Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c5b22d0-c570-479a-9176-1b8ae33317b3.roa
File:                     9c5b22d0-c570-479a-9176-1b8ae33317b3.roa (raw, json)
Hash identifier:          77rJ+8l3iKFsc4qzC4v40+182TngxqosXlEGuLSpKM4=
Subject key identifier:   40:A4:E3:97:63:73:69:E2:D5:15:32:4A:A8:1E:69:B9:EF:52:B6:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D79E9F803B741272BD3183D4C2007F469762E97
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c5b22d0-c570-479a-9176-1b8ae33317b3.roa
Signing time:             Tue 04 Mar 2025 17:51:15 +0000
ROA not before:           Tue 04 Mar 2025 17:51:15 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.130.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:79:e9:f8:03:b7:41:27:2b:d3:18:3d:4c:20:07:f4:69:76:2e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 17:51:15 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b1:61:40:ee:02:5d:0a:fc:b3:85:08:0a:e9:
                    c9:a8:88:8e:b4:ae:e2:35:33:4f:53:61:18:c4:51:
                    fb:e2:18:cd:f3:1a:01:6d:88:cb:31:b1:9a:69:39:
                    9c:c2:35:3b:42:7f:c5:79:e4:72:05:e8:8f:82:03:
                    69:1f:37:26:51:de:1f:7e:5f:05:6d:fb:b8:34:da:
                    00:e8:b1:16:b6:de:fe:09:08:cc:5d:21:73:64:61:
                    f5:b1:54:8d:de:46:0e:12:c0:7d:12:21:bb:17:cd:
                    d9:59:a5:6d:c9:2f:61:46:11:cc:40:34:86:50:10:
                    79:ff:c2:9b:d8:21:28:a2:e3:47:e5:b4:c0:63:be:
                    3c:86:c1:8c:25:4d:e0:d8:94:00:e3:17:20:be:c9:
                    b6:f0:22:0b:db:bd:8f:4d:2f:ed:d8:74:f2:ca:57:
                    78:f6:97:bd:a3:53:75:47:dd:4d:7e:08:91:8a:53:
                    05:6f:af:07:5a:3d:6d:a4:ef:34:c9:93:1f:22:f1:
                    18:18:d2:67:0c:df:2a:ce:7b:97:c2:e9:91:aa:70:
                    b4:43:f0:c8:34:c7:ef:2b:0c:8c:2f:ef:46:14:ce:
                    c0:4b:fa:f9:ca:9c:fc:12:56:a0:0b:41:67:c1:0b:
                    dd:ad:5d:df:dd:0c:ab:84:d6:88:c7:7f:8b:6b:55:
                    5c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A4:E3:97:63:73:69:E2:D5:15:32:4A:A8:1E:69:B9:EF:52:B6:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c5b22d0-c570-479a-9176-1b8ae33317b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.130.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:29:df:39:77:54:b0:86:39:d7:6b:84:8b:94:bd:02:f0:61:
         bc:51:11:17:98:9d:d9:ae:77:42:b5:a1:1a:7a:1b:71:67:8c:
         a3:39:76:c0:92:99:7b:18:ff:0d:42:3a:75:c5:bf:b0:ea:f8:
         ea:c2:9a:b9:9c:9c:98:49:3d:eb:82:56:0e:99:b7:0e:c3:5a:
         c5:20:04:b3:05:f1:46:21:c5:d6:09:51:2b:0e:29:24:00:4d:
         ac:92:87:0f:2b:64:c5:0c:52:fe:de:cf:53:35:dc:7f:b5:6a:
         6f:f1:4e:56:aa:9f:08:2a:8b:5b:3e:b7:73:42:2e:f1:28:8a:
         20:52:1a:6d:ce:ae:fe:c9:b1:be:bc:d2:86:d3:b7:af:40:56:
         1d:aa:b8:06:a8:f5:a0:22:7f:0b:0d:a2:d4:99:f9:dd:bc:8a:
         8f:33:d6:8d:2a:fd:2e:3d:f5:10:4e:80:50:3c:58:b3:d0:1e:
         8b:05:d7:d1:c1:68:1b:60:dd:15:b3:67:d3:e5:06:06:09:e7:
         50:3b:29:cf:9f:62:f8:cd:99:f4:af:7c:fe:f5:ba:7f:78:51:
         ab:82:3e:d7:cb:b6:3b:49:26:e5:ae:ba:b3:69:cb:26:df:3a:
         65:d5:66:4b:18:08:53:d4:de:43:26:78:99:a5:9d:ec:29:98:
         83:25:f4:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTXnp+AO3QScr0xg9TCAH9Gl2LpcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTc1MTE1WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDhjNTFmNzJmNGYxNjlhZjA3ZDllYmUzOWY4NWFiOTE1
NDI5OWZhYzQ5ZmYxZTRlNDMyYmRjZDMzZjg2YTJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTsWFA7gJdCvyzhQgK6cmoiI60ruI1M09TYRjEUfviGM3z
GgFtiMsxsZppOZzCNTtCf8V55HIF6I+CA2kfNyZR3h9+XwVt+7g02gDosRa23v4J
CMxdIXNkYfWxVI3eRg4SwH0SIbsXzdlZpW3JL2FGEcxANIZQEHn/wpvYISii40fl
tMBjvjyGwYwlTeDYlADjFyC+ybbwIgvbvY9NL+3YdPLKV3j2l72jU3VH3U1+CJGK
UwVvrwdaPW2k7zTJkx8i8RgY0mcM3yrOe5fC6ZGqcLRD8Mg0x+8rDIwv70YUzsBL
+vnKnPwSVqALQWfBC92tXd/dDKuE1ojHf4trVVynAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQKTjl2NzaeLVFTJKqB5pue9SthowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljNWIyMmQwLWM1NzAtNDc5YS05MTc2LTFiOGFlMzMzMTdiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBigjANBgkqhkiG9w0BAQsFAAOCAQEAdinfOXdUsIY512uEi5S9AvBhvFER
F5id2a53QrWhGnobcWeMozl2wJKZexj/DUI6dcW/sOr46sKauZycmEk964JWDpm3
DsNaxSAEswXxRiHF1glRKw4pJABNrJKHDytkxQxS/t7PUzXcf7Vqb/FOVqqfCCqL
Wz63c0Iu8SiKIFIabc6u/smxvrzShtO3r0BWHaq4Bqj1oCJ/Cw2i1Jn53byKjzPW
jSr9Lj31EE6AUDxYs9AeiwXX0cFoG2DdFbNn0+UGBgnnUDspz59i+M2Z9K98/vW6
f3hRq4I+18u2O0km5a66s2nLJt86ZdVmSxgIU9TeQyZ4maWd7CmYgyX0xA==
-----END CERTIFICATE-----