Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbefe411-d6b0-4a3c-b0c9-b414170fb39b.roa
File:                     bbefe411-d6b0-4a3c-b0c9-b414170fb39b.roa (raw, json)
Hash identifier:          7MtzRqsWY90TGJnqQeofKYWHoN8qJb3+xkPZKD1x7AA=
Subject key identifier:   0A:30:67:4A:24:11:8A:BC:0B:C6:3F:1C:04:2D:79:40:B1:C8:DD:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14428006827BD1A4163439E5804C1A0BAB6B16BE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbefe411-d6b0-4a3c-b0c9-b414170fb39b.roa
Signing time:             Fri 21 Mar 2025 00:00:22 +0000
ROA not before:           Fri 21 Mar 2025 00:00:22 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.19.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:42:80:06:82:7b:d1:a4:16:34:39:e5:80:4c:1a:0b:ab:6b:16:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:00:22 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:be:12:4d:a4:5e:11:61:d8:ac:99:0e:16:7d:
                    76:b2:73:91:42:c3:c8:6a:31:07:d9:be:45:26:1c:
                    6d:e7:45:6d:84:15:50:fe:8a:25:3f:44:c3:1d:78:
                    d8:1d:9b:40:65:ca:f6:66:d9:86:c7:32:12:1d:89:
                    01:68:13:0f:86:80:6c:d7:18:f1:54:d5:c1:68:e1:
                    03:f8:60:08:28:a2:b9:4e:d4:e8:51:57:80:73:58:
                    e1:04:69:e1:44:78:0e:b8:6e:c5:dd:3d:1d:61:2e:
                    7c:ce:f3:48:f4:d1:08:5c:cd:6e:0a:e8:99:05:fe:
                    16:c6:77:12:8f:5a:3a:6c:dc:28:73:d8:98:fa:ab:
                    d6:58:21:e4:b3:e7:15:9d:7a:ed:27:1b:eb:75:04:
                    b2:5b:6d:7c:b2:60:fe:8e:91:4e:29:16:ba:74:b0:
                    9a:b1:22:42:7d:99:10:bd:80:36:d8:a2:8e:0a:c6:
                    6b:75:cc:5b:a8:13:66:d1:2d:3b:25:ed:3a:0b:12:
                    c0:45:72:34:8c:cf:ac:0d:cb:f9:ed:25:db:a2:6f:
                    38:4c:a9:94:fd:92:6a:2e:89:53:94:be:7a:50:9a:
                    8d:d5:81:91:85:8f:65:33:3f:29:d7:52:b4:b8:d0:
                    53:63:3a:70:c4:5d:fa:de:27:0f:9c:1e:b0:fa:eb:
                    22:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:30:67:4A:24:11:8A:BC:0B:C6:3F:1C:04:2D:79:40:B1:C8:DD:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbefe411-d6b0-4a3c-b0c9-b414170fb39b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.19.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:a5:f1:a9:61:d5:e2:fe:20:27:4a:01:70:f4:2c:09:69:cb:
         1d:75:47:8c:a6:2d:13:b5:1b:77:7e:1f:be:88:4b:c0:ee:77:
         d5:b9:ff:97:99:9a:05:b5:78:77:b0:ea:ea:56:59:fc:ad:f9:
         00:e8:d1:1b:b8:3b:d5:f7:43:0f:19:e0:19:88:56:28:d0:3e:
         85:b6:77:d2:3f:f6:e8:20:ae:74:79:4f:a0:2a:d0:7b:2a:33:
         c0:ed:47:c6:08:f3:ca:2c:af:6a:2e:f8:8b:b0:14:5a:17:bf:
         96:ab:5a:85:58:d2:84:24:52:85:ad:99:fe:7d:36:99:36:a8:
         1d:02:bd:da:b9:72:25:28:c5:eb:eb:d2:20:bf:fd:93:9c:f0:
         1c:f4:59:6e:c1:8c:82:44:bf:47:f6:77:a6:a7:7f:bb:99:62:
         9b:cc:f5:d0:ce:87:95:7e:6d:e2:62:78:4b:1b:3c:2d:8d:5a:
         d3:e9:3b:07:34:1d:c6:e3:60:52:cb:ab:ae:0c:98:47:82:2b:
         63:d4:02:ce:b4:20:be:01:35:40:b3:81:46:91:12:6d:12:0a:
         ea:d3:38:54:20:51:14:a8:5c:9c:df:83:d7:9f:2f:f5:db:aa:
         00:a7:62:55:92:b3:ad:bb:11:2d:6a:26:88:9d:0d:a0:49:9f:
         d4:ed:65:08
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFEKABoJ70aQWNDnlgEwaC6trFr4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAwMDIyWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjBiMjE5YzkyMDJlODM2MzlmZDBlMmU1MWI0ZTM5Mzc1
Njk0NjNjOTFkY2UzZWQ5YTNjNjE5MGM4YWEwMmRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChvhJNpF4RYdismQ4WfXayc5FCw8hqMQfZvkUmHG3nRW2E
FVD+iiU/RMMdeNgdm0BlyvZm2YbHMhIdiQFoEw+GgGzXGPFU1cFo4QP4YAgoorlO
1OhRV4BzWOEEaeFEeA64bsXdPR1hLnzO80j00QhczW4K6JkF/hbGdxKPWjps3Chz
2Jj6q9ZYIeSz5xWdeu0nG+t1BLJbbXyyYP6OkU4pFrp0sJqxIkJ9mRC9gDbYoo4K
xmt1zFuoE2bRLTsl7ToLEsBFcjSMz6wNy/ntJduibzhMqZT9kmouiVOUvnpQmo3V
gZGFj2UzPynXUrS40FNjOnDEXfreJw+cHrD66yLzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCjBnSiQRirwLxj8cBC15QLHI3d8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiZWZlNDExLWQ2YjAtNGEzYy1iMGM5LWI0MTQxNzBmYjM5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQEzANBgkqhkiG9w0BAQsFAAOCAQEADqXxqWHV4v4gJ0oBcPQsCWnLHXVH
jKYtE7Ubd34fvohLwO531bn/l5maBbV4d7Dq6lZZ/K35AOjRG7g71fdDDxngGYhW
KNA+hbZ30j/26CCudHlPoCrQeyozwO1Hxgjzyiyvai74i7AUWhe/lqtahVjShCRS
ha2Z/n02mTaoHQK92rlyJSjF6+vSIL/9k5zwHPRZbsGMgkS/R/Z3pqd/u5lim8z1
0M6HlX5t4mJ4Sxs8LY1a0+k7BzQdxuNgUsurrgyYR4IrY9QCzrQgvgE1QLOBRpES
bRIK6tM4VCBRFKhcnN+D158v9duqAKdiVZKzrbsRLWomiJ0NoEmf1O1lCA==
-----END CERTIFICATE-----