Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d56adf4-4a08-4b7f-b25d-a277cef945a5.roa
File:                     4d56adf4-4a08-4b7f-b25d-a277cef945a5.roa (raw, json)
Hash identifier:          OiiuyjdEoLhsPpPugCo1sw62ngeelkFfrh49XZWSRos=
Subject key identifier:   87:8A:15:3B:2D:D8:05:F7:2C:F6:2A:2C:1B:8A:B5:C1:9C:46:4A:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4879D446717024C0B0356C3EB9DFBD577F07F6D9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d56adf4-4a08-4b7f-b25d-a277cef945a5.roa
Signing time:             Sat 29 Mar 2025 00:30:21 +0000
ROA not before:           Sat 29 Mar 2025 00:30:21 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.21.64.0/18 maxlen: 18

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:79:d4:46:71:70:24:c0:b0:35:6c:3e:b9:df:bd:57:7f:07:f6:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:30:21 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: serialNumber=5febee2acb64c61a9eebe6ddd401af813205480cf2dccbdea1ccb70104b84798, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f4:22:c7:93:c7:03:ce:24:0e:d5:b8:a7:a8:
                    a4:30:fb:6d:e9:f2:f2:d0:3d:4c:28:58:ab:63:e5:
                    2b:c4:78:c6:a2:b0:ad:a9:19:4b:54:db:f4:8a:74:
                    a9:2e:de:ff:8a:34:da:69:a8:1e:88:eb:41:9b:1e:
                    f7:c5:9b:5b:6e:81:cd:6b:2e:0d:20:14:ef:a4:f5:
                    61:57:b8:3d:63:08:2e:7d:77:bd:5b:48:e2:9a:c1:
                    e3:06:1b:f4:96:52:a1:a8:47:8d:d2:77:f1:8b:66:
                    f3:f4:e7:45:a5:ed:a2:f7:87:f4:9c:5f:e1:24:30:
                    72:0f:b1:92:52:a9:d5:ff:83:09:06:26:5b:8d:5e:
                    c6:87:1b:bc:17:af:6f:0b:70:16:d9:e1:02:07:9e:
                    6e:57:a5:b9:af:bb:96:15:8d:96:e8:43:f9:da:a1:
                    e5:6e:08:fd:27:77:21:53:a1:24:81:7f:d7:5e:a7:
                    04:8e:f3:9b:e0:d4:38:9e:d5:a4:8a:36:7a:33:f1:
                    41:19:7e:af:c1:d3:e8:1a:87:5e:87:8f:e7:f4:9a:
                    43:1a:a0:55:35:bd:c2:5f:57:13:34:59:c3:08:6a:
                    fb:08:cb:b8:71:84:9e:0b:4e:2c:7e:d6:4f:96:b0:
                    00:b7:e2:27:96:8c:0c:9b:82:b3:30:ed:17:d8:20:
                    9a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8A:15:3B:2D:D8:05:F7:2C:F6:2A:2C:1B:8A:B5:C1:9C:46:4A:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d56adf4-4a08-4b7f-b25d-a277cef945a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a8:01:1a:3e:76:c9:c1:91:19:85:0b:3c:1f:e1:df:47:a9:5f:
         96:02:92:46:e9:6b:e7:2d:85:c1:37:e6:ae:48:e3:52:cc:3e:
         31:15:d3:06:88:57:b5:d9:9d:05:0e:31:d5:82:16:f9:7d:74:
         36:bf:c9:49:f1:7e:ff:09:c9:02:02:13:cc:b7:ed:2b:14:8d:
         c0:5f:b1:c8:48:b9:0c:d0:e2:21:48:36:fc:a4:0f:73:bd:0c:
         de:b7:d5:31:4c:10:ef:01:f4:5a:9c:b2:9b:b0:73:3f:4b:bd:
         8f:44:5b:0f:6f:88:c0:0d:3c:51:c7:de:41:46:5d:0d:60:c0:
         cb:88:57:16:6d:3a:21:76:a4:b4:5e:8a:e0:3b:43:dd:fb:c9:
         0d:91:36:ac:8d:30:74:5d:04:b7:f2:e9:e3:b2:1f:bf:41:9b:
         f5:3d:01:52:a4:e6:7c:de:d8:8e:57:09:09:2c:00:99:07:06:
         40:e9:24:77:b5:58:83:b7:3c:e4:dd:9d:c0:4a:dc:66:08:52:
         31:05:67:b4:c3:b4:58:2c:64:ec:c4:83:e3:58:59:ff:91:a7:
         da:ec:44:23:0f:3f:eb:6b:95:ed:06:94:ff:44:de:ce:41:67:
         f9:d1:b4:d2:53:16:6d:13:20:61:91:2e:0d:69:95:e2:e3:c1:
         3b:a6:c5:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSHnURnFwJMCwNWw+ud+9V38H9tkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDAzMDIxWhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmViZWUyYWNiNjRjNjFhOWVlYmU2ZGRkNDAxYWY4MTMy
MDU0ODBjZjJkY2NiZGVhMWNjYjcwMTA0Yjg0Nzk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC69CLHk8cDziQO1binqKQw+23p8vLQPUwoWKtj5SvEeMai
sK2pGUtU2/SKdKku3v+KNNppqB6I60GbHvfFm1tugc1rLg0gFO+k9WFXuD1jCC59
d71bSOKaweMGG/SWUqGoR43Sd/GLZvP050Wl7aL3h/ScX+EkMHIPsZJSqdX/gwkG
JluNXsaHG7wXr28LcBbZ4QIHnm5Xpbmvu5YVjZboQ/naoeVuCP0ndyFToSSBf9de
pwSO85vg1Die1aSKNnoz8UEZfq/B0+gah16Hj+f0mkMaoFU1vcJfVxM0WcMIavsI
y7hxhJ4LTix+1k+WsAC34ieWjAybgrMw7RfYIJqzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh4oVOy3YBfcs9iosG4q1wZxGSqYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRkNTZhZGY0LTRhMDgtNGI3Zi1iMjVkLWEyNzdjZWY5NDVhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZrFUAwDQYJKoZIhvcNAQELBQADggEBAKgBGj52ycGRGYULPB/h30epX5YC
kkbpa+cthcE35q5I41LMPjEV0waIV7XZnQUOMdWCFvl9dDa/yUnxfv8JyQICE8y3
7SsUjcBfschIuQzQ4iFINvykD3O9DN631TFMEO8B9Fqcspuwcz9LvY9EWw9viMAN
PFHH3kFGXQ1gwMuIVxZtOiF2pLReiuA7Q937yQ2RNqyNMHRdBLfy6eOyH79Bm/U9
AVKk5nze2I5XCQksAJkHBkDpJHe1WIO3POTdncBK3GYIUjEFZ7TDtFgsZOzEg+NY
Wf+Rp9rsRCMPP+trle0GlP9E3s5BZ/nRtNJTFm0TIGGRLg1pleLjwTumxf8=
-----END CERTIFICATE-----