Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa
File:                     2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa (raw, json)
Hash identifier:          V9eY8FVzJu5HCGLRwWas02LYuZByjygD2ZfQDm243+M=
Subject key identifier:   EE:75:93:6E:A6:50:A0:A6:ED:DF:0E:AB:F1:C4:4F:5C:24:EB:83:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3A9FBFA9D50FC636EC4BE4BB8BDEAB5150463FCF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa
Signing time:             Tue 08 Apr 2025 00:42:07 +0000
ROA not before:           Tue 08 Apr 2025 00:42:07 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.162.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:9f:bf:a9:d5:0f:c6:36:ec:4b:e4:bb:8b:de:ab:51:50:46:3f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:42:07 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=9d4304fc13a18dd8b85dc06f7ab18f1b89e25f04f7dd148c6ba0763ab1351814, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:27:0d:11:1d:dd:bf:ba:27:17:a2:32:a4:ed:
                    60:08:6b:93:be:ad:16:ff:98:92:13:72:91:e7:55:
                    c7:c1:e2:d2:87:e1:96:99:4d:24:21:ca:e9:71:fc:
                    43:f4:da:aa:c4:59:9f:8e:f0:f5:ed:40:fb:d2:0e:
                    c0:d6:4b:a1:cd:a1:c7:80:cd:95:97:35:1a:51:f9:
                    89:b7:c6:97:90:b1:95:7f:2d:f8:6c:44:13:65:2f:
                    61:6b:01:67:61:00:7a:76:08:5b:78:55:bd:30:ae:
                    be:4c:46:53:b7:62:c0:d6:fb:1e:23:b6:6b:3c:e4:
                    db:ef:bc:89:f7:00:92:58:6e:21:52:29:ce:d6:23:
                    72:7c:9b:15:aa:00:5f:a8:f3:18:6d:04:c3:fd:e8:
                    71:7d:ae:ee:c2:99:82:9c:c1:45:8c:44:39:61:7e:
                    2b:20:38:74:f7:6b:a4:b5:05:cc:71:ff:cf:d3:65:
                    bf:bf:8d:e8:bc:4c:02:43:1c:59:5a:7f:9c:99:77:
                    31:d5:99:d6:49:6f:20:09:79:81:36:54:a7:dc:36:
                    f4:2b:1f:5d:48:57:18:55:a4:e9:10:fc:f2:15:4d:
                    34:59:30:aa:4c:05:cf:7e:8f:6a:5a:ae:01:8e:b3:
                    2d:b9:7a:34:14:f5:58:e8:86:f3:ec:d4:25:0d:d6:
                    61:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:75:93:6E:A6:50:A0:A6:ED:DF:0E:AB:F1:C4:4F:5C:24:EB:83:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:b8:1a:97:6d:8a:20:b9:7d:98:a5:03:2b:58:ad:47:3c:60:
         b6:73:65:59:61:30:ad:e5:eb:6f:4c:a1:1b:c5:b3:e6:c7:07:
         1d:db:d5:b4:dd:6d:21:e2:27:b7:52:f5:84:f4:57:6b:d9:9d:
         8b:92:6a:14:05:b7:9c:38:7e:ce:ce:e6:40:e1:8d:2d:e3:d3:
         31:c3:49:55:e6:02:11:b1:8f:d6:53:74:05:f9:4f:13:1c:46:
         ae:30:2f:35:69:a4:0c:1f:29:97:fb:22:35:23:b0:96:9e:d4:
         03:ea:05:34:91:01:2b:89:13:68:a4:38:f3:ce:c8:56:c1:f3:
         29:28:a9:f8:eb:d6:19:38:11:6b:96:23:73:38:45:4d:6b:19:
         57:f4:fc:31:67:ce:f8:9c:65:ab:fa:0c:9e:a0:c3:11:8a:15:
         b1:06:52:e3:a2:b3:02:85:c4:65:2f:d9:d5:2c:68:b8:a4:96:
         53:de:bf:e8:10:a8:6f:79:40:b8:3c:af:28:9c:ed:df:31:f2:
         1d:b2:04:8a:9d:8c:fa:c3:38:02:44:9e:d6:5a:64:91:a3:53:
         b0:00:c5:c6:8b:71:fe:b5:9d:f5:71:3a:88:d6:fc:b9:75:4a:
         34:c8:ab:00:39:79:8e:2e:b9:67:37:8d:cc:47:86:19:88:91:
         cf:6a:0c:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOp+/qdUPxjbsS+S7i96rUVBGP88wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDA0MjA3WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDQzMDRmYzEzYTE4ZGQ4Yjg1ZGMwNmY3YWIxOGYxYjg5
ZTI1ZjA0ZjdkZDE0OGM2YmEwNzYzYWIxMzUxODE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaJw0RHd2/uicXojKk7WAIa5O+rRb/mJITcpHnVcfB4tKH
4ZaZTSQhyulx/EP02qrEWZ+O8PXtQPvSDsDWS6HNoceAzZWXNRpR+Ym3xpeQsZV/
LfhsRBNlL2FrAWdhAHp2CFt4Vb0wrr5MRlO3YsDW+x4jtms85NvvvIn3AJJYbiFS
Kc7WI3J8mxWqAF+o8xhtBMP96HF9ru7CmYKcwUWMRDlhfisgOHT3a6S1Bcxx/8/T
Zb+/jei8TAJDHFlaf5yZdzHVmdZJbyAJeYE2VKfcNvQrH11IVxhVpOkQ/PIVTTRZ
MKpMBc9+j2pargGOsy25ejQU9VjohvPs1CUN1mHlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7nWTbqZQoKbt3w6r8cRPXCTrg6wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiZjZhNzlkLWU3ZmItNGIyMy1iODc4LWM0OWVkOTkxOTFlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM36IwDQYJKoZIhvcNAQELBQADggEBAJy4GpdtiiC5fZilAytYrUc8YLZz
ZVlhMK3l629MoRvFs+bHBx3b1bTdbSHiJ7dS9YT0V2vZnYuSahQFt5w4fs7O5kDh
jS3j0zHDSVXmAhGxj9ZTdAX5TxMcRq4wLzVppAwfKZf7IjUjsJae1APqBTSRASuJ
E2ikOPPOyFbB8ykoqfjr1hk4EWuWI3M4RU1rGVf0/DFnzvicZav6DJ6gwxGKFbEG
UuOiswKFxGUv2dUsaLikllPev+gQqG95QLg8ryic7d8x8h2yBIqdjPrDOAJEntZa
ZJGjU7AAxcaLcf61nfVxOojW/Ll1SjTIqwA5eY4uuWc3jcxHhhmIkc9qDGw=
-----END CERTIFICATE-----