Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3568c54d-b5bd-4d2e-a2d7-efa0a824b2b7.roa
File:                     3568c54d-b5bd-4d2e-a2d7-efa0a824b2b7.roa (raw, json)
Hash identifier:          cweKi2udHDLRvM2loEIRpWsQQZlxraYPoum/PCcQXgY=
Subject key identifier:   76:10:81:31:FC:FB:ED:E4:5D:25:5E:09:80:36:20:02:1E:91:F2:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2463C6E727F2075D28C5948F421C166BF4A5870F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3568c54d-b5bd-4d2e-a2d7-efa0a824b2b7.roa
Signing time:             Tue 15 Apr 2025 00:31:19 +0000
ROA not before:           Tue 15 Apr 2025 00:31:19 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        99.150.8.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:63:c6:e7:27:f2:07:5d:28:c5:94:8f:42:1c:16:6b:f4:a5:87:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:31:19 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=972b6013ebc70ac0f9bbbca0cd127581c854a73c69327de603cd3b574d943756, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b0:3e:7f:c4:8e:36:45:66:e6:fb:b6:76:aa:
                    6d:4d:65:43:36:e9:1d:7a:f6:12:26:a6:a9:80:d0:
                    c9:6f:97:c8:9b:d0:67:26:35:56:ec:ef:d9:78:2f:
                    b3:0e:b7:80:9a:3d:f3:b9:ce:34:0b:9a:04:63:c2:
                    fe:82:1f:be:72:c1:25:d3:cd:45:bf:2f:f4:4d:0f:
                    dd:d4:fc:68:12:80:1c:a6:9a:6c:7a:31:6e:f3:6c:
                    04:91:d7:48:9e:2f:3e:a9:3c:6a:4a:66:fb:86:1a:
                    42:3e:28:db:82:b9:ab:5a:67:7e:78:2b:f0:4b:85:
                    1b:b7:3f:05:17:74:f6:61:a0:b1:53:6a:0f:25:72:
                    36:f7:9b:d5:41:72:42:99:36:51:c8:f9:ae:ad:ce:
                    15:7b:d8:cf:b9:69:44:f6:0d:b0:3e:3c:c8:71:d4:
                    bf:79:12:ad:54:0d:26:7c:09:74:0e:2e:8c:3a:92:
                    ae:40:a7:d5:f9:7a:67:2f:22:1f:de:72:9a:71:b3:
                    6f:c7:b3:a9:60:26:6f:c1:8b:ae:a6:0e:03:25:37:
                    b3:55:67:f6:b7:d3:42:1a:a0:83:17:24:e7:57:7a:
                    8c:34:29:24:33:d3:34:38:e3:df:f4:41:79:7f:82:
                    92:86:f4:42:7e:d3:fe:c0:a5:28:d3:6f:21:6a:b8:
                    0a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:10:81:31:FC:FB:ED:E4:5D:25:5E:09:80:36:20:02:1E:91:F2:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3568c54d-b5bd-4d2e-a2d7-efa0a824b2b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:9d:37:fd:d9:1a:ea:fc:f3:74:79:d0:c6:e5:64:03:2b:fb:
         d1:d9:06:12:d9:6d:9d:a9:16:89:cc:95:89:68:18:50:11:86:
         8b:a3:0c:ca:37:5d:d1:56:e9:ec:e2:1d:45:2e:e7:fb:e1:82:
         d2:47:4c:ff:f4:b5:1f:27:49:72:5e:13:39:d9:8b:97:d8:76:
         4a:93:3c:bd:35:bc:a7:51:0f:c3:44:d7:26:6f:87:8e:cf:ec:
         35:88:49:b8:d1:09:f0:22:74:a5:e0:a3:a7:1f:8c:5a:84:9f:
         ba:77:01:5c:69:c3:76:fe:35:8b:73:d1:50:10:45:c7:73:18:
         65:e1:3f:ac:16:e9:05:5a:c3:dd:d4:86:e3:48:c2:29:f8:55:
         f9:c9:fc:f4:65:71:66:d4:6a:50:9d:68:ed:6e:0b:91:d9:eb:
         12:d9:ad:6f:54:a5:7f:ea:28:c1:d4:d2:2c:03:e2:42:46:e0:
         50:67:c0:72:64:a0:84:e5:17:a4:09:33:2a:63:8f:55:b2:f8:
         99:66:b8:c5:22:62:cc:8c:d4:9b:5a:72:57:13:ec:81:1f:b8:
         ef:dd:ab:ac:4b:b2:18:d0:97:6b:c0:b4:86:88:26:49:de:a4:
         fe:5b:2e:f4:57:8a:cf:e0:84:ca:5d:98:5c:f6:46:68:93:bc:
         a1:4e:10:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJGPG5yfyB10oxZSPQhwWa/Slhw8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE1MDAzMTE5WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzJiNjAxM2ViYzcwYWMwZjliYmJjYTBjZDEyNzU4MWM4
NTRhNzNjNjkzMjdkZTYwM2NkM2I1NzRkOTQzNzU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOsD5/xI42RWbm+7Z2qm1NZUM26R169hImpqmA0Mlvl8ib
0GcmNVbs79l4L7MOt4CaPfO5zjQLmgRjwv6CH75ywSXTzUW/L/RND93U/GgSgBym
mmx6MW7zbASR10ieLz6pPGpKZvuGGkI+KNuCuataZ354K/BLhRu3PwUXdPZhoLFT
ag8lcjb3m9VBckKZNlHI+a6tzhV72M+5aUT2DbA+PMhx1L95Eq1UDSZ8CXQOLow6
kq5Ap9X5emcvIh/ecppxs2/Hs6lgJm/Bi66mDgMlN7NVZ/a300IaoIMXJOdXeow0
KSQz0zQ449/0QXl/gpKG9EJ+0/7ApSjTbyFquApTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdhCBMfz77eRdJV4JgDYgAh6R8oYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1NjhjNTRkLWI1YmQtNGQyZS1hMmQ3LWVmYTBhODI0YjJiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlggwDQYJKoZIhvcNAQELBQADggEBADadN/3ZGur883R50MblZAMr+9HZ
BhLZbZ2pFonMlYloGFARhoujDMo3XdFW6eziHUUu5/vhgtJHTP/0tR8nSXJeEznZ
i5fYdkqTPL01vKdRD8NE1yZvh47P7DWISbjRCfAidKXgo6cfjFqEn7p3AVxpw3b+
NYtz0VAQRcdzGGXhP6wW6QVaw93UhuNIwin4VfnJ/PRlcWbUalCdaO1uC5HZ6xLZ
rW9UpX/qKMHU0iwD4kJG4FBnwHJkoITlF6QJMypjj1Wy+JlmuMUiYsyM1JtaclcT
7IEfuO/dq6xLshjQl2vAtIaIJknepP5bLvRXis/ghMpdmFz2RmiTvKFOELA=
-----END CERTIFICATE-----