Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a4c721c-56dc-4bfb-a898-5f7959487330.roa
File:                     1a4c721c-56dc-4bfb-a898-5f7959487330.roa (raw, json)
Hash identifier:          E6/ST4/4E7ICt/eiUjAlhwTSzqACtgkI2xaCWkR/i78=
Subject key identifier:   5C:1F:E2:02:72:C9:0F:D2:FF:93:2A:C6:49:7E:4D:95:06:91:90:D5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       019BDDAB7F25A330083597DDDA45C7B1050C09D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a4c721c-56dc-4bfb-a898-5f7959487330.roa
Signing time:             Mon 31 Mar 2025 21:52:14 +0000
ROA not before:           Mon 31 Mar 2025 21:52:14 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        119.12.0.0/20 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:dd:ab:7f:25:a3:30:08:35:97:dd:da:45:c7:b1:05:0c:09:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 21:52:14 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=5ce72f5ce4a9c555977423f622fa6672b648092bf1799db5ad3380a1649ddd0c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:39:ce:51:14:41:96:8c:96:9c:21:5f:fa:bd:
                    61:2b:00:c2:92:2f:af:0a:38:a5:4f:71:8e:62:bd:
                    de:63:55:9c:c4:78:15:76:3a:7f:64:6f:87:f4:81:
                    ea:cb:8c:d5:a2:b7:49:ae:9a:d8:58:1d:58:73:28:
                    90:c7:e1:6d:a7:c2:c7:08:45:c3:67:ab:f2:84:6f:
                    63:6f:a2:28:f2:2a:f7:f2:b0:d1:b7:14:a4:f2:82:
                    ad:09:60:48:17:4c:34:f9:56:0e:bf:db:f9:38:0b:
                    eb:b2:5b:bb:ab:b1:12:d0:54:d2:8b:e4:4c:82:be:
                    65:7f:b8:cb:dc:76:6b:98:1b:cd:cb:f7:68:43:7a:
                    5c:e3:b5:a2:23:94:02:8b:8e:3a:4c:c3:a0:ba:c1:
                    21:96:69:c6:d4:71:fb:97:40:3f:d9:6f:0e:f0:95:
                    54:c7:3e:8d:03:61:15:80:b9:e7:e8:13:c4:01:59:
                    e3:ea:6e:3c:b0:86:a1:4c:28:53:6e:75:5f:59:1a:
                    47:72:d2:88:c9:5c:3e:87:75:2c:38:76:c6:f3:63:
                    1e:fd:27:57:ed:2e:76:c3:f2:34:c6:3d:f1:4a:12:
                    b2:e6:2f:70:85:7a:df:54:1f:45:f4:16:8d:d7:84:
                    35:5c:4b:ab:c3:a9:54:1b:46:10:dd:c5:b8:3b:50:
                    51:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1F:E2:02:72:C9:0F:D2:FF:93:2A:C6:49:7E:4D:95:06:91:90:D5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a4c721c-56dc-4bfb-a898-5f7959487330.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.12.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6d:9e:bc:e1:ad:b4:b4:66:7b:43:68:54:02:b5:d1:d1:c7:c8:
         2b:21:0e:09:1c:89:a1:a6:a8:24:08:98:68:f5:1f:d5:6d:57:
         e2:2a:3b:93:25:1b:b9:65:09:7c:1b:43:12:b8:8d:68:2d:04:
         de:d5:0a:1c:0c:b0:c7:54:6b:27:75:fc:63:3a:0c:e1:56:18:
         63:49:4e:7f:ec:67:37:48:04:f3:98:da:30:68:ab:0b:9c:1c:
         9a:35:14:e9:99:a1:80:3b:86:43:7e:d5:16:6a:5a:3f:80:d2:
         03:f4:ad:82:97:b3:65:fb:80:82:de:4a:ab:7e:04:86:82:c6:
         17:87:6e:3f:7e:28:78:77:73:e2:46:21:e9:74:2f:f4:91:6d:
         a5:da:5d:1a:d6:e1:ee:f0:06:44:8d:66:70:62:fa:0a:6e:2c:
         fc:5a:a6:0f:7b:25:95:1c:34:95:bf:b0:69:35:c3:a0:d8:d9:
         c8:61:a1:da:c4:be:81:1c:4b:e5:61:30:38:3b:f1:3b:b0:c7:
         c7:ea:47:70:21:82:52:e6:df:ac:8b:9e:6e:ce:06:7e:30:23:
         9a:0e:c4:99:d6:5e:8d:30:9e:33:df:bd:5d:66:4d:d0:9c:7a:
         eb:70:44:1f:9e:a8:1a:61:63:c2:5c:1f:2b:ca:7e:29:c0:b7:
         4d:d0:02:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAZvdq38lozAINZfd2kXHsQUMCdQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMjE1MjE0WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2U3MmY1Y2U0YTljNTU1OTc3NDIzZjYyMmZhNjY3MmI2
NDgwOTJiZjE3OTlkYjVhZDMzODBhMTY0OWRkZDBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQOc5RFEGWjJacIV/6vWErAMKSL68KOKVPcY5ivd5jVZzE
eBV2On9kb4f0gerLjNWit0mumthYHVhzKJDH4W2nwscIRcNnq/KEb2NvoijyKvfy
sNG3FKTygq0JYEgXTDT5Vg6/2/k4C+uyW7ursRLQVNKL5EyCvmV/uMvcdmuYG83L
92hDelzjtaIjlAKLjjpMw6C6wSGWacbUcfuXQD/Zbw7wlVTHPo0DYRWAuefoE8QB
WePqbjywhqFMKFNudV9ZGkdy0ojJXD6HdSw4dsbzYx79J1ftLnbD8jTGPfFKErLm
L3CFet9UH0X0Fo3XhDVcS6vDqVQbRhDdxbg7UFGNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXB/iAnLJD9L/kyrGSX5NlQaRkNUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFhNGM3MjFjLTU2ZGMtNGJmYi1hODk4LTVmNzk1OTQ4NzMzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAR3DAAwDQYJKoZIhvcNAQELBQADggEBAG2evOGttLRme0NoVAK10dHHyCsh
DgkciaGmqCQImGj1H9VtV+IqO5MlG7llCXwbQxK4jWgtBN7VChwMsMdUayd1/GM6
DOFWGGNJTn/sZzdIBPOY2jBoqwucHJo1FOmZoYA7hkN+1RZqWj+A0gP0rYKXs2X7
gILeSqt+BIaCxheHbj9+KHh3c+JGIel0L/SRbaXaXRrW4e7wBkSNZnBi+gpuLPxa
pg97JZUcNJW/sGk1w6DY2chhodrEvoEcS+VhMDg78Tuwx8fqR3AhglLm36yLnm7O
Bn4wI5oOxJnWXo0wnjPfvV1mTdCceutwRB+eqBphY8JcHyvKfinAt03QAsk=
-----END CERTIFICATE-----