Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/310d9197-c4f2-44a3-8052-ec348c7f7ac0.roa
File:                     310d9197-c4f2-44a3-8052-ec348c7f7ac0.roa (raw, json)
Hash identifier:          kIfgT2yEFJE0NXjVL2klJLGwjMJDzFbn29zg727Q3vo=
Subject key identifier:   AB:BF:72:69:5E:C0:5D:D8:43:40:97:F1:A7:06:0C:8C:42:EA:D5:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0966A7B314A63956433827B8E9E3B9AA019E0E64
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/310d9197-c4f2-44a3-8052-ec348c7f7ac0.roa
Signing time:             Tue 08 Apr 2025 00:01:45 +0000
ROA not before:           Tue 08 Apr 2025 00:01:45 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.252.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:66:a7:b3:14:a6:39:56:43:38:27:b8:e9:e3:b9:aa:01:9e:0e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:01:45 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=17fd47094a1eeac9be7d5365704fb14049978ef274ed8a981740f77f7ea65a5c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:00:c5:86:c3:14:2e:44:7d:54:bb:19:61:7a:
                    f4:c0:0d:2e:bf:f7:01:82:51:0d:34:e5:85:a6:39:
                    83:f9:c5:4d:8f:72:6f:21:56:b5:c4:cf:ba:f7:2b:
                    13:44:16:7c:ba:80:3c:6a:76:b9:6a:71:dd:d7:87:
                    88:47:2f:d4:d4:e0:1a:41:c9:92:bf:61:64:a0:f5:
                    30:14:dd:fc:76:20:78:04:65:8b:ce:e8:ce:63:54:
                    47:ae:f3:e6:10:ce:46:e7:64:ad:d2:08:fc:2c:5b:
                    83:63:c1:a7:4a:54:23:31:7c:82:bd:e7:7f:c4:6a:
                    8c:51:1a:93:be:d3:80:d9:89:a1:94:37:01:64:fe:
                    03:78:24:12:6c:8e:5a:86:51:54:b0:27:2d:c4:9d:
                    70:6e:b7:40:bc:fa:eb:03:fc:00:c7:ad:68:2a:97:
                    42:b8:45:9c:de:15:ca:4e:93:9b:6d:62:bf:60:de:
                    b1:95:e3:ba:d0:89:27:c6:40:4b:e3:aa:8f:06:db:
                    bc:e1:17:90:ba:32:e2:61:da:59:54:45:dd:42:34:
                    4f:30:ea:40:d9:c2:5c:fe:08:d1:0a:ea:5b:65:f3:
                    55:44:3f:00:45:66:ab:69:83:65:ca:d0:02:34:b2:
                    1b:d5:2b:88:f9:9d:31:f3:1c:1d:3c:13:ec:6d:ec:
                    f0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:BF:72:69:5E:C0:5D:D8:43:40:97:F1:A7:06:0C:8C:42:EA:D5:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/310d9197-c4f2-44a3-8052-ec348c7f7ac0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d1:a6:3a:89:77:23:7b:f8:a0:d2:ed:59:2f:7b:b9:a9:2f:8b:
         3f:d4:f5:61:b4:ec:2f:06:4b:56:64:40:8d:93:8b:43:0d:3d:
         4d:4f:a4:28:b0:42:17:7a:be:50:a3:ed:d2:5a:40:d8:ae:aa:
         92:8e:94:36:dc:12:c6:cf:a0:20:74:ff:c7:72:80:dc:cc:a1:
         56:c1:03:84:2a:4b:83:45:ab:a1:21:56:74:01:81:a8:c8:69:
         1d:13:01:21:ae:5e:d3:d2:db:3d:9a:2a:bc:99:8c:d6:e9:d7:
         37:5e:69:a5:c1:e8:8b:72:5d:75:23:da:b6:2f:be:f0:d7:58:
         ca:f0:67:a0:d7:00:d2:55:c5:67:91:66:26:d4:24:55:26:29:
         88:54:a3:25:0d:2f:02:e9:45:e2:ff:62:47:f3:98:c2:62:b8:
         84:bc:d7:7e:e8:14:37:7b:5f:86:ee:bd:b0:89:3b:34:d9:f0:
         37:98:71:54:4f:de:ed:6a:73:02:33:5a:f2:83:83:6c:de:e7:
         0e:c1:11:a2:e4:c8:da:bf:4e:55:c2:ec:cb:99:06:b2:59:e0:
         7d:fe:20:fd:99:0d:53:b7:20:b7:79:d1:1f:bf:78:33:9b:19:
         5b:88:f6:08:54:e0:8d:f7:04:90:1a:92:63:45:38:21:fc:27:
         60:2c:e8:f5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCWansxSmOVZDOCe46eO5qgGeDmQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAwMTQ1WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxN2ZkNDcwOTRhMWVlYWM5YmU3ZDUzNjU3MDRmYjE0MDQ5
OTc4ZWYyNzRlZDhhOTgxNzQwZjc3ZjdlYTY1YTVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWAMWGwxQuRH1UuxlhevTADS6/9wGCUQ005YWmOYP5xU2P
cm8hVrXEz7r3KxNEFny6gDxqdrlqcd3Xh4hHL9TU4BpByZK/YWSg9TAU3fx2IHgE
ZYvO6M5jVEeu8+YQzkbnZK3SCPwsW4NjwadKVCMxfIK953/EaoxRGpO+04DZiaGU
NwFk/gN4JBJsjlqGUVSwJy3EnXBut0C8+usD/ADHrWgql0K4RZzeFcpOk5ttYr9g
3rGV47rQiSfGQEvjqo8G27zhF5C6MuJh2llURd1CNE8w6kDZwlz+CNEK6ltl81VE
PwBFZqtpg2XK0AI0shvVK4j5nTHzHB08E+xt7PD/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUq79yaV7AXdhDQJfxpwYMjELq1fUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxMGQ5MTk3LWM0ZjItNDRhMy04MDUyLWVjMzQ4YzdmN2FjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP/DANBgkqhkiG9w0BAQsFAAOCAQEA0aY6iXcje/ig0u1ZL3u5qS+LP9T1
YbTsLwZLVmRAjZOLQw09TU+kKLBCF3q+UKPt0lpA2K6qko6UNtwSxs+gIHT/x3KA
3MyhVsEDhCpLg0WroSFWdAGBqMhpHRMBIa5e09LbPZoqvJmM1unXN15ppcHoi3Jd
dSPati++8NdYyvBnoNcA0lXFZ5FmJtQkVSYpiFSjJQ0vAulF4v9iR/OYwmK4hLzX
fugUN3tfhu69sIk7NNnwN5hxVE/e7WpzAjNa8oODbN7nDsERouTI2r9OVcLsy5kG
slngff4g/ZkNU7cgt3nRH794M5sZW4j2CFTgjfcEkBqSY0U4IfwnYCzo9Q==
-----END CERTIFICATE-----