Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f98e5b39-9271-4700-b6e2-c2328787d9f6.roa
File:                     f98e5b39-9271-4700-b6e2-c2328787d9f6.roa (raw, json)
Hash identifier:          iTBr6rtP6A44zTfQTLLQGyOhsfj15dM+dvXnNm2298w=
Subject key identifier:   83:F5:1C:73:13:2C:D3:A0:21:DE:93:FB:E9:74:1D:F7:57:35:B4:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B7DC5620EC171FA168B6A7DA7E60FE60AB75390
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f98e5b39-9271-4700-b6e2-c2328787d9f6.roa
Signing time:             Mon 10 Mar 2025 15:01:34 +0000
ROA not before:           Mon 10 Mar 2025 15:01:34 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.148.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:7d:c5:62:0e:c1:71:fa:16:8b:6a:7d:a7:e6:0f:e6:0a:b7:53:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:01:34 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6a:4b:01:76:56:03:bd:fb:aa:fb:e9:7d:52:
                    07:db:9c:f8:91:2a:4b:04:4a:8d:99:5a:3d:9a:10:
                    45:b5:c1:16:6c:7a:96:64:cc:9f:28:b9:41:cf:38:
                    61:d3:3f:68:93:e9:58:28:1d:26:7d:34:30:1f:bd:
                    45:4f:eb:ca:ab:a0:ac:97:3e:d9:53:d4:fe:c4:47:
                    91:bb:8a:ff:dc:2e:05:97:c3:13:ca:26:8f:60:78:
                    72:d8:42:0b:04:53:01:7d:17:43:8e:bd:87:50:37:
                    92:a4:ba:13:62:79:4b:c8:eb:96:7d:68:92:4e:02:
                    9d:59:a3:c9:ef:6b:40:89:94:73:20:22:c4:c6:ea:
                    fc:db:fc:af:5e:80:60:f6:67:53:06:8d:cf:26:af:
                    b1:a1:4d:f9:af:bf:7b:cf:d0:c7:a1:b9:d7:65:25:
                    f8:14:3c:aa:01:a4:0e:cc:10:c9:21:8e:d7:fa:b4:
                    e0:22:5b:d8:70:75:89:24:90:00:ec:31:1a:80:75:
                    4c:82:a2:f9:d2:d5:08:d2:ac:62:6b:c6:5e:bb:d9:
                    c5:b2:cd:ce:75:85:c1:21:32:05:20:46:44:d2:19:
                    68:37:cc:ca:32:cc:98:7d:13:c6:71:ec:80:bc:56:
                    b3:6b:e3:66:76:1b:cd:98:12:7d:a7:9e:9a:65:72:
                    8c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F5:1C:73:13:2C:D3:A0:21:DE:93:FB:E9:74:1D:F7:57:35:B4:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f98e5b39-9271-4700-b6e2-c2328787d9f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         96:89:d7:39:43:2b:84:68:1e:b8:f7:b5:3a:21:ec:60:a9:d0:
         db:e6:77:cb:f8:2d:bd:10:a5:01:3d:88:4b:b4:41:58:5e:2e:
         c8:a6:00:04:e9:9b:90:98:78:bc:11:d4:bc:0f:f4:d1:14:ff:
         e8:f8:2f:fd:80:d8:91:10:07:b8:d0:df:a0:93:ac:cd:4b:00:
         8d:b1:76:ed:04:73:0d:b3:92:dd:85:5f:5e:d0:45:92:de:a5:
         51:06:de:4a:10:86:db:2b:0d:64:2b:f4:b5:33:9f:f6:4d:42:
         9f:32:d2:88:47:da:7a:b0:3e:1c:3b:d1:33:01:32:a4:fb:65:
         66:f9:7f:de:2e:2c:bd:d8:77:06:1f:b6:8d:35:56:5d:d7:f0:
         6c:fa:10:dc:73:ff:1c:8d:7f:45:68:9f:a7:b0:9b:2a:a6:87:
         0d:0c:44:26:bd:26:82:96:bf:bb:fa:a1:0e:9a:bd:f5:ec:70:
         f6:d1:48:fd:3b:00:08:35:27:2e:70:7d:cb:cc:1c:df:87:16:
         29:d3:8b:d4:79:ca:ca:70:0a:c7:8d:98:30:38:76:ca:54:e2:
         69:3f:02:1a:b3:d3:55:57:b5:08:f6:25:a9:30:fb:f3:da:3f:
         b3:75:38:8f:98:4c:20:7a:be:2d:de:24:25:6d:a9:91:fe:60:
         e2:ec:bc:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS33FYg7BcfoWi2p9p+YP5gq3U5AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUwMTM0WhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MGNlYTI0NDM0YWRmMmYzMmIzNGZhZTU0MjEyZWViZGMw
ZDQ5MTVmY2NlY2JjMmJjMDU4MjM5NDUxMDg1ZThhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXaksBdlYDvfuq++l9UgfbnPiRKksESo2ZWj2aEEW1wRZs
epZkzJ8ouUHPOGHTP2iT6VgoHSZ9NDAfvUVP68qroKyXPtlT1P7ER5G7iv/cLgWX
wxPKJo9geHLYQgsEUwF9F0OOvYdQN5KkuhNieUvI65Z9aJJOAp1Zo8nva0CJlHMg
IsTG6vzb/K9egGD2Z1MGjc8mr7GhTfmvv3vP0MehuddlJfgUPKoBpA7MEMkhjtf6
tOAiW9hwdYkkkADsMRqAdUyCovnS1QjSrGJrxl672cWyzc51hcEhMgUgRkTSGWg3
zMoyzJh9E8Zx7IC8VrNr42Z2G82YEn2nnpplcozZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg/UccxMs06Ah3pP76XQd91c1tAowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5OGU1YjM5LTkyNzEtNDcwMC1iNmUyLWMyMzI4Nzg3ZDlmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaXlEAwDQYJKoZIhvcNAQELBQADggEBAJaJ1zlDK4RoHrj3tToh7GCp0Nvm
d8v4Lb0QpQE9iEu0QVheLsimAATpm5CYeLwR1LwP9NEU/+j4L/2A2JEQB7jQ36CT
rM1LAI2xdu0Ecw2zkt2FX17QRZLepVEG3koQhtsrDWQr9LUzn/ZNQp8y0ohH2nqw
Phw70TMBMqT7ZWb5f94uLL3YdwYfto01Vl3X8Gz6ENxz/xyNf0Von6ewmyqmhw0M
RCa9JoKWv7v6oQ6avfXscPbRSP07AAg1Jy5wfcvMHN+HFinTi9R5yspwCseNmDA4
dspU4mk/Ahqz01VXtQj2Jakw+/PaP7N1OI+YTCB6vi3eJCVtqZH+YOLsvP4=
-----END CERTIFICATE-----