Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3a9e27ee-b1b7-4c8e-b5cf-0cffc63886bd.roa
File:                     3a9e27ee-b1b7-4c8e-b5cf-0cffc63886bd.roa (raw, json)
Hash identifier:          bs1HoxEewm3xVYAV+1JjSBT0EUTgc7DkosKi0mkwUqQ=
Subject key identifier:   67:5F:BC:7B:FE:5E:EC:B1:5D:5D:2B:0E:74:02:F8:1E:77:0C:DC:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70E99B16BDB6498A998BEF476F762DDED4E695E4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3a9e27ee-b1b7-4c8e-b5cf-0cffc63886bd.roa
Signing time:             Tue 01 Apr 2025 00:00:57 +0000
ROA not before:           Tue 01 Apr 2025 00:00:57 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.31.212.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:e9:9b:16:bd:b6:49:8a:99:8b:ef:47:6f:76:2d:de:d4:e6:95:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  1 00:00:57 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: serialNumber=d19ed436d3bff5f142b3abc4a4f75f804aea8121286f3cab885425d478c0fbd9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a6:c0:2f:f0:5c:5f:27:b9:bb:21:93:c0:d3:
                    97:1f:ce:78:b5:01:b9:df:5f:48:e6:2d:a4:81:aa:
                    e1:36:2b:ae:db:7e:f6:d9:f5:91:42:d3:d9:1a:1d:
                    cb:4e:d7:30:4f:d5:57:81:44:a5:db:91:99:76:76:
                    a5:86:f2:fc:6a:e8:33:6a:db:94:1b:95:bc:43:4b:
                    a1:31:65:3e:af:6d:1d:87:5b:ca:d8:92:49:59:7f:
                    09:ab:1a:29:02:ee:b2:49:43:bc:b4:7a:58:2e:de:
                    30:56:53:07:3e:8e:24:26:e7:8d:01:e7:d8:ef:36:
                    5e:d9:6e:c4:84:5a:7d:5c:40:2f:f6:95:6d:7c:41:
                    bf:94:3c:60:02:cd:e5:62:13:7c:dd:e0:69:2b:03:
                    78:02:dd:14:4b:bd:19:1a:98:f3:60:f7:96:f0:1a:
                    8e:77:f9:36:b5:40:1a:5e:88:4a:2e:c4:82:e8:c9:
                    39:ad:40:29:52:82:e1:6c:9f:dd:2f:f5:31:f3:c2:
                    73:a6:d8:e6:bb:8f:04:2e:31:72:12:40:c2:a2:02:
                    5b:bf:26:85:60:9a:7d:49:5c:67:3c:d9:76:dd:f7:
                    50:b0:61:51:18:f8:06:96:97:18:9f:a9:1d:35:3b:
                    b2:3a:94:6b:c4:bd:56:63:54:08:29:db:87:a5:aa:
                    c0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5F:BC:7B:FE:5E:EC:B1:5D:5D:2B:0E:74:02:F8:1E:77:0C:DC:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3a9e27ee-b1b7-4c8e-b5cf-0cffc63886bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.31.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d8:42:bb:7b:34:78:67:7d:c8:4f:ae:3f:d2:ce:02:47:e6:
         25:9b:40:6b:b1:05:3c:bc:23:f1:df:a9:ff:6c:df:b2:ea:9f:
         81:2a:ca:78:56:96:15:3e:30:47:32:b9:b2:06:c0:95:3f:65:
         1c:80:9b:0f:45:a0:39:37:95:07:24:fa:88:86:00:86:3d:ab:
         3b:08:75:74:fd:4e:73:b4:c7:69:52:02:6a:3d:0e:cf:95:c5:
         6b:b5:6d:14:d2:e0:4a:eb:7c:80:5b:91:3d:d4:d7:03:02:7c:
         3d:fe:c6:1f:92:66:e9:23:c2:93:c6:8d:5b:9d:c8:ca:d0:0e:
         bf:72:fa:23:e7:df:6b:ae:20:ef:9b:6a:00:db:6e:00:fd:9a:
         7e:fd:ae:33:eb:d5:33:df:8f:6b:2c:15:84:3d:3e:99:02:7a:
         bd:1b:d0:46:8b:b9:51:cf:11:0e:34:b3:39:fe:16:99:25:ca:
         9e:18:75:18:a4:15:f2:ac:e9:61:0d:95:e1:3f:69:01:fc:34:
         d7:95:43:26:af:66:26:30:a1:1a:c7:15:f0:12:8b:0b:90:18:
         f9:6d:0f:f2:6e:13:b0:bf:e8:56:12:da:4e:bc:da:9e:57:ef:
         37:54:ed:b7:42:59:05:19:5f:9c:1c:fe:c1:2e:ae:da:dd:1a:
         65:d7:48:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcOmbFr22SYqZi+9Hb3Yt3tTmleQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAxMDAwMDU3WhcNMjUwNTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTllZDQzNmQzYmZmNWYxNDJiM2FiYzRhNGY3NWY4MDRh
ZWE4MTIxMjg2ZjNjYWI4ODU0MjVkNDc4YzBmYmQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcpsAv8FxfJ7m7IZPA05cfzni1AbnfX0jmLaSBquE2K67b
fvbZ9ZFC09kaHctO1zBP1VeBRKXbkZl2dqWG8vxq6DNq25QblbxDS6ExZT6vbR2H
W8rYkklZfwmrGikC7rJJQ7y0elgu3jBWUwc+jiQm540B59jvNl7ZbsSEWn1cQC/2
lW18Qb+UPGACzeViE3zd4GkrA3gC3RRLvRkamPNg95bwGo53+Ta1QBpeiEouxILo
yTmtQClSguFsn90v9THzwnOm2Oa7jwQuMXISQMKiAlu/JoVgmn1JXGc82Xbd91Cw
YVEY+AaWlxifqR01O7I6lGvEvVZjVAgp24elqsBDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ1+8e/5e7LFdXSsOdAL4HncM3MEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNhOWUyN2VlLWIxYjctNGM4ZS1iNWNmLTBjZmZjNjM4ODZiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAH9QwDQYJKoZIhvcNAQELBQADggEBACPYQrt7NHhnfchPrj/SzgJH5iWb
QGuxBTy8I/Hfqf9s37Lqn4EqynhWlhU+MEcyubIGwJU/ZRyAmw9FoDk3lQck+oiG
AIY9qzsIdXT9TnO0x2lSAmo9Ds+VxWu1bRTS4ErrfIBbkT3U1wMCfD3+xh+SZukj
wpPGjVudyMrQDr9y+iPn32uuIO+bagDbbgD9mn79rjPr1TPfj2ssFYQ9PpkCer0b
0EaLuVHPEQ40szn+Fpklyp4YdRikFfKs6WENleE/aQH8NNeVQyavZiYwoRrHFfAS
iwuQGPltD/JuE7C/6FYS2k682p5X7zdU7bdCWQUZX5wc/sEurtrdGmXXSL4=
-----END CERTIFICATE-----