Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a78ed75d-ea2e-41c1-aded-45c9f7b69c79.roa
File:                     a78ed75d-ea2e-41c1-aded-45c9f7b69c79.roa (raw, json)
Hash identifier:          JS9MP396P4j8eXTiGXJoN8O33XP0i80h9EfnzS69CbA=
Subject key identifier:   BA:2E:E5:A9:C8:F5:84:D8:70:2C:70:35:55:76:BE:6E:DE:26:A8:86
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       731B308A116795B896F7E71C9FC9597937B2FCDB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a78ed75d-ea2e-41c1-aded-45c9f7b69c79.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.188.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:1b:30:8a:11:67:95:b8:96:f7:e7:1c:9f:c9:59:79:37:b2:fc:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=387dc89b85b7a7f7e4f5e874bef136dc23b63aae2d407edd0046080afa96f277, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6e:39:e9:30:a4:19:0a:85:88:5c:6a:c8:17:
                    94:83:05:7e:6e:16:fc:99:85:2e:d5:2f:35:11:e6:
                    b1:0d:e1:8e:24:3e:c1:62:cd:b6:60:58:30:a3:03:
                    71:80:3f:4a:51:fb:ec:04:bb:09:ce:ff:fc:a2:0b:
                    2c:15:db:02:08:5c:69:c8:49:6b:74:82:b7:61:85:
                    27:b9:64:3b:99:1a:44:39:59:37:5b:3c:4e:8b:12:
                    f8:05:28:c4:4d:9a:0c:f8:81:77:82:9b:51:fc:6d:
                    1e:d8:52:33:c9:e3:ed:9f:e4:0a:5d:e7:63:7f:34:
                    5e:c1:9a:0e:31:86:ed:47:f3:3e:00:b1:0d:18:b8:
                    f0:3f:f5:1a:de:18:d6:ec:21:57:5e:36:bc:2d:d9:
                    59:ee:03:12:55:30:5d:73:c8:e5:07:57:5a:af:16:
                    76:67:e7:c0:85:16:70:34:60:e6:4e:b6:d9:60:ad:
                    ab:79:2d:21:6f:db:45:13:34:b6:80:74:a2:00:a5:
                    13:b4:98:f5:65:e2:0d:67:82:45:12:12:4e:fd:1a:
                    77:72:33:10:96:81:be:93:09:96:bf:2b:3f:fa:e3:
                    5e:3b:dd:24:34:23:df:40:6b:9d:24:ec:f1:00:80:
                    ae:75:26:c4:22:a9:56:c6:6d:b3:6f:71:10:65:7f:
                    e6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:2E:E5:A9:C8:F5:84:D8:70:2C:70:35:55:76:BE:6E:DE:26:A8:86
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a78ed75d-ea2e-41c1-aded-45c9f7b69c79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.188.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:b2:75:09:ee:8c:05:d6:2f:42:a6:b1:ae:d9:43:51:64:84:
         38:30:3c:1b:b7:f9:2f:f2:4a:a7:b5:77:c4:8d:0f:2f:ae:0f:
         5f:bb:42:3f:77:24:63:b0:89:f6:18:4e:2b:9d:0c:b1:f5:54:
         b2:6d:5c:9d:3f:eb:c0:38:83:4b:23:63:61:6a:b2:fa:40:97:
         10:b1:72:9c:e6:dd:cf:82:35:0e:9a:5e:8b:59:88:c2:7e:72:
         de:6a:4f:34:e9:41:24:9b:bd:0b:bc:ce:e5:e2:3f:e5:8b:5b:
         f1:df:05:3a:d0:1a:ff:60:d0:9b:c5:c9:25:e2:b3:82:c1:3c:
         be:87:70:08:0d:bb:93:cf:25:3b:e1:8c:fe:4a:04:a3:ae:a0:
         b4:f8:43:22:7f:6a:18:bd:b6:5a:02:16:af:4e:bd:3b:62:f8:
         c0:bc:6a:32:3d:83:bd:d7:6e:b7:5e:90:83:13:61:08:b7:3f:
         fb:ef:49:3e:ff:d2:c0:38:da:9d:e0:6b:44:e2:e6:72:3d:d2:
         73:5d:8a:21:f9:4f:ec:91:3e:94:bb:75:21:ef:67:37:0b:b1:
         bd:ac:c4:e6:e6:6a:95:12:2f:4a:f5:6f:09:b0:b3:a0:c7:55:
         69:40:30:cd:84:e9:1c:74:ad:6e:73:a3:41:f1:a2:94:8f:1d:
         33:b0:75:d2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcxswihFnlbiW9+ccn8lZeTey/NswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzODdkYzg5Yjg1YjdhN2Y3ZTRmNWU4NzRiZWYxMzZkYzIz
YjYzYWFlMmQ0MDdlZGQwMDQ2MDgwYWZhOTZmMjc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrbjnpMKQZCoWIXGrIF5SDBX5uFvyZhS7VLzUR5rEN4Y4k
PsFizbZgWDCjA3GAP0pR++wEuwnO//yiCywV2wIIXGnISWt0grdhhSe5ZDuZGkQ5
WTdbPE6LEvgFKMRNmgz4gXeCm1H8bR7YUjPJ4+2f5Apd52N/NF7Bmg4xhu1H8z4A
sQ0YuPA/9RreGNbsIVdeNrwt2VnuAxJVMF1zyOUHV1qvFnZn58CFFnA0YOZOttlg
rat5LSFv20UTNLaAdKIApRO0mPVl4g1ngkUSEk79GndyMxCWgb6TCZa/Kz/64147
3SQ0I99Aa50k7PEAgK51JsQiqVbGbbNvcRBlf+bnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUui7lqcj1hNhwLHA1VXa+bt4mqIYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3OGVkNzVkLWVhMmUtNDFjMS1hZGVkLTQ1YzlmN2I2OWM3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCAvDANBgkqhkiG9w0BAQsFAAOCAQEAobJ1Ce6MBdYvQqaxrtlDUWSEODA8
G7f5L/JKp7V3xI0PL64PX7tCP3ckY7CJ9hhOK50MsfVUsm1cnT/rwDiDSyNjYWqy
+kCXELFynObdz4I1Dppei1mIwn5y3mpPNOlBJJu9C7zO5eI/5Ytb8d8FOtAa/2DQ
m8XJJeKzgsE8vodwCA27k88lO+GM/koEo66gtPhDIn9qGL22WgIWr069O2L4wLxq
Mj2Dvddut16QgxNhCLc/++9JPv/SwDjaneBrROLmcj3Sc12KIflP7JE+lLt1Ie9n
NwuxvazE5uZqlRIvSvVvCbCzoMdVaUAwzYTpHHStbnOjQfGilI8dM7B10g==
-----END CERTIFICATE-----