Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03f274e7-21f5-4aef-abd3-5f9f8050b35a.roa
File:                     03f274e7-21f5-4aef-abd3-5f9f8050b35a.roa (raw, json)
Hash identifier:          tI22UpZy1eiSLX/bcZszvWQTHPAqFs2WZ7uwMIN5FF0=
Subject key identifier:   EB:58:09:15:EB:8E:78:BD:2F:D4:0C:BE:9A:90:8E:4A:38:21:67:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43D2B6D4CF874F8B243492DF3B30930F31D0E591
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03f274e7-21f5-4aef-abd3-5f9f8050b35a.roa
Signing time:             Mon 07 Apr 2025 15:10:53 +0000
ROA not before:           Mon 07 Apr 2025 15:10:53 +0000
ROA not after:            Mon 12 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.214.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d2:b6:d4:cf:87:4f:8b:24:34:92:df:3b:30:93:0f:31:d0:e5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  7 15:10:53 2025 GMT
            Not After : May 12 23:59:59 2025 GMT
        Subject: serialNumber=cb0c2085ea44f488834ef98b9aa5c88fb8d4828e7f82375dd9baf87a5148731f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4d:39:1b:16:93:cd:47:34:56:46:3a:7d:e9:
                    cb:bf:ec:11:81:17:0b:ce:06:8d:6d:ea:02:ac:d3:
                    89:86:bc:78:21:4f:f2:cf:b2:1e:5b:7e:32:62:ca:
                    cd:8e:87:84:67:e2:12:ab:62:64:cd:d3:18:97:49:
                    21:93:04:2e:09:58:d7:bf:37:a4:2a:ce:4f:52:1d:
                    b5:f6:a7:48:6b:f7:d6:20:48:ff:f7:5c:d9:35:04:
                    ed:06:cb:4e:21:b1:5a:ae:d4:46:34:69:ce:bc:97:
                    3c:43:91:26:94:e9:b4:ca:fd:28:d3:a1:7f:3e:d0:
                    45:27:39:0d:da:66:a6:f4:bb:39:ed:cb:69:3e:ca:
                    6c:8a:c7:6d:81:b2:17:28:33:8c:e7:e1:f9:5f:ed:
                    29:51:61:7c:47:6e:93:e7:0d:ca:9f:06:c5:61:50:
                    70:01:b5:d7:bb:50:44:cf:14:9e:3d:8c:fa:bb:c4:
                    70:c6:ee:db:d0:91:c0:f6:22:43:28:29:dc:bb:82:
                    94:8e:f5:a8:55:5a:9c:c2:0f:4c:e5:32:22:de:67:
                    33:bf:5f:48:75:03:df:d4:82:06:4d:6b:ee:ca:69:
                    ac:36:cd:e8:d0:76:ab:60:40:7e:ab:70:3b:c2:34:
                    ff:cc:db:a4:2f:bb:35:a4:e0:66:42:2c:71:8f:2d:
                    12:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:58:09:15:EB:8E:78:BD:2F:D4:0C:BE:9A:90:8E:4A:38:21:67:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03f274e7-21f5-4aef-abd3-5f9f8050b35a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.214.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:24:16:b0:b5:3f:85:0a:63:66:c7:b7:a2:36:15:3c:6d:33:
         c0:3c:39:8d:96:52:e0:e1:2b:ad:cd:21:33:a1:76:3d:e8:0a:
         4b:12:35:f8:5c:15:1c:46:ab:29:fd:56:09:00:6e:c3:c2:f0:
         29:8c:08:24:89:ef:06:bd:5d:32:88:40:6f:91:42:a1:fd:f5:
         36:85:dc:fc:3a:53:ea:71:c9:31:aa:38:36:83:11:f5:da:a8:
         04:51:4c:ad:9c:bd:91:bf:9e:43:91:c4:fa:7e:45:18:58:7b:
         28:2a:83:e0:e4:54:ce:a3:cd:d1:8e:b8:67:64:6e:59:0d:33:
         ad:fe:76:c1:3d:25:69:c7:b9:36:b2:47:f9:bc:e2:79:1f:16:
         32:c3:e3:37:c7:b3:94:85:ea:b8:29:f5:21:8c:e6:48:3d:3c:
         1c:74:59:53:69:52:c5:88:91:24:01:b6:ff:cb:f3:66:e5:43:
         6f:ab:5d:4c:da:a6:10:23:56:72:ba:ed:27:ab:c1:6f:8e:0b:
         69:c2:3c:b9:b6:58:f6:c7:64:45:64:f2:d5:64:32:23:ec:00:
         8b:d3:f4:d7:fe:0b:ed:07:ee:dc:e5:bb:de:05:bf:4c:2f:b3:
         d2:a1:58:7a:8e:b9:a6:2d:fe:1e:d7:84:60:7c:70:dc:1e:bc:
         91:07:e2:40
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQ9K21M+HT4skNJLfOzCTDzHQ5ZEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA3MTUxMDUzWhcNMjUwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjBjMjA4NWVhNDRmNDg4ODM0ZWY5OGI5YWE1Yzg4ZmI4
ZDQ4MjhlN2Y4MjM3NWRkOWJhZjg3YTUxNDg3MzFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRTTkbFpPNRzRWRjp96cu/7BGBFwvOBo1t6gKs04mGvHgh
T/LPsh5bfjJiys2Oh4Rn4hKrYmTN0xiXSSGTBC4JWNe/N6Qqzk9SHbX2p0hr99Yg
SP/3XNk1BO0Gy04hsVqu1EY0ac68lzxDkSaU6bTK/SjToX8+0EUnOQ3aZqb0uznt
y2k+ymyKx22BshcoM4zn4flf7SlRYXxHbpPnDcqfBsVhUHABtde7UETPFJ49jPq7
xHDG7tvQkcD2IkMoKdy7gpSO9ahVWpzCD0zlMiLeZzO/X0h1A9/UggZNa+7Kaaw2
zejQdqtgQH6rcDvCNP/M26QvuzWk4GZCLHGPLRJJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU61gJFeuOeL0v1Ay+mpCOSjghZ48wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzZjI3NGU3LTIxZjUtNGFlZi1hYmQzLTVmOWY4MDUwYjM1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQ1jANBgkqhkiG9w0BAQsFAAOCAQEAPCQWsLU/hQpjZse3ojYVPG0zwDw5
jZZS4OErrc0hM6F2PegKSxI1+FwVHEarKf1WCQBuw8LwKYwIJInvBr1dMohAb5FC
of31NoXc/DpT6nHJMao4NoMR9dqoBFFMrZy9kb+eQ5HE+n5FGFh7KCqD4ORUzqPN
0Y64Z2RuWQ0zrf52wT0lace5NrJH+bzieR8WMsPjN8ezlIXquCn1IYzmSD08HHRZ
U2lSxYiRJAG2/8vzZuVDb6tdTNqmECNWcrrtJ6vBb44LacI8ubZY9sdkRWTy1WQy
I+wAi9P01/4L7Qfu3OW73gW/TC+z0qFYeo65pi3+HteEYHxw3B68kQfiQA==
-----END CERTIFICATE-----