Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/499a27f0-fb33-4e38-bcc8-b3e546ec3fdd.roa
File:                     499a27f0-fb33-4e38-bcc8-b3e546ec3fdd.roa (raw, json)
Hash identifier:          7EjUhAqF0adUu2aFcKdH2yUPc4HcxUequEb8cX8M8xg=
Subject key identifier:   36:50:C7:D0:9C:96:C2:58:4F:68:00:0D:17:49:DE:25:1A:4D:B0:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       401D51E0F395BF605A9ADA1FDD5CA86A08506937
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/499a27f0-fb33-4e38-bcc8-b3e546ec3fdd.roa
Signing time:             Thu 03 Apr 2025 23:07:12 +0000
ROA not before:           Thu 03 Apr 2025 23:07:12 +0000
ROA not after:            Thu 08 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.5.185.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:1d:51:e0:f3:95:bf:60:5a:9a:da:1f:dd:5c:a8:6a:08:50:69:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  3 23:07:12 2025 GMT
            Not After : May  8 23:59:59 2025 GMT
        Subject: serialNumber=f727925fca13fcc01e5b3181f8ef538f52b39ad5f63c9078fcb0b7f7f0cc2ebe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fd:9d:b4:2e:75:e2:ff:50:9e:91:d5:02:75:
                    14:c9:05:ad:78:73:ca:12:7e:e3:04:b0:48:61:ae:
                    17:7f:3c:70:ab:d9:4a:0f:bc:20:18:1a:ff:34:c6:
                    a8:d9:53:32:1e:9d:09:17:9f:1b:d5:8d:e2:6f:66:
                    7f:29:f9:fb:6e:dc:d4:d1:20:08:09:be:93:8c:88:
                    72:da:a4:cb:94:7f:f0:24:6e:46:39:e1:08:c3:91:
                    24:5c:23:84:46:8e:99:ed:71:fa:5a:be:79:3e:88:
                    15:3c:2b:2b:99:f7:f9:a3:fb:77:a6:35:78:25:b3:
                    53:6d:82:83:77:ab:c3:b1:d2:01:a1:15:6e:81:b6:
                    f0:f8:02:27:e0:9e:e3:80:0e:88:ba:e4:c7:ee:89:
                    fd:df:53:e2:53:22:60:e6:92:01:52:fd:37:53:e2:
                    0e:e8:57:f7:04:d3:8b:7a:29:9b:0e:3f:50:f8:77:
                    b5:92:12:a1:b4:79:cc:c8:7a:74:dd:79:04:c8:92:
                    95:71:4b:65:10:b8:8b:44:fd:ac:0c:df:69:6d:79:
                    ef:62:ce:97:a9:6d:02:2f:7a:f3:f9:a2:c7:3b:5f:
                    af:17:13:9c:2b:22:de:eb:66:9a:ac:c7:29:86:cf:
                    d0:9c:d5:e7:cb:7a:16:44:5f:9d:de:84:3a:9d:23:
                    02:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:50:C7:D0:9C:96:C2:58:4F:68:00:0D:17:49:DE:25:1A:4D:B0:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/499a27f0-fb33-4e38-bcc8-b3e546ec3fdd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.5.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:2d:46:5e:c5:e2:44:7d:f3:b8:5e:19:0c:1c:8d:cb:b2:ca:
         11:d0:a8:5b:be:40:0a:33:03:0d:77:db:f3:e6:54:bb:8f:55:
         31:00:ec:5c:29:9a:d9:23:ca:24:21:73:29:3c:1c:22:50:70:
         fb:e0:33:80:01:96:3e:45:f6:05:f7:55:b5:9c:4e:bd:f2:29:
         e7:8f:51:b1:fb:4a:4e:79:43:38:4b:80:84:7b:e9:68:ae:03:
         f1:d0:02:3e:b6:2e:67:a6:59:32:54:d8:73:37:38:12:7b:da:
         df:9a:65:26:c5:06:29:fe:6d:4d:c1:8b:b8:29:e9:0c:de:20:
         6b:24:78:55:03:cc:1b:96:1e:19:7b:c5:4f:1f:81:ae:05:36:
         4c:f2:e2:bf:6e:06:3e:7c:fe:33:ff:6c:33:c8:7e:e7:0e:bc:
         79:e9:c3:4f:1e:e1:13:0e:34:ef:60:f1:0f:7a:cc:0b:6c:3a:
         45:40:46:58:0d:2d:0e:77:cf:2b:08:a1:4b:c1:3e:d7:9e:0f:
         bd:df:2d:86:54:db:ec:5d:33:4c:90:9f:13:b7:35:b7:fd:36:
         8d:8c:9c:e6:36:c7:3e:8e:d2:31:e7:a4:fb:55:e6:8b:3d:87:
         a5:86:f2:0b:d9:75:f9:97:ed:ff:6f:a7:4c:63:cd:3a:60:81:
         32:e0:e3:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQB1R4POVv2Bamtof3VyoaghQaTcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAzMjMwNzEyWhcNMjUwNTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzI3OTI1ZmNhMTNmY2MwMWU1YjMxODFmOGVmNTM4ZjUy
YjM5YWQ1ZjYzYzkwNzhmY2IwYjdmN2YwY2MyZWJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+/Z20LnXi/1CekdUCdRTJBa14c8oSfuMEsEhhrhd/PHCr
2UoPvCAYGv80xqjZUzIenQkXnxvVjeJvZn8p+ftu3NTRIAgJvpOMiHLapMuUf/Ak
bkY54QjDkSRcI4RGjpntcfpavnk+iBU8KyuZ9/mj+3emNXgls1NtgoN3q8Ox0gGh
FW6BtvD4AifgnuOADoi65Mfuif3fU+JTImDmkgFS/TdT4g7oV/cE04t6KZsOP1D4
d7WSEqG0eczIenTdeQTIkpVxS2UQuItE/awM32ltee9izpepbQIvevP5osc7X68X
E5wrIt7rZpqsxymGz9Cc1efLehZEX53ehDqdIwKfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNlDH0JyWwlhPaAANF0neJRpNsDkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5OWEyN2YwLWZiMzMtNGUzOC1iY2M4LWIzZTU0NmVjM2ZkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADKBbkwDQYJKoZIhvcNAQELBQADggEBAGQtRl7F4kR987heGQwcjcuyyhHQ
qFu+QAozAw132/PmVLuPVTEA7FwpmtkjyiQhcyk8HCJQcPvgM4ABlj5F9gX3VbWc
Tr3yKeePUbH7Sk55QzhLgIR76WiuA/HQAj62LmemWTJU2HM3OBJ72t+aZSbFBin+
bU3Bi7gp6QzeIGskeFUDzBuWHhl7xU8fga4FNkzy4r9uBj58/jP/bDPIfucOvHnp
w08e4RMONO9g8Q96zAtsOkVARlgNLQ53zysIoUvBPteeD73fLYZU2+xdM0yQnxO3
Nbf9No2MnOY2xz6O0jHnpPtV5os9h6WG8gvZdfmX7f9vp0xjzTpggTLg47s=
-----END CERTIFICATE-----