Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa
File:                     10e8eaff-a969-4014-aee5-0177cbb5381e.roa (raw, json)
Hash identifier:          k8cBbTEZYmrxQWIf6ObtJy5//fGCnXfTe4npe9nSPGU=
Subject key identifier:   0F:05:61:E7:99:FD:BA:A1:81:81:BA:D2:69:08:B4:D2:C8:DC:29:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A1740023CD706A0D9C14361BBD90BE7B8822D17
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa
Signing time:             Fri 28 Mar 2025 00:00:58 +0000
ROA not before:           Fri 28 Mar 2025 00:00:58 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.162.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:17:40:02:3c:d7:06:a0:d9:c1:43:61:bb:d9:0b:e7:b8:82:2d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:00:58 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:8d:54:53:b7:be:fd:76:c6:e8:68:47:2a:0d:
                    7c:25:9e:ac:bc:40:bb:f8:ae:92:c2:e7:f9:78:6a:
                    6d:f6:9a:90:a5:eb:06:8b:f8:9d:1d:3f:2c:ed:41:
                    af:b8:0a:78:aa:79:0e:be:a2:bc:b7:55:f3:4a:d7:
                    37:f4:6a:82:85:c9:90:ff:74:e2:25:74:6a:45:d6:
                    70:e4:51:49:78:81:dd:81:fc:de:28:1f:c1:11:c0:
                    ed:ab:dd:86:d5:06:8c:b3:13:4a:0c:28:64:bb:d0:
                    6e:f9:d6:9b:bd:3c:13:fc:4d:a9:a3:c3:a9:ce:62:
                    60:ca:33:e5:02:db:8b:5a:e7:28:ce:e9:15:4a:b5:
                    9b:76:ac:93:ff:05:ae:57:30:44:3d:b2:67:0d:77:
                    c6:41:d5:58:30:14:64:23:52:ac:65:87:d2:78:d7:
                    b3:cc:a7:56:6f:dc:9e:7d:59:52:dd:85:62:3f:6f:
                    9e:97:5a:f2:3d:50:e5:68:e6:6a:fa:3a:70:9f:b9:
                    94:90:3b:2f:60:14:77:2e:bb:bc:c4:72:4b:b7:cf:
                    62:e4:eb:fc:e7:c1:54:f1:4a:ce:cd:ee:f8:7b:97:
                    f8:a9:b2:b9:71:b1:18:b5:ea:46:03:5c:bb:3a:d1:
                    e1:a3:9f:ae:04:08:ec:18:02:26:e6:9d:bd:74:49:
                    1c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:05:61:E7:99:FD:BA:A1:81:81:BA:D2:69:08:B4:D2:C8:DC:29:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.162.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3a:89:13:64:55:b4:be:7e:35:88:74:69:72:45:c2:f8:e3:4f:
         6c:ad:11:38:63:0d:47:0b:6d:16:15:41:d4:de:70:82:87:ec:
         79:b9:37:c3:21:f7:ae:13:84:a2:af:e1:cb:8d:cb:34:66:6d:
         a2:00:a8:4a:e5:d5:aa:8b:16:eb:28:36:f9:82:69:86:de:fa:
         8f:24:1a:3c:e1:1a:d3:c3:a2:38:f1:98:cc:15:49:7d:da:cd:
         f2:c3:47:76:d5:bf:67:97:5c:d2:3a:33:6b:72:bb:1e:d6:ce:
         69:55:b3:3b:28:6f:5b:19:35:ec:6c:b6:20:09:a1:19:81:49:
         b0:8e:95:08:74:5b:e6:a4:ca:f6:6f:8c:f8:3e:fd:56:2e:ce:
         57:03:49:49:06:d6:f7:ad:55:2e:e8:f8:62:66:4d:c0:88:11:
         bf:26:0a:16:56:bb:44:3f:41:ac:2c:54:5f:e0:46:8d:d1:c1:
         1f:de:e8:e3:8a:30:8e:08:6e:8e:a0:65:fc:69:26:5d:53:f3:
         68:5b:cc:00:5d:79:2b:46:2e:83:75:9e:08:c7:57:68:7a:84:
         39:91:b4:33:8b:6b:fe:e6:86:64:88:f8:e0:77:cd:cd:93:fe:
         eb:fa:cc:7f:68:a8:82:93:f0:0d:c2:34:0c:73:6b:9c:34:52:
         a4:e5:ce:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUahdAAjzXBqDZwUNhu9kL57iCLRcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAwMDU4WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTI5ZmJjNDZlNGUwZTdmZTA1MDk4ZGNhNGQ5M2U0MzYy
NThlODkwZGYwYmY1NWE4MDEwNTY2NDEyZTRlYzY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtjVRTt779dsboaEcqDXwlnqy8QLv4rpLC5/l4am32mpCl
6waL+J0dPyztQa+4CniqeQ6+ory3VfNK1zf0aoKFyZD/dOIldGpF1nDkUUl4gd2B
/N4oH8ERwO2r3YbVBoyzE0oMKGS70G751pu9PBP8Tamjw6nOYmDKM+UC24ta5yjO
6RVKtZt2rJP/Ba5XMEQ9smcNd8ZB1VgwFGQjUqxlh9J417PMp1Zv3J59WVLdhWI/
b56XWvI9UOVo5mr6OnCfuZSQOy9gFHcuu7zEcku3z2Lk6/znwVTxSs7N7vh7l/ip
srlxsRi16kYDXLs60eGjn64ECOwYAibmnb10SRw1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDwVh55n9uqGBgbrSaQi00sjcKXEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwZThlYWZmLWE5NjktNDAxNC1hZWU1LTAxNzdjYmI1MzgxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQojANBgkqhkiG9w0BAQsFAAOCAQEAOokTZFW0vn41iHRpckXC+ONPbK0R
OGMNRwttFhVB1N5wgofsebk3wyH3rhOEoq/hy43LNGZtogCoSuXVqosW6yg2+YJp
ht76jyQaPOEa08OiOPGYzBVJfdrN8sNHdtW/Z5dc0joza3K7HtbOaVWzOyhvWxk1
7Gy2IAmhGYFJsI6VCHRb5qTK9m+M+D79Vi7OVwNJSQbW961VLuj4YmZNwIgRvyYK
Fla7RD9BrCxUX+BGjdHBH97o44owjghujqBl/GkmXVPzaFvMAF15K0Yug3WeCMdX
aHqEOZG0M4tr/uaGZIj44HfNzZP+6/rMf2iogpPwDcI0DHNrnDRSpOXOLw==
-----END CERTIFICATE-----