Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa
File:                     db7a66bc-8f79-4047-8130-2672617f220a.roa (raw, json)
Hash identifier:          mg8o04tkbx/FcGZxsqXXgzWMtJy967+tsyulpTheRTo=
Subject key identifier:   19:FF:1A:0A:5A:99:B4:A5:6F:A6:B1:CD:9B:DB:D1:AA:C2:F2:62:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3D1FF2A166EDA28E55503A88387225199A630FD6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa
Signing time:             Mon 10 Mar 2025 15:01:41 +0000
ROA not before:           Mon 10 Mar 2025 15:01:41 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.3.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:1f:f2:a1:66:ed:a2:8e:55:50:3a:88:38:72:25:19:9a:63:0f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:01:41 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:77:7c:4e:4f:aa:a4:b1:1c:c6:79:c5:39:cf:
                    6d:b8:09:d4:b5:71:70:86:dd:5e:36:a7:3c:47:c6:
                    d3:f5:4b:60:31:4f:98:ef:a0:9a:89:9c:40:29:2e:
                    5f:4c:32:58:05:8e:47:74:4f:2c:a0:f0:4d:de:62:
                    90:94:bd:22:2e:54:f2:fd:ef:df:b5:ad:4b:44:8f:
                    c7:c7:76:88:41:cc:77:78:56:0a:3d:da:9c:7b:b3:
                    4d:04:04:9a:2e:07:e3:08:e3:8b:89:9e:17:34:b2:
                    f4:b4:35:12:29:50:cf:25:15:d3:cd:d9:ba:20:9f:
                    67:d5:92:12:7c:24:1d:26:b1:d1:a3:87:67:a9:45:
                    80:a8:65:ec:a8:8e:8c:3a:ed:9c:e9:26:89:23:87:
                    b5:58:25:56:68:df:42:86:ea:fc:c0:cf:fe:f2:37:
                    39:ef:cf:4e:93:43:08:f4:e2:e0:14:8d:10:82:dd:
                    d7:89:da:95:76:1a:d2:55:98:5f:cd:46:2c:6b:7b:
                    6a:55:b5:78:07:38:37:03:10:24:86:79:7d:02:f3:
                    55:a0:c5:e7:b3:ac:5c:a6:b0:0c:ca:10:5b:31:61:
                    ef:b6:0b:dd:66:1c:21:6e:c9:26:2e:fe:0b:73:54:
                    3f:59:a2:a7:10:92:d6:78:49:2a:30:ac:31:de:e0:
                    e5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:FF:1A:0A:5A:99:B4:A5:6F:A6:B1:CD:9B:DB:D1:AA:C2:F2:62:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.3.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:22:f2:17:4e:4c:60:da:7c:ec:16:12:2b:c6:a5:ad:b7:86:
         be:49:9a:be:7b:8e:b1:e7:b9:c4:cb:4b:4e:ff:43:1b:e9:66:
         0c:1a:77:02:0f:02:43:ff:8c:0f:fa:6b:47:67:a7:f1:64:b0:
         f2:8c:b7:99:28:83:30:f9:18:15:28:c0:d6:79:a0:c6:5b:83:
         68:e4:b6:b3:a4:a4:11:93:8c:a5:62:b6:83:e3:80:55:55:ce:
         05:4e:38:4d:56:e2:95:8d:0d:8d:8f:8c:04:1c:e5:d4:63:a2:
         90:1e:53:68:52:4f:6d:63:b9:ff:cc:37:46:c7:ce:0e:41:a7:
         13:6c:fc:5d:f3:84:ce:d2:1c:b7:8d:21:70:9c:8f:38:6a:e0:
         84:e5:53:a2:04:ca:4f:c4:72:8a:f4:9d:1e:0a:17:35:6a:2f:
         7d:8b:a3:76:78:4e:d8:8a:84:29:d2:51:c4:85:75:7f:29:08:
         1f:6b:43:4e:f7:78:ed:65:1c:ce:60:4b:00:a3:f9:45:1a:62:
         a6:3e:da:64:75:02:1e:77:b9:d0:ab:51:ef:73:51:3e:13:27:
         f1:37:44:9b:81:9f:5e:87:00:d2:f2:df:f9:b8:28:ba:1c:a2:
         fd:f5:30:3c:76:b3:43:6e:bc:ae:e4:66:6d:94:e8:b1:59:42:
         85:18:f2:be
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPR/yoWbtoo5VUDqIOHIlGZpjD9YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUwMTQxWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzBiYjJmY2RhNWExMDU3NzU1NzJiODdiZWY0ZGJjOTk1
ODRmODQzYWJlYTE3ZDlhZjdlOTA5NDkyNWNlM2UzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyd3xOT6qksRzGecU5z224CdS1cXCG3V42pzxHxtP1S2Ax
T5jvoJqJnEApLl9MMlgFjkd0Tyyg8E3eYpCUvSIuVPL979+1rUtEj8fHdohBzHd4
Vgo92px7s00EBJouB+MI44uJnhc0svS0NRIpUM8lFdPN2bogn2fVkhJ8JB0msdGj
h2epRYCoZeyojow67ZzpJokjh7VYJVZo30KG6vzAz/7yNznvz06TQwj04uAUjRCC
3deJ2pV2GtJVmF/NRixre2pVtXgHODcDECSGeX0C81WgxeezrFymsAzKEFsxYe+2
C91mHCFuySYu/gtzVD9ZoqcQktZ4SSowrDHe4OUJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUGf8aClqZtKVvprHNm9vRqsLyYqYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiN2E2NmJjLThmNzktNDA0Ny04MTMwLTI2NzI2MTdmMjIwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQAzANBgkqhkiG9w0BAQsFAAOCAQEAGSLyF05MYNp87BYSK8alrbeGvkma
vnuOsee5xMtLTv9DG+lmDBp3Ag8CQ/+MD/prR2en8WSw8oy3mSiDMPkYFSjA1nmg
xluDaOS2s6SkEZOMpWK2g+OAVVXOBU44TVbilY0NjY+MBBzl1GOikB5TaFJPbWO5
/8w3RsfODkGnE2z8XfOEztIct40hcJyPOGrghOVTogTKT8RyivSdHgoXNWovfYuj
dnhO2IqEKdJRxIV1fykIH2tDTvd47WUczmBLAKP5RRpipj7aZHUCHne50KtR73NR
PhMn8TdEm4GfXocA0vLf+bgouhyi/fUwPHazQ268ruRmbZTosVlChRjyvg==
-----END CERTIFICATE-----