Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa
File:                     3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa (raw, json)
Hash identifier:          NA5rTw/DOoM/OxFplXIbXFg4SKD/B+KC03eOYVerfhQ=
Subject key identifier:   DD:E5:2B:FC:AF:D4:B3:1F:84:A5:5D:DE:4D:EB:27:C3:B0:A4:05:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       696B257B33DC250DCE8B2D4B3A14BFA909101A2A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa
Signing time:             Mon 31 Mar 2025 15:51:12 +0000
ROA not before:           Mon 31 Mar 2025 15:51:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.68.0.0/17 maxlen: 17

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:6b:25:7b:33:dc:25:0d:ce:8b:2d:4b:3a:14:bf:a9:09:10:1a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 15:51:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=d9cdbe89f8d9e7c406e884b42e45866c614ffb182863101b97b6d46a8e2090f0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d3:6a:78:4a:ee:25:f5:f7:2a:9e:21:97:b7:
                    a9:b8:fe:61:dd:34:18:14:07:70:70:2a:45:f3:be:
                    7d:c8:5e:fe:31:9f:2d:4c:46:fd:f7:cf:e0:bb:06:
                    a5:a1:f7:ac:f2:4d:7e:d9:75:8b:40:59:87:1e:e2:
                    bf:79:81:d3:1c:fc:02:f1:5c:13:e3:71:68:00:d2:
                    c3:51:78:80:c2:92:19:fb:40:18:aa:42:1f:9f:58:
                    82:88:da:ff:8a:80:9d:5b:91:cd:1f:7e:13:79:c5:
                    35:08:9e:27:84:ba:82:e1:0c:ad:7c:56:c3:8e:b7:
                    2d:e8:6f:2d:90:49:2e:3d:60:c2:c8:ee:ef:b7:0d:
                    20:b2:69:c2:e0:46:84:28:2f:8b:70:f9:3b:7b:60:
                    c2:4a:45:49:3c:a0:a8:6c:1d:a0:79:3a:4d:7c:f6:
                    fc:4a:cf:f5:79:a3:e9:6d:0c:e2:95:40:1a:fe:1c:
                    43:74:70:8c:dd:3b:76:d6:8a:bc:77:6a:99:ad:c8:
                    9f:c8:c1:67:2b:e4:c4:7c:3e:fb:55:b3:87:75:fc:
                    69:b2:bd:8a:34:04:f4:5a:45:45:a2:ff:db:25:1b:
                    7d:00:51:6d:a3:db:53:04:18:9f:9d:a5:05:34:57:
                    05:67:27:23:17:f6:be:08:9e:7a:54:0a:dc:0f:93:
                    69:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:E5:2B:FC:AF:D4:B3:1F:84:A5:5D:DE:4D:EB:27:C3:B0:A4:05:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b1c020d-4131-47f0-a3f7-b0555cf026ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.68.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         5a:4f:7b:00:14:18:17:9c:28:3f:47:d7:70:49:ab:f4:a6:5b:
         29:d8:21:a5:c3:1b:69:4a:ef:22:b8:1e:ae:1c:71:aa:85:5f:
         11:54:ef:58:9b:0b:71:1e:46:ea:b4:f5:5b:27:2f:c1:8d:8a:
         fe:8f:04:05:34:c2:5d:40:f3:6c:e6:80:89:82:e1:f5:6f:fe:
         90:ef:65:2d:ea:b4:c9:c3:20:a4:ff:44:ef:4e:f5:2c:01:1c:
         26:4b:dc:13:b5:e6:ac:1a:eb:77:78:a8:5f:4d:97:c2:3d:35:
         7b:b9:c1:0c:fe:40:d0:e3:2b:d5:f8:ef:da:bc:c7:a2:f7:ea:
         06:13:28:07:b2:8d:d6:91:42:62:d6:ce:07:7c:c7:95:09:3a:
         c6:9e:01:d4:a2:a1:46:9c:3b:b6:8b:19:09:40:52:f7:0c:f7:
         57:07:04:92:33:6f:d5:d7:0b:ac:55:f4:8f:9d:3c:4f:b2:28:
         8e:bd:8a:8e:a7:9d:83:1f:bd:80:e4:38:9e:8a:4d:f8:61:b8:
         0b:3e:b5:6d:7d:d3:3c:13:27:74:f4:06:0b:6a:a2:36:b7:2c:
         25:cc:f0:34:79:02:b2:fd:d0:51:17:27:64:98:37:1f:c5:f6:
         db:26:7c:32:6c:14:a0:8d:e4:6b:17:18:6e:42:0f:9a:6c:46:
         74:ba:0d:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaWslezPcJQ3Oiy1LOhS/qQkQGiowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTU1MTEyWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOWNkYmU4OWY4ZDllN2M0MDZlODg0YjQyZTQ1ODY2YzYx
NGZmYjE4Mjg2MzEwMWI5N2I2ZDQ2YThlMjA5MGYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC302p4Su4l9fcqniGXt6m4/mHdNBgUB3BwKkXzvn3IXv4x
ny1MRv33z+C7BqWh96zyTX7ZdYtAWYce4r95gdMc/ALxXBPjcWgA0sNReIDCkhn7
QBiqQh+fWIKI2v+KgJ1bkc0ffhN5xTUInieEuoLhDK18VsOOty3oby2QSS49YMLI
7u+3DSCyacLgRoQoL4tw+Tt7YMJKRUk8oKhsHaB5Ok189vxKz/V5o+ltDOKVQBr+
HEN0cIzdO3bWirx3apmtyJ/IwWcr5MR8PvtVs4d1/GmyvYo0BPRaRUWi/9slG30A
UW2j21MEGJ+dpQU0VwVnJyMX9r4InnpUCtwPk2l9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3eUr/K/Usx+EpV3eTesnw7CkBWkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiMWMwMjBkLTQxMzEtNDdmMC1hM2Y3LWIwNTU1Y2YwMjZlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc4RAAwDQYJKoZIhvcNAQELBQADggEBAFpPewAUGBecKD9H13BJq/SmWynY
IaXDG2lK7yK4Hq4ccaqFXxFU71ibC3EeRuq09VsnL8GNiv6PBAU0wl1A82zmgImC
4fVv/pDvZS3qtMnDIKT/RO9O9SwBHCZL3BO15qwa63d4qF9Nl8I9NXu5wQz+QNDj
K9X479q8x6L36gYTKAeyjdaRQmLWzgd8x5UJOsaeAdSioUacO7aLGQlAUvcM91cH
BJIzb9XXC6xV9I+dPE+yKI69io6nnYMfvYDkOJ6KTfhhuAs+tW190zwTJ3T0Bgtq
oja3LCXM8DR5ArL90FEXJ2SYNx/F9tsmfDJsFKCN5GsXGG5CD5psRnS6DdE=
-----END CERTIFICATE-----