Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07695761-8a08-4e9d-84f2-8ddd5510cbad.roa
File:                     07695761-8a08-4e9d-84f2-8ddd5510cbad.roa (raw, json)
Hash identifier:          A7FjiJaCoBBzCRtzR8wPHTC9b8UiUKI1zt5GMshE/WQ=
Subject key identifier:   02:2C:F3:98:F4:E2:0B:87:B2:DE:9C:2B:13:BA:70:4B:7C:C3:34:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5E286C68A52EBE1F75EBEA83F08A620FD6A08791
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07695761-8a08-4e9d-84f2-8ddd5510cbad.roa
Signing time:             Mon 17 Mar 2025 15:10:59 +0000
ROA not before:           Mon 17 Mar 2025 15:10:59 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.174.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:28:6c:68:a5:2e:be:1f:75:eb:ea:83:f0:8a:62:0f:d6:a0:87:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 17 15:10:59 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:dd:8c:06:c3:ac:97:c8:11:90:27:0d:bc:2d:
                    ee:fc:8b:3b:42:a8:c6:05:f0:7c:03:ff:14:b1:25:
                    fb:56:e4:1e:4c:92:57:e9:ac:39:90:a7:c1:e0:5d:
                    74:f7:ae:2a:42:57:57:5a:1a:3a:af:11:ad:48:ad:
                    82:c8:1f:62:e5:66:a9:43:c1:dd:f7:34:be:d4:a3:
                    75:dd:5d:18:87:3e:84:58:9e:d7:1a:d4:3a:be:b2:
                    e6:c3:bf:76:51:be:34:7e:93:c1:89:cd:23:21:13:
                    f4:a3:4a:46:05:b0:1c:25:e4:11:b4:63:f6:31:54:
                    20:11:7a:87:c4:d8:8e:5f:34:80:f6:eb:aa:e2:79:
                    55:1d:28:0f:39:d0:8e:2e:e2:09:b0:36:e4:51:87:
                    24:ab:5b:03:ff:fb:73:dd:67:66:2f:9f:ca:67:2a:
                    e8:80:bc:1c:dc:30:f8:10:c2:ee:9b:df:31:76:b2:
                    f7:48:a3:3a:44:e2:2d:ff:4e:1d:1c:cc:77:89:37:
                    47:a8:49:f3:2d:06:c5:48:95:b2:99:b9:e8:8e:70:
                    22:3c:9c:73:98:91:81:83:c2:c6:94:5c:e4:f8:d2:
                    9b:36:f5:6d:62:05:72:70:08:97:79:fb:c5:d2:d6:
                    ee:9b:81:24:84:b5:45:98:c7:a8:90:ea:f1:97:b2:
                    a6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:2C:F3:98:F4:E2:0B:87:B2:DE:9C:2B:13:BA:70:4B:7C:C3:34:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07695761-8a08-4e9d-84f2-8ddd5510cbad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.174.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:e3:e3:5d:49:58:66:e2:b1:a9:ec:9a:f4:15:40:a0:cf:6c:
         47:4c:ff:4f:86:9c:82:6e:84:c4:c5:27:2d:b3:e5:1c:00:3a:
         1f:9c:15:91:57:04:77:19:ca:f0:0c:ca:f2:02:4a:2a:2c:02:
         0a:3c:06:c6:37:46:94:95:a1:09:3c:cd:8b:ea:ea:b0:94:14:
         00:47:d6:41:4d:dc:ff:b8:46:29:0f:06:78:8b:18:98:5d:94:
         ef:4a:16:35:0c:67:a5:aa:31:9d:49:79:b7:b9:d2:6a:19:ed:
         cc:71:1a:e3:0d:d9:df:fc:36:eb:0f:43:96:48:6b:75:c3:18:
         a9:94:35:50:6f:f2:c3:65:3f:bf:3e:15:37:b2:04:ea:3f:22:
         d3:ba:31:36:fd:4e:ee:ee:db:bc:42:dd:ff:10:70:76:67:7b:
         c3:25:e0:6a:ac:a5:fc:86:d2:b6:83:9d:8c:db:d4:26:a3:c7:
         86:1b:9c:b5:a2:5b:cc:cc:d2:3d:54:66:10:a3:52:13:dd:a9:
         7e:dc:a0:74:5d:6f:5d:8b:9d:83:f9:0e:54:83:e1:58:27:7c:
         bd:ca:31:a2:f8:a8:a7:40:85:99:73:a2:f3:f8:26:38:b4:43:
         a1:1d:ca:6d:5a:e4:76:7a:aa:06:b5:e8:ee:ae:df:17:8d:45:
         7c:86:34:05
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXihsaKUuvh916+qD8IpiD9agh5EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE3MTUxMDU5WhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTA4ZjM5ZDkxNTI3ZjM4ZjExNDRhYjM5ZDgyMDI5MmI2
NzYyZmQ3YjU4MThjM2VmYzhiMmE3MjEwOTU4NTZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO3YwGw6yXyBGQJw28Le78iztCqMYF8HwD/xSxJftW5B5M
klfprDmQp8HgXXT3ripCV1daGjqvEa1IrYLIH2LlZqlDwd33NL7Uo3XdXRiHPoRY
ntca1Dq+subDv3ZRvjR+k8GJzSMhE/SjSkYFsBwl5BG0Y/YxVCAReofE2I5fNID2
66rieVUdKA850I4u4gmwNuRRhySrWwP/+3PdZ2Yvn8pnKuiAvBzcMPgQwu6b3zF2
svdIozpE4i3/Th0czHeJN0eoSfMtBsVIlbKZueiOcCI8nHOYkYGDwsaUXOT40ps2
9W1iBXJwCJd5+8XS1u6bgSSEtUWYx6iQ6vGXsqZvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUAizzmPTiC4ey3pwrE7pwS3zDNDEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3Njk1NzYxLThhMDgtNGU5ZC04NGYyLThkZGQ1NTEwY2JhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQrjANBgkqhkiG9w0BAQsFAAOCAQEAfePjXUlYZuKxqeya9BVAoM9sR0z/
T4acgm6ExMUnLbPlHAA6H5wVkVcEdxnK8AzK8gJKKiwCCjwGxjdGlJWhCTzNi+rq
sJQUAEfWQU3c/7hGKQ8GeIsYmF2U70oWNQxnpaoxnUl5t7nSahntzHEa4w3Z3/w2
6w9DlkhrdcMYqZQ1UG/yw2U/vz4VN7IE6j8i07oxNv1O7u7bvELd/xBwdmd7wyXg
aqyl/IbStoOdjNvUJqPHhhuctaJbzMzSPVRmEKNSE92pftygdF1vXYudg/kOVIPh
WCd8vcoxoviop0CFmXOi8/gmOLRDoR3KbVrkdnqqBrXo7q7fF41FfIY0BQ==
-----END CERTIFICATE-----