Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3672d2f1-7991-40bd-afef-9cfaf5207b96.roa
File:                     3672d2f1-7991-40bd-afef-9cfaf5207b96.roa (raw, json)
Hash identifier:          v57j07auq4Yc5a9SfbZqhdLTnFXoDaH826gPq4q3UQk=
Subject key identifier:   C8:BA:D3:81:8B:53:F3:0C:36:0F:B9:57:8D:4F:B9:9C:03:18:62:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       D2AADA920926356BD9025C4D2E3F541976927A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3672d2f1-7991-40bd-afef-9cfaf5207b96.roa
Signing time:             Wed 09 Apr 2025 00:41:23 +0000
ROA not before:           Wed 09 Apr 2025 00:41:23 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.96.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d2:aa:da:92:09:26:35:6b:d9:02:5c:4d:2e:3f:54:19:76:92:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  9 00:41:23 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=43af0d8f2cfbe9faaf7e05a7f6562dde484a5d3957b320b8f0021c30dbb0e050, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c0:d4:f7:b6:ea:b7:1b:af:8b:8e:8b:8b:1b:
                    c8:68:16:cc:28:c5:1a:b8:21:80:54:1f:50:ae:3a:
                    6d:92:9f:b3:20:37:76:61:3d:46:2b:60:63:fc:f3:
                    94:51:3f:d6:90:fd:60:f7:ed:66:ef:f1:79:73:a1:
                    e2:57:e3:1e:94:d0:19:23:9e:14:c4:dc:45:1e:86:
                    0f:36:6f:be:1b:52:90:a3:bc:b2:16:6f:a4:f2:4f:
                    88:5c:d0:38:b3:38:05:08:c7:0e:45:7c:89:d5:84:
                    51:f5:0e:6f:da:4c:97:ec:b2:4a:fc:0f:bf:ac:f5:
                    04:79:eb:3d:3f:6f:32:f7:a9:e6:b6:5c:e2:5f:1c:
                    b2:19:4f:8d:c4:56:ea:d6:0e:bb:1f:bb:86:29:85:
                    1e:68:58:91:c4:7a:f0:20:75:06:a0:89:79:32:1b:
                    96:5c:8a:c4:ca:a7:fd:a7:22:c1:c9:ad:7f:94:68:
                    d2:3a:39:5f:2c:47:b7:82:70:08:2a:39:e8:08:0f:
                    cf:09:ad:76:6e:2e:2e:3e:85:17:0d:6c:0d:d0:d3:
                    dc:f1:d2:8d:3b:9d:c8:a8:50:12:69:4f:9f:0e:ab:
                    94:92:b1:16:c8:28:d7:04:ce:c9:45:46:16:ae:14:
                    7c:62:d8:c9:dc:6e:8c:77:b0:61:c6:05:8c:e8:dc:
                    f7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:BA:D3:81:8B:53:F3:0C:36:0F:B9:57:8D:4F:B9:9C:03:18:62:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3672d2f1-7991-40bd-afef-9cfaf5207b96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:6b:13:7d:d8:71:ac:29:cd:91:61:04:d5:c3:eb:35:24:67:
         dc:3f:96:48:c4:e3:47:e6:e5:12:7d:73:20:66:36:12:b8:bf:
         c6:a0:b7:30:b7:6f:0c:08:43:cf:a5:96:32:5c:c9:3e:e0:08:
         dd:7d:34:34:fb:65:54:b8:ed:c6:39:73:65:57:94:de:37:94:
         82:3d:9a:bc:0b:27:42:07:39:fb:19:14:99:cc:85:f0:ed:06:
         a0:6e:87:6c:bb:67:27:de:df:9f:3a:88:c9:7d:ad:37:b1:95:
         2e:2d:0e:f4:1d:ec:e2:a8:38:ef:c0:83:77:6f:fa:67:c9:50:
         25:d1:28:81:e2:fa:02:a7:48:12:57:7c:ea:ef:c0:a6:1e:d2:
         4a:9b:82:6a:24:2d:54:40:cd:5e:a9:cd:94:d3:26:38:0b:1b:
         83:df:df:a8:ce:02:18:f9:75:24:e4:e9:d8:b8:90:b3:79:e8:
         f0:9c:76:5e:53:2f:a7:03:e8:14:eb:12:ef:36:ab:76:bd:24:
         ea:d0:df:ad:7f:7e:32:a0:ce:96:de:7b:92:b6:38:3a:78:c5:
         d1:ae:ca:99:23:c0:3f:02:8a:5c:37:51:d1:a5:e8:e9:a4:9b:
         14:92:df:d9:b6:8b:93:21:d2:65:c5:4c:40:64:4d:19:0e:93:
         e1:fb:cf:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUANKq2pIJJjVr2QJcTS4/VBl2knowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA5MDA0MTIzWhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2FmMGQ4ZjJjZmJlOWZhYWY3ZTA1YTdmNjU2MmRkZTQ4
NGE1ZDM5NTdiMzIwYjhmMDAyMWMzMGRiYjBlMDUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVwNT3tuq3G6+LjouLG8hoFswoxRq4IYBUH1CuOm2Sn7Mg
N3ZhPUYrYGP885RRP9aQ/WD37Wbv8XlzoeJX4x6U0BkjnhTE3EUehg82b74bUpCj
vLIWb6TyT4hc0DizOAUIxw5FfInVhFH1Dm/aTJfsskr8D7+s9QR56z0/bzL3qea2
XOJfHLIZT43EVurWDrsfu4YphR5oWJHEevAgdQagiXkyG5ZcisTKp/2nIsHJrX+U
aNI6OV8sR7eCcAgqOegID88JrXZuLi4+hRcNbA3Q09zx0o07ncioUBJpT58Oq5SS
sRbIKNcEzslFRhauFHxi2Mncbox3sGHGBYzo3PdtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyLrTgYtT8ww2D7lXjU+5nAMYYr8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM2NzJkMmYxLTc5OTEtNDBiZC1hZmVmLTljZmFmNTIwN2I5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJgAGAwDQYJKoZIhvcNAQELBQADggEBAL5rE33YcawpzZFhBNXD6zUkZ9w/
lkjE40fm5RJ9cyBmNhK4v8agtzC3bwwIQ8+lljJcyT7gCN19NDT7ZVS47cY5c2VX
lN43lII9mrwLJ0IHOfsZFJnMhfDtBqBuh2y7Zyfe3586iMl9rTexlS4tDvQd7OKo
OO/Ag3dv+mfJUCXRKIHi+gKnSBJXfOrvwKYe0kqbgmokLVRAzV6pzZTTJjgLG4Pf
36jOAhj5dSTk6di4kLN56PCcdl5TL6cD6BTrEu82q3a9JOrQ361/fjKgzpbee5K2
ODp4xdGuypkjwD8Cilw3UdGl6OmkmxSS39m2i5Mh0mXFTEBkTRkOk+H7z9U=
-----END CERTIFICATE-----