Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e687fa1-9b29-455d-9b8f-48a1ec23d39b.roa
File:                     4e687fa1-9b29-455d-9b8f-48a1ec23d39b.roa (raw, json)
Hash identifier:          P4TxoCpYZgaVzEhHVUgai9glRgNk3Ta4xROm72L7wYU=
Subject key identifier:   9D:BA:BF:E9:34:B2:28:CE:A2:EC:22:BD:2D:AE:BC:29:E0:E0:5D:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04330865999E571B692AC980F960F3F6D9F39AF6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e687fa1-9b29-455d-9b8f-48a1ec23d39b.roa
Signing time:             Mon 07 Apr 2025 15:10:22 +0000
ROA not before:           Mon 07 Apr 2025 15:10:22 +0000
ROA not after:            Mon 12 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.164.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:33:08:65:99:9e:57:1b:69:2a:c9:80:f9:60:f3:f6:d9:f3:9a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  7 15:10:22 2025 GMT
            Not After : May 12 23:59:59 2025 GMT
        Subject: serialNumber=ea47ebdd2dd79158b8d8254e10a45f4aafd4357b1d3e4e748fda3d6b2b825a74, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:75:78:ce:f8:3b:14:de:a3:0d:d9:ca:dc:b0:
                    06:06:c3:0e:2c:22:d1:71:3f:41:11:ca:8c:4a:35:
                    a5:0d:03:16:ba:7a:9f:c7:7d:64:d5:ae:37:19:62:
                    4e:ca:3c:48:c7:7e:d4:99:85:62:64:ba:d1:f7:f0:
                    95:00:da:4d:09:65:4a:17:f2:77:68:21:4e:bf:13:
                    70:90:51:e9:2b:f7:90:8f:f8:d0:b1:72:f3:61:d3:
                    66:40:ea:99:35:90:26:08:5e:0d:b8:d5:e4:4d:2e:
                    7b:c9:1c:11:bb:ae:e5:4c:8b:78:54:1d:b5:e1:f0:
                    a2:d2:cf:34:d4:17:97:ad:a0:52:5f:f4:67:b7:c7:
                    be:2c:f3:fe:17:3c:3d:0d:b6:e2:ae:42:e8:ce:81:
                    59:73:42:4a:66:18:08:58:3e:dd:e2:cc:f9:ed:e7:
                    aa:84:eb:3c:b3:5f:77:3e:6a:f4:ca:ef:e9:45:a0:
                    5a:63:9e:c0:89:3b:7b:4f:57:bb:64:b0:e9:f3:1d:
                    27:9c:1d:4e:7e:3d:37:11:1e:60:3c:66:09:14:4b:
                    40:d6:c7:11:86:d6:1d:75:4e:5b:a1:31:f8:e3:35:
                    a7:53:3c:80:ce:38:15:87:a5:cc:47:97:59:52:f5:
                    6e:e5:a3:64:9e:7d:3b:ba:f9:58:1c:8c:56:37:ab:
                    11:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BA:BF:E9:34:B2:28:CE:A2:EC:22:BD:2D:AE:BC:29:E0:E0:5D:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e687fa1-9b29-455d-9b8f-48a1ec23d39b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.164.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:2e:a1:64:64:5c:2b:47:e5:6d:91:40:e0:dd:ee:c4:9d:19:
         d2:b9:04:30:3c:55:11:ec:c5:cd:1e:23:cd:ed:a3:37:85:a9:
         9a:bb:1c:2b:9b:ab:63:10:cb:2f:29:9c:e6:e8:b3:44:8b:ee:
         f8:15:59:16:9b:c6:f7:ec:27:53:7b:9e:ad:e7:39:3e:83:56:
         44:c9:63:41:95:08:56:c9:2e:12:46:db:c8:56:f1:2e:11:69:
         a2:87:08:7a:2f:27:59:54:9b:ac:f9:4c:93:43:08:32:52:59:
         b7:8e:ea:63:11:40:22:a7:22:64:ba:71:e8:26:b4:71:ec:09:
         b8:13:85:ce:0f:93:79:c6:aa:6c:93:45:b0:e5:c7:d3:6e:43:
         f5:ed:fb:f6:64:b8:63:cf:a8:65:8b:a8:8b:56:81:e6:6b:5a:
         e9:56:5f:a9:dd:c1:cc:1e:0c:9c:a7:b9:9b:0f:dc:06:58:65:
         44:fa:0d:18:8e:52:2e:d3:61:7a:76:83:a7:e5:b2:31:ca:47:
         d2:d6:86:08:44:f2:9d:ed:0f:a7:6a:a0:10:c9:ed:cc:56:f4:
         6a:c1:d1:4e:f6:69:1e:e0:aa:17:66:b4:36:ee:2d:02:2c:1b:
         30:06:3d:3a:1d:90:b4:5f:95:88:85:01:9e:9a:f8:02:01:bc:
         03:3d:fe:ce
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBDMIZZmeVxtpKsmA+WDz9tnzmvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA3MTUxMDIyWhcNMjUwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTQ3ZWJkZDJkZDc5MTU4YjhkODI1NGUxMGE0NWY0YWFm
ZDQzNTdiMWQzZTRlNzQ4ZmRhM2Q2YjJiODI1YTc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEdXjO+DsU3qMN2crcsAYGww4sItFxP0ERyoxKNaUNAxa6
ep/HfWTVrjcZYk7KPEjHftSZhWJkutH38JUA2k0JZUoX8ndoIU6/E3CQUekr95CP
+NCxcvNh02ZA6pk1kCYIXg241eRNLnvJHBG7ruVMi3hUHbXh8KLSzzTUF5etoFJf
9Ge3x74s8/4XPD0NtuKuQujOgVlzQkpmGAhYPt3izPnt56qE6zyzX3c+avTK7+lF
oFpjnsCJO3tPV7tksOnzHSecHU5+PTcRHmA8ZgkUS0DWxxGG1h11TluhMfjjNadT
PIDOOBWHpcxHl1lS9W7lo2SefTu6+VgcjFY3qxGjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnbq/6TSyKM6i7CK9La68KeDgXTwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRlNjg3ZmExLTliMjktNDU1ZC05YjhmLTQ4YTFlYzIzZDM5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQpDANBgkqhkiG9w0BAQsFAAOCAQEAIC6hZGRcK0flbZFA4N3uxJ0Z0rkE
MDxVEezFzR4jze2jN4WpmrscK5urYxDLLymc5uizRIvu+BVZFpvG9+wnU3uerec5
PoNWRMljQZUIVskuEkbbyFbxLhFpoocIei8nWVSbrPlMk0MIMlJZt47qYxFAIqci
ZLpx6Ca0cewJuBOFzg+TecaqbJNFsOXH025D9e379mS4Y8+oZYuoi1aB5mta6VZf
qd3BzB4MnKe5mw/cBlhlRPoNGI5SLtNhenaDp+WyMcpH0taGCETyne0Pp2qgEMnt
zFb0asHRTvZpHuCqF2a0Nu4tAiwbMAY9Oh2QtF+ViIUBnpr4AgG8Az3+zg==
-----END CERTIFICATE-----