Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38424e51-d3cc-4fe9-af24-6c48066f7436.roa
File:                     38424e51-d3cc-4fe9-af24-6c48066f7436.roa (raw, json)
Hash identifier:          Bb7TcICKSxizGT5+5Wc3xnNn2vMO5NbdnJzitFD4JRI=
Subject key identifier:   F2:DC:21:9E:57:65:35:53:2A:A3:38:02:A5:EE:C4:E3:C2:2B:B1:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F3A8DC91012F1B6FE2ADC8ED6E627797EC66221
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38424e51-d3cc-4fe9-af24-6c48066f7436.roa
Signing time:             Wed 09 Apr 2025 00:31:10 +0000
ROA not before:           Wed 09 Apr 2025 00:31:10 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.232.64.0/18 maxlen: 18

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:3a:8d:c9:10:12:f1:b6:fe:2a:dc:8e:d6:e6:27:79:7e:c6:62:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  9 00:31:10 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=3154a8937871961c589441ecf9f9d1d1a6fac09a0eaf66dbeda98ed803894949, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9e:ba:61:d5:82:c4:56:75:f3:f2:05:95:bb:
                    fd:d9:14:c9:f2:a8:d1:55:b4:3c:a2:4a:53:b3:39:
                    79:c0:a0:cd:0a:7d:bf:e4:6c:af:8c:1d:88:2d:2b:
                    a0:08:b9:9b:9d:70:0f:70:f6:eb:b0:ad:31:d4:44:
                    24:f3:99:22:3b:31:80:df:6a:28:1e:4c:04:15:63:
                    ca:33:d9:ab:fa:62:81:0b:f7:99:d1:d2:10:3e:b3:
                    9e:e7:48:c0:59:1f:4b:6f:9e:ce:c6:1d:d9:c7:a5:
                    71:ac:e7:43:61:5e:f6:70:42:36:eb:db:93:e2:3d:
                    92:d7:b2:3c:3b:09:00:60:af:af:d5:8e:d5:ad:4a:
                    f5:f1:48:a9:40:ac:d0:2e:96:5e:cf:a1:02:1e:e9:
                    41:a5:76:fa:6e:bd:fc:7f:da:26:ca:fb:10:14:a3:
                    97:96:cf:8e:57:98:6a:5a:33:75:cc:6e:58:81:84:
                    00:53:cd:b2:23:b8:cb:20:e2:05:73:7a:32:e9:45:
                    f8:34:8c:d7:b2:58:fb:7d:d3:3c:76:af:9e:9a:8f:
                    c4:1e:cc:73:0c:77:58:78:81:dc:3e:2f:25:62:79:
                    f4:53:5a:55:90:23:16:f9:e6:89:b1:be:9f:87:e6:
                    60:7a:19:bf:06:43:69:f0:46:86:9c:1c:7e:dc:29:
                    10:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:DC:21:9E:57:65:35:53:2A:A3:38:02:A5:EE:C4:E3:C2:2B:B1:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38424e51-d3cc-4fe9-af24-6c48066f7436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.232.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         21:a3:0e:5a:0c:b2:30:11:80:bb:ed:d3:27:3a:f0:c6:7c:78:
         60:15:86:07:5b:11:a8:8f:da:ee:97:da:75:93:6f:8c:37:57:
         5c:3b:18:40:f6:50:12:d1:66:80:24:44:9d:db:b4:d2:e6:97:
         e4:d9:44:79:4b:a2:39:97:2d:2f:5a:7e:db:58:8f:f4:cf:41:
         f0:88:e1:42:74:64:5f:cf:df:68:69:45:21:18:ad:1f:ae:fb:
         be:f3:41:ac:77:85:87:d2:35:ae:bf:4f:a3:c0:95:47:76:d8:
         37:fa:30:0b:77:97:9a:3d:9b:94:23:9f:d4:17:6b:77:1f:5b:
         24:2a:8a:1d:49:ac:d7:66:b8:0f:7c:46:10:32:65:42:ed:d5:
         9a:10:b8:be:6c:f9:6f:29:75:b8:4a:ee:07:cb:3f:e2:ea:2c:
         64:0f:0b:bc:a6:51:c5:3b:f1:1a:cf:08:aa:52:29:4a:25:22:
         ea:40:9c:c1:e4:e8:14:98:ff:5c:20:6c:e4:bf:0a:5b:c8:00:
         4e:9d:c4:6c:6b:14:7b:07:f8:54:09:30:b4:a3:42:8b:5e:9f:
         eb:0f:e8:fd:8c:0b:04:d6:c1:06:5b:79:59:4f:bc:c8:33:81:
         46:9b:2e:9f:59:e4:70:14:cf:54:77:e5:95:b0:52:ec:ff:8f:
         ce:39:58:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXzqNyRAS8bb+KtyO1uYneX7GYiEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA5MDAzMTEwWhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMTU0YTg5Mzc4NzE5NjFjNTg5NDQxZWNmOWY5ZDFkMWE2
ZmFjMDlhMGVhZjY2ZGJlZGE5OGVkODAzODk0OTQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfnrph1YLEVnXz8gWVu/3ZFMnyqNFVtDyiSlOzOXnAoM0K
fb/kbK+MHYgtK6AIuZudcA9w9uuwrTHURCTzmSI7MYDfaigeTAQVY8oz2av6YoEL
95nR0hA+s57nSMBZH0tvns7GHdnHpXGs50NhXvZwQjbr25PiPZLXsjw7CQBgr6/V
jtWtSvXxSKlArNAull7PoQIe6UGldvpuvfx/2ibK+xAUo5eWz45XmGpaM3XMbliB
hABTzbIjuMsg4gVzejLpRfg0jNeyWPt90zx2r56aj8QezHMMd1h4gdw+LyViefRT
WlWQIxb55omxvp+H5mB6Gb8GQ2nwRoacHH7cKRCdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8twhnldlNVMqozgCpe7E48IrsQowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4NDI0ZTUxLWQzY2MtNGZlOS1hZjI0LTZjNDgwNjZmNzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZG6EAwDQYJKoZIhvcNAQELBQADggEBACGjDloMsjARgLvt0yc68MZ8eGAV
hgdbEaiP2u6X2nWTb4w3V1w7GED2UBLRZoAkRJ3btNLml+TZRHlLojmXLS9afttY
j/TPQfCI4UJ0ZF/P32hpRSEYrR+u+77zQax3hYfSNa6/T6PAlUd22Df6MAt3l5o9
m5Qjn9QXa3cfWyQqih1JrNdmuA98RhAyZULt1ZoQuL5s+W8pdbhK7gfLP+LqLGQP
C7ymUcU78RrPCKpSKUolIupAnMHk6BSY/1wgbOS/ClvIAE6dxGxrFHsH+FQJMLSj
Qoten+sP6P2MCwTWwQZbeVlPvMgzgUabLp9Z5HAUz1R35ZWwUuz/j845WFI=
-----END CERTIFICATE-----