Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fdb163c7-fb4c-4c17-9f62-71ff708ab577.roa
File:                     fdb163c7-fb4c-4c17-9f62-71ff708ab577.roa (raw, json)
Hash identifier:          c0CVENtf5wTo6uruKq2nMB01UR4YOE8nN9S+nYKrO0Q=
Subject key identifier:   D3:42:89:35:5B:48:2B:17:C3:9B:7E:30:43:70:C6:4F:59:33:7F:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C0370A3948AB7A49E69A92BD40357BC560B5B8B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fdb163c7-fb4c-4c17-9f62-71ff708ab577.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.65.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:03:70:a3:94:8a:b7:a4:9e:69:a9:2b:d4:03:57:bc:56:0b:5b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=888b21cd744f7ef4710602c1e7eaab5ea65b038a895911ef8612384ba2b65705, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a4:fa:e3:ce:76:9a:c6:58:b3:a8:82:83:1b:
                    62:3a:2f:d3:0d:c2:da:3f:57:b3:30:64:2e:b1:e6:
                    52:92:ef:20:db:c0:27:51:33:22:92:be:ac:6b:d4:
                    e1:34:9e:ae:14:19:f5:be:e5:54:b9:ef:6d:9e:2a:
                    84:32:41:e1:d3:5c:31:cc:b5:3b:65:91:da:56:84:
                    05:27:7e:da:0c:be:c8:03:94:cf:1c:62:d9:13:93:
                    b7:76:94:68:b5:a8:b7:e6:bd:e8:d8:d6:6a:96:e3:
                    b9:3b:dc:7f:79:94:36:1b:04:14:ae:08:e6:8b:e0:
                    11:c4:9d:d2:f8:ab:8d:c0:f5:f4:78:e0:76:f9:7e:
                    3c:b9:16:eb:f1:20:e4:44:97:eb:14:b8:35:12:5a:
                    78:8b:9b:ab:c0:bc:9d:6b:e7:46:b6:97:3c:ce:c0:
                    d2:fd:f0:fa:54:a8:93:68:f9:2a:c1:15:08:f3:60:
                    73:5e:2c:69:bc:4f:a4:f8:42:f6:ff:ce:76:bc:55:
                    2e:76:3e:b1:d1:f8:3b:bf:e6:30:85:81:eb:75:22:
                    61:33:12:a5:bf:8f:ab:1b:f2:29:c8:f1:f7:e5:d3:
                    d3:8e:4d:7d:85:05:2c:a1:5a:92:22:c9:cd:e8:1a:
                    e8:7b:d4:7d:2c:30:4c:b5:fa:6e:6e:d7:bb:dc:97:
                    ab:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:42:89:35:5B:48:2B:17:C3:9B:7E:30:43:70:C6:4F:59:33:7F:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fdb163c7-fb4c-4c17-9f62-71ff708ab577.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:a9:17:ce:d3:e2:da:68:99:d7:08:5a:cb:35:d0:cd:44:27:
         91:ee:7e:32:31:9e:9d:32:bd:80:31:ed:9d:6f:fd:0a:64:e1:
         d6:c3:96:ca:c2:37:e6:69:8e:c2:c0:c7:a3:b4:52:5a:1b:98:
         5c:71:0e:5d:89:4e:c3:6d:3a:4e:e8:87:86:93:29:a4:bd:d1:
         64:5e:a7:c0:18:0f:32:e4:45:72:11:aa:01:7e:1c:81:15:0b:
         9a:fc:56:55:f0:77:18:d2:2c:72:6b:18:b3:38:a9:80:ed:50:
         cb:d4:0a:c2:fc:33:8c:16:49:b8:49:ca:8c:38:88:a2:6b:74:
         87:6a:d8:19:3b:42:48:d0:73:1f:dd:e4:be:a8:2d:02:84:9b:
         54:0c:85:7e:67:4a:6d:f8:d1:1a:d7:9b:99:3c:1e:c0:a3:4d:
         2f:b0:04:98:3e:9f:df:45:f4:98:f7:bd:0f:8f:e7:5c:5d:a7:
         49:0d:bc:a2:62:a0:29:2a:88:bd:8e:3b:85:e9:0e:ce:76:67:
         54:c9:9f:71:c5:a6:76:eb:26:e7:b6:31:4e:85:10:95:3c:60:
         cb:5e:dc:6d:56:d1:65:6d:14:64:0f:11:c8:f2:04:09:9e:0e:
         c5:eb:e2:ab:24:d6:de:7b:dd:da:2d:d8:24:22:85:e2:9a:51:
         a3:5d:ec:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXANwo5SKt6Seaakr1ANXvFYLW4swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODhiMjFjZDc0NGY3ZWY0NzEwNjAyYzFlN2VhYWI1ZWE2
NWIwMzhhODk1OTExZWY4NjEyMzg0YmEyYjY1NzA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnpPrjznaaxlizqIKDG2I6L9MNwto/V7MwZC6x5lKS7yDb
wCdRMyKSvqxr1OE0nq4UGfW+5VS5722eKoQyQeHTXDHMtTtlkdpWhAUnftoMvsgD
lM8cYtkTk7d2lGi1qLfmvejY1mqW47k73H95lDYbBBSuCOaL4BHEndL4q43A9fR4
4Hb5fjy5FuvxIOREl+sUuDUSWniLm6vAvJ1r50a2lzzOwNL98PpUqJNo+SrBFQjz
YHNeLGm8T6T4Qvb/zna8VS52PrHR+Du/5jCFget1ImEzEqW/j6sb8inI8ffl09OO
TX2FBSyhWpIiyc3oGuh71H0sMEy1+m5u17vcl6vzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU00KJNVtIKxfDm34wQ3DGT1kzf1cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkYjE2M2M3LWZiNGMtNGMxNy05ZjYyLTcxZmY3MDhhYjU3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQQTANBgkqhkiG9w0BAQsFAAOCAQEAAKkXztPi2miZ1whayzXQzUQnke5+
MjGenTK9gDHtnW/9CmTh1sOWysI35mmOwsDHo7RSWhuYXHEOXYlOw206TuiHhpMp
pL3RZF6nwBgPMuRFchGqAX4cgRULmvxWVfB3GNIscmsYszipgO1Qy9QKwvwzjBZJ
uEnKjDiIomt0h2rYGTtCSNBzH93kvqgtAoSbVAyFfmdKbfjRGtebmTwewKNNL7AE
mD6f30X0mPe9D4/nXF2nSQ28omKgKSqIvY47hekOznZnVMmfccWmdusm57YxToUQ
lTxgy17cbVbRZW0UZA8RyPIECZ4OxeviqyTW3nvd2i3YJCKF4ppRo13spw==
-----END CERTIFICATE-----