Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46340e00-739c-4f09-88f1-61173deb2dc5.roa
File:                     46340e00-739c-4f09-88f1-61173deb2dc5.roa (raw, json)
Hash identifier:          1UtrFPhFc0NfQWnROYw8r37WJqow9xuNyeVEYSb7Apc=
Subject key identifier:   DC:1E:4D:55:4B:B0:97:66:88:A5:6A:AF:B7:09:11:D1:52:69:C0:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       27C5728216D423D89FE943E265321617E6830D7F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46340e00-739c-4f09-88f1-61173deb2dc5.roa
Signing time:             Mon 24 Mar 2025 15:31:13 +0000
ROA not before:           Mon 24 Mar 2025 15:31:13 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.157.2.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:c5:72:82:16:d4:23:d8:9f:e9:43:e2:65:32:16:17:e6:83:0d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:31:13 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:09:46:53:e2:19:7e:a9:53:4c:55:31:9a:65:
                    5d:b5:a4:79:d0:e0:32:73:b3:f4:c6:6b:c6:64:f7:
                    f3:64:c7:aa:ba:a8:e6:31:40:a5:eb:92:f8:55:69:
                    e8:6a:a8:4a:d3:66:e7:41:92:dc:74:58:74:5c:09:
                    85:ed:61:5b:36:34:df:64:9f:3c:35:23:48:ac:62:
                    e9:6b:e5:32:9e:18:0e:3d:8e:7d:35:4a:72:a5:2f:
                    5a:14:73:31:59:46:7a:2f:32:2b:db:dd:ba:93:b7:
                    56:39:d6:fc:75:15:5b:32:f4:d6:58:35:a8:7d:2a:
                    45:8e:47:e2:a5:ff:6a:0b:8b:10:2d:96:0e:3f:bf:
                    58:a2:d6:51:1f:b4:0a:4a:73:ab:b1:4e:0b:e7:83:
                    97:67:3b:ca:51:d8:d9:2d:43:ec:00:4f:18:58:5e:
                    2b:ad:78:bc:bb:9f:6b:97:5c:31:c2:41:c1:bc:bf:
                    6a:ea:36:e7:06:84:3c:dc:85:19:4e:07:d9:e5:d7:
                    59:42:7b:f8:ec:8d:d9:c3:86:3b:04:d0:a9:a1:1a:
                    68:a6:9f:f8:80:6b:44:44:59:c3:e5:17:94:45:8f:
                    ba:17:b7:e6:5f:45:1c:13:e0:33:b8:36:fd:48:b0:
                    e0:a7:93:f8:08:e9:3c:21:0d:38:96:59:b9:97:8d:
                    15:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:1E:4D:55:4B:B0:97:66:88:A5:6A:AF:B7:09:11:D1:52:69:C0:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46340e00-739c-4f09-88f1-61173deb2dc5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.157.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:44:53:e2:d7:25:34:64:d2:be:ff:cd:ce:e2:50:ec:43:8a:
         e5:07:cb:62:68:ff:b8:78:66:35:3a:dc:af:6d:9e:52:32:ef:
         b9:e9:6e:5c:18:da:b8:26:02:57:1f:73:9e:c3:fd:9d:e5:69:
         71:19:67:a0:12:f3:82:28:91:8a:eb:21:f0:91:51:b7:35:4f:
         75:1f:c7:90:83:d5:ae:31:a0:81:8e:9a:11:be:b9:44:4c:d7:
         38:39:06:d4:66:2d:08:1b:5a:74:dd:a7:2c:47:ee:e6:c5:89:
         3b:64:9e:b8:63:f1:9c:59:c0:8c:f1:fe:56:4e:59:31:85:e0:
         66:f4:53:1e:7a:19:a5:2f:6e:f9:77:47:c4:68:69:fe:f7:5f:
         09:fb:61:e3:7e:9f:f6:ee:a8:1b:bb:51:06:6a:73:cf:b4:b0:
         bc:62:48:c8:14:3e:d6:b4:91:20:b8:e3:3c:05:72:44:4c:c5:
         e4:19:02:c1:af:a4:ff:5c:e0:a8:3a:d4:96:c3:40:6d:12:59:
         6c:24:d0:1d:9c:ef:78:e4:7a:bc:91:b5:ce:3c:be:65:29:44:
         14:ce:6d:14:15:15:49:20:44:be:36:bd:32:bb:a8:94:47:55:
         40:2f:17:31:ad:ed:64:eb:f7:77:bc:9d:62:08:92:d1:c7:90:
         23:77:c3:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ8VyghbUI9if6UPiZTIWF+aDDX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTUzMTEzWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzQyZWRiOWM3N2ViNTRlZjYyODdlNTMwZGMwZjFjMGRi
NGE5MDY2NzYxNTFlOTNmYzFjM2FmZmQzYTg4ZTNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdCUZT4hl+qVNMVTGaZV21pHnQ4DJzs/TGa8Zk9/Nkx6q6
qOYxQKXrkvhVaehqqErTZudBktx0WHRcCYXtYVs2NN9knzw1I0isYulr5TKeGA49
jn01SnKlL1oUczFZRnovMivb3bqTt1Y51vx1FVsy9NZYNah9KkWOR+Kl/2oLixAt
lg4/v1ii1lEftApKc6uxTgvng5dnO8pR2NktQ+wATxhYXiuteLy7n2uXXDHCQcG8
v2rqNucGhDzchRlOB9nl11lCe/jsjdnDhjsE0KmhGmimn/iAa0REWcPlF5RFj7oX
t+ZfRRwT4DO4Nv1IsOCnk/gI6TwhDTiWWbmXjRWNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3B5NVUuwl2aIpWqvtwkR0VJpwHEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2MzQwZTAwLTczOWMtNGYwOS04OGYxLTYxMTczZGViMmRjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHYnQIwDQYJKoZIhvcNAQELBQADggEBAGNEU+LXJTRk0r7/zc7iUOxDiuUH
y2Jo/7h4ZjU63K9tnlIy77npblwY2rgmAlcfc57D/Z3laXEZZ6AS84IokYrrIfCR
Ubc1T3Ufx5CD1a4xoIGOmhG+uURM1zg5BtRmLQgbWnTdpyxH7ubFiTtknrhj8ZxZ
wIzx/lZOWTGF4Gb0Ux56GaUvbvl3R8Roaf73Xwn7YeN+n/buqBu7UQZqc8+0sLxi
SMgUPta0kSC44zwFckRMxeQZAsGvpP9c4Kg61JbDQG0SWWwk0B2c73jkeryRtc48
vmUpRBTObRQVFUkgRL42vTK7qJRHVUAvFzGt7WTr93e8nWIIktHHkCN3w8o=
-----END CERTIFICATE-----