Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa
File:                     14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa (raw, json)
Hash identifier:          nSJS8c8PXJrY/4MnVBt9uYDl1V4fPa/K2YKIc8hvQgo=
Subject key identifier:   6E:8A:C3:3C:70:A8:E2:DC:83:51:75:DD:E8:12:8C:66:D8:7D:50:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       375934CABE83D5357B61BB9F4C5EE5C8E9A9D615
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa
Signing time:             Tue 15 Apr 2025 00:00:19 +0000
ROA not before:           Tue 15 Apr 2025 00:00:19 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.206.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:59:34:ca:be:83:d5:35:7b:61:bb:9f:4c:5e:e5:c8:e9:a9:d6:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:19 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=018ac3c9f435b1ac1d700ddda085c12d535f17f85367ce26d5bbcba86b3de9fb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:9f:1d:a9:67:a7:3c:da:f6:f4:3c:ce:af:b7:
                    32:83:ac:87:eb:0f:f0:39:a9:d7:5b:c3:d9:5c:a6:
                    8c:04:f9:2a:19:92:65:c3:d0:8a:ab:0b:d2:57:03:
                    b5:2e:b5:a8:a9:3c:39:3e:53:37:9d:9b:d1:ba:f3:
                    b1:a1:ce:48:fa:65:f3:e6:a5:64:9d:4b:88:8a:6a:
                    e9:94:b2:06:94:01:1e:40:d2:5a:15:5e:7a:14:20:
                    a9:be:d8:f2:59:e4:4f:b7:48:12:3b:9c:2b:47:30:
                    f2:df:d1:b5:c6:72:aa:ce:ec:e6:0b:7a:68:7b:2c:
                    99:05:b7:0a:d3:f2:90:ab:a4:e3:40:c5:96:1a:ee:
                    cc:2c:86:dc:2a:de:7b:46:a1:db:c6:71:ad:11:d0:
                    a1:ef:b3:d5:12:c5:c4:b7:71:25:fd:de:96:de:f3:
                    9b:ca:f2:27:ef:ff:cf:d1:54:f8:29:0f:86:0e:f9:
                    99:2c:94:ff:27:36:82:e0:c2:11:0a:12:af:42:f7:
                    5c:ab:19:61:16:ed:c4:64:55:eb:53:6d:c9:ea:54:
                    9d:8f:65:61:e9:3c:32:3d:2c:0f:68:72:e9:b3:da:
                    9d:e9:25:a4:e3:a6:60:48:02:32:fa:bd:3e:e3:f3:
                    de:d0:89:bd:f2:1e:0d:23:5e:85:1b:8c:75:da:c5:
                    18:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:8A:C3:3C:70:A8:E2:DC:83:51:75:DD:E8:12:8C:66:D8:7D:50:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14f7bc65-177f-41d9-b3c6-882b46b77ab1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         92:52:78:2b:a8:92:fa:ba:c1:e0:b6:c6:b6:80:c2:16:1b:8f:
         eb:20:e1:bc:bd:2c:dc:eb:ad:b5:7a:ab:fe:b1:f0:18:d8:69:
         c6:57:93:23:7c:7d:75:83:be:f2:de:2f:72:de:65:27:3c:a8:
         54:25:a5:7d:e5:81:29:a0:26:08:df:94:6f:25:77:0a:00:f2:
         93:14:95:81:60:4b:ce:3b:57:bd:4a:6d:85:15:0b:07:b4:99:
         ea:61:f7:e7:2e:1b:a4:0f:0d:9f:fd:15:1f:ae:e3:8e:1e:dd:
         e0:b7:bb:6d:ce:da:75:83:22:46:f0:1c:f1:f1:de:23:00:08:
         c2:ac:58:b3:bb:79:e2:3a:63:e8:1c:bd:41:9e:82:2e:a1:21:
         1e:90:c1:35:f7:d2:e4:08:e7:3a:d7:d8:db:cb:71:1f:66:a2:
         ba:c7:cb:6e:75:81:d2:c5:1e:a8:0a:53:9f:66:b3:bc:65:f0:
         ea:ff:fc:35:ce:c6:c0:57:65:20:c5:1b:73:4c:21:e1:b6:92:
         49:50:e4:e4:1f:59:53:3c:82:5d:91:f6:3f:be:6a:5a:6d:e8:
         16:82:26:6b:e7:35:44:00:c1:78:62:14:06:25:99:99:e8:50:
         0a:94:7a:7a:d3:19:34:30:68:85:1b:d8:62:c7:4d:6b:48:21:
         2d:b0:c5:22
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN1k0yr6D1TV7YbufTF7lyOmp1hUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE1MDAwMDE5WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMThhYzNjOWY0MzViMWFjMWQ3MDBkZGRhMDg1YzEyZDUz
NWYxN2Y4NTM2N2NlMjZkNWJiY2JhODZiM2RlOWZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhnx2pZ6c82vb0PM6vtzKDrIfrD/A5qddbw9lcpowE+SoZ
kmXD0IqrC9JXA7UutaipPDk+Uzedm9G687Ghzkj6ZfPmpWSdS4iKaumUsgaUAR5A
0loVXnoUIKm+2PJZ5E+3SBI7nCtHMPLf0bXGcqrO7OYLemh7LJkFtwrT8pCrpONA
xZYa7swshtwq3ntGodvGca0R0KHvs9USxcS3cSX93pbe85vK8ifv/8/RVPgpD4YO
+ZkslP8nNoLgwhEKEq9C91yrGWEW7cRkVetTbcnqVJ2PZWHpPDI9LA9ocumz2p3p
JaTjpmBIAjL6vT7j897Qib3yHg0jXoUbjHXaxRijAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUborDPHCo4tyDUXXd6BKMZth9UK8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0ZjdiYzY1LTE3N2YtNDFkOS1iM2M2LTg4MmI0NmI3N2FiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCPzjANBgkqhkiG9w0BAQsFAAOCAQEAklJ4K6iS+rrB4LbGtoDCFhuP6yDh
vL0s3OuttXqr/rHwGNhpxleTI3x9dYO+8t4vct5lJzyoVCWlfeWBKaAmCN+UbyV3
CgDykxSVgWBLzjtXvUpthRULB7SZ6mH35y4bpA8Nn/0VH67jjh7d4Le7bc7adYMi
RvAc8fHeIwAIwqxYs7t54jpj6By9QZ6CLqEhHpDBNffS5AjnOtfY28txH2aiusfL
bnWB0sUeqApTn2azvGXw6v/8Nc7GwFdlIMUbc0wh4baSSVDk5B9ZUzyCXZH2P75q
Wm3oFoIma+c1RADBeGIUBiWZmehQCpR6etMZNDBohRvYYsdNa0ghLbDFIg==
-----END CERTIFICATE-----