Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10fac08e-1966-4fa7-b3e3-3f554fc3df25.roa
File:                     10fac08e-1966-4fa7-b3e3-3f554fc3df25.roa (raw, json)
Hash identifier:          KdmWZPvt63kTSXL1093wKsvOvHYS0E0xlXa/GWZjzic=
Subject key identifier:   08:8A:59:6E:87:AC:CD:9B:55:27:67:B7:15:46:8C:0D:B2:D4:B4:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5672712D187DB87EEC69D188E11A04B350D7525A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10fac08e-1966-4fa7-b3e3-3f554fc3df25.roa
Signing time:             Tue 15 Apr 2025 00:21:04 +0000
ROA not before:           Tue 15 Apr 2025 00:21:04 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.72.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:72:71:2d:18:7d:b8:7e:ec:69:d1:88:e1:1a:04:b3:50:d7:52:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:21:04 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=16e23d544f332df7de1f8fec4a93c22c8eb6950f254c45d717605662d612a4b8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2f:80:09:56:9c:50:26:51:25:42:ae:a2:ff:
                    16:47:f8:d9:ad:0f:c1:72:f5:65:93:df:c2:2d:04:
                    35:50:d5:7c:d9:4c:30:72:d6:9b:5d:51:0a:4a:5e:
                    54:be:42:ef:ec:d5:a5:c2:4b:57:d2:aa:b4:f5:85:
                    a7:ce:c4:66:86:4e:7b:ac:89:5d:3b:7c:f2:8a:d3:
                    98:72:84:34:fd:ae:fe:23:bc:29:05:cb:45:dd:42:
                    b2:45:a3:53:01:db:09:f8:a7:3f:e2:78:8f:b4:b6:
                    72:b8:6b:c3:36:00:e4:88:4c:ae:05:9f:7b:23:f8:
                    d5:06:1d:3e:95:33:93:4b:cc:a4:62:51:0d:6d:90:
                    ed:6a:be:33:b1:c6:0c:41:13:b2:04:59:98:c6:95:
                    90:95:27:60:eb:1c:58:27:c7:10:21:a4:3c:41:88:
                    45:9f:58:6c:34:51:de:f1:61:61:43:6f:07:b2:10:
                    01:8d:83:a7:70:a9:21:79:2b:79:be:af:27:4c:93:
                    86:bf:24:9e:11:d9:60:08:06:ce:c6:57:56:57:ef:
                    48:15:8d:25:a3:00:5e:05:2b:de:1a:f5:28:7f:fe:
                    47:85:7e:f9:18:66:62:d4:90:65:7c:b1:81:ad:4a:
                    f4:2c:d8:69:03:96:98:cf:b3:bf:4b:6d:fc:05:ab:
                    5c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8A:59:6E:87:AC:CD:9B:55:27:67:B7:15:46:8C:0D:B2:D4:B4:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10fac08e-1966-4fa7-b3e3-3f554fc3df25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:20:cd:e1:d6:e7:f7:33:9b:1e:e1:12:4a:97:03:c8:61:e0:
         dc:41:75:f3:4a:0b:cd:3b:42:d8:6d:9f:69:3e:57:14:e0:b6:
         87:2f:f2:36:59:3f:b1:7b:54:d8:af:5d:46:61:d3:21:f1:b2:
         a2:14:e0:f8:bf:5a:3f:2c:69:88:7f:df:1f:85:0d:57:4a:9f:
         ea:8a:ec:05:16:12:58:20:53:43:f5:7e:9e:70:2f:bf:3c:df:
         2b:1a:51:b4:63:20:ec:b2:67:35:87:20:a5:93:40:8a:b2:b7:
         01:4d:60:ee:bf:7f:49:82:93:fa:50:fd:93:2f:22:df:9a:29:
         14:16:0d:bd:d7:3a:19:3f:b3:7b:05:bb:a0:1f:f4:c9:81:39:
         b0:3d:15:d4:34:46:4c:50:0f:44:5b:b5:73:de:79:28:2e:1e:
         04:62:c5:ec:1d:65:fe:39:71:9d:06:b4:33:43:43:78:10:99:
         cf:d4:53:24:6b:6b:a7:f6:3f:4b:af:2e:b1:f8:d3:75:0d:5c:
         c7:34:2b:67:ce:0c:c7:38:0e:4c:33:19:75:10:c7:5d:ec:09:
         a1:27:a5:59:80:26:14:19:a7:72:1d:42:4e:08:7a:2b:22:e7:
         b7:52:6a:fb:06:58:7f:72:57:63:d9:83:9a:a1:03:47:6e:66:
         6a:19:db:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVnJxLRh9uH7sadGI4RoEs1DXUlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE1MDAyMTA0WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNmUyM2Q1NDRmMzMyZGY3ZGUxZjhmZWM0YTkzYzIyYzhl
YjY5NTBmMjU0YzQ1ZDcxNzYwNTY2MmQ2MTJhNGI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfL4AJVpxQJlElQq6i/xZH+NmtD8Fy9WWT38ItBDVQ1XzZ
TDBy1ptdUQpKXlS+Qu/s1aXCS1fSqrT1hafOxGaGTnusiV07fPKK05hyhDT9rv4j
vCkFy0XdQrJFo1MB2wn4pz/ieI+0tnK4a8M2AOSITK4Fn3sj+NUGHT6VM5NLzKRi
UQ1tkO1qvjOxxgxBE7IEWZjGlZCVJ2DrHFgnxxAhpDxBiEWfWGw0Ud7xYWFDbwey
EAGNg6dwqSF5K3m+rydMk4a/JJ4R2WAIBs7GV1ZX70gVjSWjAF4FK94a9Sh//keF
fvkYZmLUkGV8sYGtSvQs2GkDlpjPs79LbfwFq1w9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCIpZboeszZtVJ2e3FUaMDbLUtHEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwZmFjMDhlLTE5NjYtNGZhNy1iM2UzLTNmNTU0ZmMzZGYyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjlkgwDQYJKoZIhvcNAQELBQADggEBAGggzeHW5/czmx7hEkqXA8hh4NxB
dfNKC807Qthtn2k+VxTgtocv8jZZP7F7VNivXUZh0yHxsqIU4Pi/Wj8saYh/3x+F
DVdKn+qK7AUWElggU0P1fp5wL7883ysaUbRjIOyyZzWHIKWTQIqytwFNYO6/f0mC
k/pQ/ZMvIt+aKRQWDb3XOhk/s3sFu6Af9MmBObA9FdQ0RkxQD0RbtXPeeSguHgRi
xewdZf45cZ0GtDNDQ3gQmc/UUyRra6f2P0uvLrH403UNXMc0K2fODMc4DkwzGXUQ
x13sCaEnpVmAJhQZp3IdQk4Ieisi57dSavsGWH9yV2PZg5qhA0duZmoZ2+g=
-----END CERTIFICATE-----