Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa
File:                     4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa (raw, json)
Hash identifier:          /DmzFY9fTn5UYvWn0JMj6xiePiPPOEcpNkOC49UZoVU=
Subject key identifier:   58:09:01:E6:E6:0E:12:F2:8B:0D:FF:2A:12:6D:BC:3C:57:6F:1C:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E2D416168D42568D5DB2F60819CD3B4F178F220
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa
Signing time:             Fri 04 Apr 2025 00:22:14 +0000
ROA not before:           Fri 04 Apr 2025 00:22:14 +0000
ROA not after:            Fri 09 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.174.144.0/21 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:2d:41:61:68:d4:25:68:d5:db:2f:60:81:9c:d3:b4:f1:78:f2:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  4 00:22:14 2025 GMT
            Not After : May  9 23:59:59 2025 GMT
        Subject: serialNumber=16d044dc97a7dc8dcb8d3ecde4ac8a822cb9c1e11b23bb11df60667ee07dc9f7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:c6:66:f2:94:e8:71:e7:c5:a0:f3:42:21:
                    3d:f0:dc:be:44:86:52:dd:43:e2:77:ef:43:16:27:
                    c2:80:a6:29:c3:87:03:8a:dc:ab:1f:5a:ed:b1:73:
                    ad:22:88:fb:ad:a4:0f:f6:48:85:ff:46:db:bb:6c:
                    9e:3e:c7:5c:26:85:56:91:54:f4:55:86:c4:5b:6d:
                    f2:85:5b:97:54:54:8e:6d:b1:64:fb:5c:ce:9f:25:
                    db:0e:8f:df:7f:79:76:77:de:77:c4:8e:a6:12:c2:
                    53:f4:b0:40:cb:57:09:6d:83:ad:39:65:62:8d:e6:
                    87:fc:17:ab:d6:6e:61:2c:31:56:0f:be:de:da:1c:
                    c9:d7:d5:fc:af:dc:46:ea:ca:9c:b7:57:1d:f3:37:
                    f5:e1:e0:33:f6:be:15:49:4a:99:a1:96:1a:b6:66:
                    aa:ac:20:60:e2:87:5e:0b:a6:41:ea:d0:aa:cb:94:
                    60:9b:45:be:13:4e:61:2b:3d:2b:40:f6:1b:51:3d:
                    10:d1:04:0c:2b:27:0b:e7:c8:fe:90:7c:69:0d:79:
                    de:30:c0:e1:5e:99:72:d4:ea:48:e2:19:ed:61:f0:
                    23:c3:3c:65:1a:be:71:ee:c6:e4:87:ba:46:8f:64:
                    a3:64:b3:5f:14:d0:a8:c1:57:2c:6c:a1:1e:68:56:
                    cf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:09:01:E6:E6:0E:12:F2:8B:0D:FF:2A:12:6D:BC:3C:57:6F:1C:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.174.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c4:a1:76:d4:eb:17:78:5a:a5:a1:bf:08:ab:b5:89:bb:ab:32:
         61:27:76:69:11:a8:22:f1:46:4a:30:ca:ad:f3:41:19:4f:99:
         2f:eb:85:cc:ae:ae:ff:ee:f6:10:2a:f4:6c:55:e6:e2:df:5a:
         e3:7a:78:ef:3b:d6:99:7b:95:99:97:16:ac:6e:86:39:ef:09:
         19:70:29:4c:d5:ce:5d:a1:b2:13:5e:49:41:d6:a7:5d:64:70:
         08:15:b1:f4:5a:73:31:07:a2:80:ae:70:71:8d:00:98:1d:44:
         9b:1d:49:ba:66:be:e9:b2:b3:09:ca:31:e3:5a:92:fe:c1:fd:
         63:cf:98:e0:7d:38:9a:c4:77:e7:76:b6:1b:16:b2:0a:71:ad:
         7a:a7:92:3e:17:0c:fc:9a:7c:53:fc:09:2e:58:de:b9:c3:76:
         bd:56:86:be:a6:c8:be:16:72:8a:08:a4:be:c6:35:45:8c:38:
         c6:70:42:99:ce:e4:20:1a:af:09:05:d2:6e:0c:1e:c3:a5:2a:
         a3:12:fd:30:22:d6:1d:c3:26:60:67:37:9a:41:ab:53:a8:3f:
         4b:2e:82:0f:a6:ff:70:e1:17:45:e2:04:43:af:bd:f8:7c:06:
         30:3e:e0:9f:eb:00:5d:f6:a2:09:6f:1d:e1:ac:bd:67:c1:ad:
         97:43:91:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHi1BYWjUJWjV2y9ggZzTtPF48iAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA0MDAyMjE0WhcNMjUwNTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNmQwNDRkYzk3YTdkYzhkY2I4ZDNlY2RlNGFjOGE4MjJj
YjljMWUxMWIyM2JiMTFkZjYwNjY3ZWUwN2RjOWY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1pcZm8pTocefFoPNCIT3w3L5EhlLdQ+J370MWJ8KApinD
hwOK3KsfWu2xc60iiPutpA/2SIX/Rtu7bJ4+x1wmhVaRVPRVhsRbbfKFW5dUVI5t
sWT7XM6fJdsOj99/eXZ33nfEjqYSwlP0sEDLVwltg605ZWKN5of8F6vWbmEsMVYP
vt7aHMnX1fyv3Ebqypy3Vx3zN/Xh4DP2vhVJSpmhlhq2ZqqsIGDih14LpkHq0KrL
lGCbRb4TTmErPStA9htRPRDRBAwrJwvnyP6QfGkNed4wwOFemXLU6kjiGe1h8CPD
PGUavnHuxuSHukaPZKNks18U0KjBVyxsoR5oVs+RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWAkB5uYOEvKLDf8qEm28PFdvHF4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhNjUxNjVhLTdkMmUtNDhjZS1hMWI1LWJhODJkY2M4OWQxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPKrpAwDQYJKoZIhvcNAQELBQADggEBAMShdtTrF3hapaG/CKu1iburMmEn
dmkRqCLxRkowyq3zQRlPmS/rhcyurv/u9hAq9GxV5uLfWuN6eO871pl7lZmXFqxu
hjnvCRlwKUzVzl2hshNeSUHWp11kcAgVsfRaczEHooCucHGNAJgdRJsdSbpmvumy
swnKMeNakv7B/WPPmOB9OJrEd+d2thsWsgpxrXqnkj4XDPyafFP8CS5Y3rnDdr1W
hr6myL4WcooIpL7GNUWMOMZwQpnO5CAarwkF0m4MHsOlKqMS/TAi1h3DJmBnN5pB
q1OoP0sugg+m/3DhF0XiBEOvvfh8BjA+4J/rAF32oglvHeGsvWfBrZdDkYI=
-----END CERTIFICATE-----