Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f852fe0c-feed-4333-b2fa-93e1948b5904.roa
File:                     f852fe0c-feed-4333-b2fa-93e1948b5904.roa (raw, json)
Hash identifier:          uCBSnFsQXfR/XFWlLNWxzlynQ+N9JOsoaYh4Mfzgpas=
Subject key identifier:   F2:CB:21:19:32:71:0C:9B:1C:61:2D:ED:70:0B:56:0C:85:EE:86:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4FF9DF48BEE299F7E96EBBF03B607FBBAA84D47E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f852fe0c-feed-4333-b2fa-93e1948b5904.roa
Signing time:             Fri 28 Mar 2025 00:30:19 +0000
ROA not before:           Fri 28 Mar 2025 00:30:19 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.196.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:f9:df:48:be:e2:99:f7:e9:6e:bb:f0:3b:60:7f:bb:aa:84:d4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:30:19 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:76:3e:ff:88:28:9e:4e:89:d1:de:ff:d3:df:
                    52:9f:35:95:ec:ce:47:71:0e:40:d4:76:7c:96:ba:
                    ee:ed:b9:fa:76:e4:39:47:d1:50:14:9f:a2:09:a0:
                    82:4f:0a:f1:0f:29:b1:f9:d5:2b:a7:76:05:85:7e:
                    00:78:59:d4:a9:8a:d1:a8:55:d8:84:17:d4:a4:da:
                    fa:c4:e1:d4:28:c7:73:9e:12:c4:f7:9e:26:f0:f7:
                    60:4a:11:e4:8c:02:16:e7:d7:9a:82:11:00:85:33:
                    29:16:a8:e4:f9:6b:82:3d:2e:95:52:bf:ae:82:94:
                    1f:8c:a1:8c:7b:a1:f4:d8:fc:8f:5a:35:ba:cb:1e:
                    87:19:78:fd:0f:73:78:cd:32:f6:32:d2:d3:67:89:
                    e2:0f:b3:f1:e7:77:ff:a7:22:32:81:cb:81:65:1e:
                    6e:c6:79:10:42:b3:2a:85:5f:b6:60:8c:f3:ce:bd:
                    00:2a:e8:0e:23:9c:71:7d:45:73:8e:aa:c7:16:fe:
                    d4:c9:3f:67:ce:70:21:c3:ec:a4:e0:fe:2a:30:84:
                    fa:ea:da:87:81:8a:a0:b9:ee:8e:b1:2c:bd:d9:e2:
                    d0:da:ad:60:85:d1:8b:86:4e:d6:44:4f:e9:d9:99:
                    11:2d:31:68:c8:7a:49:c2:cb:9c:90:99:5c:f9:ff:
                    2e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CB:21:19:32:71:0C:9B:1C:61:2D:ED:70:0B:56:0C:85:EE:86:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f852fe0c-feed-4333-b2fa-93e1948b5904.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.196.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2d:0c:cc:3f:29:12:08:c5:ef:6b:7f:70:71:12:a3:fd:2a:5f:
         ae:22:61:2a:aa:1e:91:93:fd:c2:ad:b3:69:70:46:88:3d:0b:
         7a:d1:4c:c0:8e:f8:a2:69:e0:8a:94:e9:4a:43:c8:60:b5:e8:
         2f:c6:0a:aa:d2:42:e7:16:11:35:5c:f9:da:e9:4e:b5:08:9e:
         61:7a:6a:50:9e:a1:fa:3a:c0:7c:50:7a:0f:a0:53:43:4d:b1:
         ad:34:9a:67:a7:a8:e2:05:77:79:59:f4:dc:1b:a2:ec:3c:79:
         74:a0:6d:10:6a:07:bf:d2:28:3c:e4:da:59:b0:2f:f5:1e:dc:
         69:5e:fc:cf:74:fa:d6:47:c6:78:5f:ab:8e:c6:43:07:53:13:
         88:44:9d:ac:2f:31:bd:9c:72:f3:0e:ba:b3:0c:9d:00:86:85:
         89:7e:60:c1:81:1a:15:50:32:34:3b:fe:d7:ae:5d:6c:a4:30:
         be:a1:da:cf:27:e5:8b:9b:d3:bd:fb:2f:ad:4b:03:9a:24:d2:
         29:c3:ee:e8:86:f6:f0:56:05:26:c6:09:f5:67:83:d2:f5:93:
         50:a8:23:90:d1:60:a3:79:90:fe:86:98:f6:bb:10:65:4d:b7:
         68:95:ed:39:69:58:76:f6:d6:b5:1b:5a:b9:85:1a:b0:41:4d:
         de:65:1e:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUT/nfSL7imffpbrvwO2B/u6qE1H4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAzMDE5WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzc3NjI3MTllMWMxYzY4ODVlOGNmZjhiMDY5ZWViN2My
MmI5YWU1NDU1NDZkNjZlZjllMGEzMDhhN2YyNzkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcdj7/iCieTonR3v/T31KfNZXszkdxDkDUdnyWuu7tufp2
5DlH0VAUn6IJoIJPCvEPKbH51SundgWFfgB4WdSpitGoVdiEF9Sk2vrE4dQox3Oe
EsT3nibw92BKEeSMAhbn15qCEQCFMykWqOT5a4I9LpVSv66ClB+MoYx7ofTY/I9a
NbrLHocZeP0Pc3jNMvYy0tNnieIPs/Hnd/+nIjKBy4FlHm7GeRBCsyqFX7ZgjPPO
vQAq6A4jnHF9RXOOqscW/tTJP2fOcCHD7KTg/iowhPrq2oeBiqC57o6xLL3Z4tDa
rWCF0YuGTtZET+nZmREtMWjIeknCy5yQmVz5/y7zAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8sshGTJxDJscYS3tcAtWDIXuhj0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4NTJmZTBjLWZlZWQtNDMzMy1iMmZhLTkzZTE5NDhiNTkwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQxDANBgkqhkiG9w0BAQsFAAOCAQEALQzMPykSCMXva39wcRKj/SpfriJh
KqoekZP9wq2zaXBGiD0LetFMwI74omngipTpSkPIYLXoL8YKqtJC5xYRNVz52ulO
tQieYXpqUJ6h+jrAfFB6D6BTQ02xrTSaZ6eo4gV3eVn03Bui7Dx5dKBtEGoHv9Io
POTaWbAv9R7caV78z3T61kfGeF+rjsZDB1MTiESdrC8xvZxy8w66swydAIaFiX5g
wYEaFVAyNDv+165dbKQwvqHazyfli5vTvfsvrUsDmiTSKcPu6Ib28FYFJsYJ9WeD
0vWTUKgjkNFgo3mQ/oaY9rsQZU23aJXtOWlYdvbWtRtauYUasEFN3mUe6w==
-----END CERTIFICATE-----