os1Db4J5D7MQJOo22uiJJtuOpI=
Subject key identifier:   74:BF:35:5A:A0:E2:FD:36:F3:21:D6:20:39:0C:26:F4:50:28:9D:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       233BA08E92EBBC327B3F6740270720354F3CC6E6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb749b21-d737-445d-8b86-397c0705e49c.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.247.64.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:3b:a0:8e:92:eb:bc:32:7b:3f:67:40:27:07:20:35:4f:3c:c6:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=5d4765716b9ed307fa0a94477b04022e4d6e2ddd761eebb86a8ea55c7f61ae1d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:92:d7:61:aa:57:1c:7a:4b:2c:02:3e:aa:52:
                    67:b0:01:1d:2a:a8:5d:ec:ef:9b:ab:1e:2e:00:9c:
                    fa:23:3c:7a:f3:86:22:4d:8a:cc:df:7d:4e:b7:fc:
                    45:36:82:68:6a:d0:00:8c:e7:f2:29:f9:dc:c2:88:
                    76:37:99:3d:48:0b:4c:d2:60:c8:5a:dd:1e:f2:16:
                    bd:7a:50:1d:6e:c2:29:d2:32:dd:26:77:12:c7:7d:
                    b2:91:4a:b8:00:49:57:ae:0d:52:1d:fd:cd:9f:e2:
                    d1:ab:0e:48:91:91:6e:cb:a1:56:e9:4a:00:ca:53:
                    ad:a4:94:b0:b4:bd:b1:70:55:68:7d:6f:5c:21:8e:
                    31:cb:a0:a1:0a:52:1d:3e:39:51:2b:1e:bb:f9:bc:
                    f4:6e:80:66:52:d1:95:9a:fa:b7:28:8f:93:64:67:
                    7a:7f:65:e8:95:13:91:a0:7c:8a:5b:65:7b:7c:3c:
                    c0:3d:fc:e5:d1:36:7c:82:38:31:fd:fc:aa:9b:2f:
                    6e:f5:ac:b8:45:18:e8:c4:aa:6d:0d:69:74:9e:44:
                    5b:04:51:e5:18:f0:46:bc:6c:06:d0:f4:2d:78:f5:
                    65:59:71:e5:17:7b:a7:cf:01:9f:40:a5:ca:ca:51:
                    03:64:73:3d:78:26:e7:99:84:04:7e:6e:75:e3:aa:
                    48:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:BF:35:5A:A0:E2:FD:36:F3:21:D6:20:39:0C:26:F4:50:28:9D:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb749b21-d737-445d-8b86-397c0705e49c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.247.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c0:ba:4e:75:06:69:fe:9a:65:1d:dc:f4:18:40:3f:ac:2f:e4:
         60:b9:a4:f9:de:23:f3:da:fa:8f:d7:8f:00:79:59:a1:a8:30:
         a3:7c:f1:0d:ac:9b:0f:97:29:22:cc:df:26:fc:04:7f:2c:79:
         7a:67:6f:cd:4f:60:36:48:00:f4:c4:82:07:79:eb:49:54:c2:
         a7:12:d8:d0:a5:9a:7c:05:4f:0d:67:84:fb:7e:78:a1:f3:03:
         9b:70:f9:b7:a2:0f:f4:07:7c:4d:c3:4e:20:a7:2e:be:93:30:
         ae:81:29:9b:87:78:9d:e2:42:9d:c6:93:f7:9a:3e:d7:4f:1a:
         cf:e8:fa:bb:f0:36:89:e3:51:16:d3:89:1b:d7:69:07:5c:d9:
         3d:c9:80:8a:2e:2f:0e:9d:ae:d3:fb:23:48:7a:7e:41:95:21:
         82:b1:f6:15:0e:d7:b3:62:02:75:4c:04:cf:4e:de:49:ed:55:
         12:80:5b:f7:f0:21:9f:63:05:ef:6a:d9:42:d4:37:c4:00:4d:
         4e:8f:db:29:c5:93:0b:1f:0f:40:31:26:dc:3a:9e:15:a1:8f:
         49:3e:56:be:9c:21:be:fc:a5:a7:ff:47:a6:9b:9d:87:c1:f1:
         77:a5:18:69:bb:b8:ba:c9:a9:8a:c0:6a:60:df:67:80:6b:96:
         9a:32:52:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIzugjpLrvDJ7P2dAJwcgNU88xuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDQ3NjU3MTZiOWVkMzA3ZmEwYTk0NDc3YjA0MDIyZTRk
NmUyZGRkNzYxZWViYjg2YThlYTU1YzdmNjFhZTFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZktdhqlccekssAj6qUmewAR0qqF3s75urHi4AnPojPHrz
hiJNiszffU63/EU2gmhq0ACM5/Ip+dzCiHY3mT1IC0zSYMha3R7yFr16UB1uwinS
Mt0mdxLHfbKRSrgASVeuDVId/c2f4tGrDkiRkW7LoVbpSgDKU62klLC0vbFwVWh9
b1whjjHLoKEKUh0+OVErHrv5vPRugGZS0ZWa+rcoj5NkZ3p/ZeiVE5GgfIpbZXt8
PMA9/OXRNnyCODH9/KqbL271rLhFGOjEqm0NaXSeRFsEUeUY8Ea8bAbQ9C149WVZ
ceUXe6fPAZ9ApcrKUQNkcz14JueZhAR+bnXjqkidAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdL81WqDi/TbzIdYgOQwm9FAondQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiNzQ5YjIxLWQ3MzctNDQ1ZC04Yjg2LTM5N2MwNzA1ZTQ5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWW90AwDQYJKoZIhvcNAQELBQADggEBAMC6TnUGaf6aZR3c9BhAP6wv5GC5
pPneI/Pa+o/XjwB5WaGoMKN88Q2smw+XKSLM3yb8BH8seXpnb81PYDZIAPTEggd5
60lUwqcS2NClmnwFTw1nhPt+eKHzA5tw+beiD/QHfE3DTiCnLr6TMK6BKZuHeJ3i
Qp3Gk/eaPtdPGs/o+rvwNonjURbTiRvXaQdc2T3JgIouLw6drtP7I0h6fkGVIYKx
9hUO17NiAnVMBM9O3kntVRKAW/fwIZ9jBe9q2ULUN8QATU6P2ynFkwsfD0AxJtw6
nhWhj0k+Vr6cIb78paf/R6abnYfB8XelGGm7uLrJqYrAamDfZ4BrlpoyUkU=
-----END CERTIFICATE-----