Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa
File:                     659599fd-5231-4a14-b642-c43b71289efa.roa (raw, json)
Hash identifier:          PfATSamoMIFlmZIzx31eY7geZG8nT/pHQbyVSbf5CxI=
Subject key identifier:   66:93:FD:AD:8D:11:DE:4C:CF:22:5A:32:E0:3F:64:1E:E1:50:17:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5EFF0F6214195962875E53DE14203C8713C2A58D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa
Signing time:             Sat 29 Mar 2025 00:11:14 +0000
ROA not before:           Sat 29 Mar 2025 00:11:14 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.22.152.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ff:0f:62:14:19:59:62:87:5e:53:de:14:20:3c:87:13:c2:a5:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:11:14 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: serialNumber=3c44f934f35f9db97aa111e8e8b89dee33c87ab4cdf09a27525e6bebbdc147e2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:a5:4c:a5:65:b9:80:92:ad:3d:ee:e5:fa:
                    9d:f2:87:3d:cb:53:23:cd:10:3a:a3:66:25:7e:90:
                    e4:4e:7a:e9:86:1c:f8:c8:e1:89:71:62:1a:ba:0a:
                    6d:b4:a2:85:35:6a:a8:95:c5:bf:07:f7:b1:3a:06:
                    82:f3:b5:b3:b8:db:da:a7:b4:25:5a:4b:4d:96:59:
                    cc:b2:eb:a0:6a:5f:05:3d:32:a0:62:74:4e:72:3c:
                    50:4e:d1:a3:da:0e:4f:27:8a:eb:52:d4:d2:62:7d:
                    d0:da:70:26:94:81:7a:a4:37:17:2a:e5:b8:79:00:
                    a6:f7:bd:35:56:e5:e6:a5:e1:25:25:6c:d2:10:78:
                    5f:03:6e:24:f0:4f:42:de:79:78:47:89:50:35:cb:
                    86:87:f0:cc:6e:b0:d4:df:b9:42:4b:89:9b:7d:b6:
                    ae:09:3b:04:a7:46:94:f3:81:dd:e7:3d:f0:cc:b8:
                    c8:62:d5:00:47:d5:85:fb:28:c0:36:81:a2:f2:73:
                    47:7d:1b:c7:c8:23:f8:1d:1d:b5:dd:11:17:13:20:
                    81:31:8e:63:c9:7d:1a:d3:49:79:99:63:8f:af:cc:
                    e8:1c:91:84:7b:0e:bb:49:9e:5a:8f:5c:a7:4b:fb:
                    85:38:04:12:da:53:3c:db:f7:7e:ae:6a:75:31:64:
                    71:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:93:FD:AD:8D:11:DE:4C:CF:22:5A:32:E0:3F:64:1E:E1:50:17:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:f9:db:73:aa:7a:96:e0:68:67:97:e4:3d:f4:e5:64:94:e6:
         3c:1c:ef:b7:04:0a:a4:15:0a:14:c0:a5:55:e7:d3:b5:a6:8c:
         d7:51:b3:59:a4:a2:a4:0a:93:65:51:65:49:27:83:52:f2:82:
         04:ae:5e:28:9f:f5:2c:fc:4a:74:f3:5c:f6:d6:f6:e4:28:16:
         93:09:e5:5d:0a:04:ce:85:0b:4d:19:d9:7c:cc:c9:37:d3:24:
         3e:c5:18:91:96:27:97:0b:fc:b0:5a:37:78:c7:80:57:7f:68:
         2e:d0:80:0c:cf:a2:60:0c:19:78:77:9e:5f:4a:ce:53:09:db:
         0e:cb:c8:69:bb:f0:fc:ec:85:22:b8:85:df:3b:c9:d1:75:e9:
         e1:db:07:c5:6a:4a:ab:8c:64:8c:85:55:c0:f8:73:ac:9f:c5:
         76:b2:bf:8b:93:31:5e:09:0f:11:23:ab:9e:72:e3:c8:9c:e5:
         53:53:74:79:0c:50:b1:66:58:3c:2f:df:61:8b:db:3d:0e:94:
         ae:e4:e9:ff:70:c0:79:3a:8a:a2:ac:62:6d:41:3c:73:59:e0:
         0c:37:69:07:62:69:da:a6:b5:dd:fc:3c:57:7f:25:0d:52:3f:
         9a:3e:92:d8:f6:97:40:5e:e2:55:f8:cd:93:87:dd:fa:03:72:
         6f:b1:2f:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXv8PYhQZWWKHXlPeFCA8hxPCpY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDAxMTE0WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzQ0ZjkzNGYzNWY5ZGI5N2FhMTExZThlOGI4OWRlZTMz
Yzg3YWI0Y2RmMDlhMjc1MjVlNmJlYmJkYzE0N2UyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClVKVMpWW5gJKtPe7l+p3yhz3LUyPNEDqjZiV+kOROeumG
HPjI4YlxYhq6Cm20ooU1aqiVxb8H97E6BoLztbO429qntCVaS02WWcyy66BqXwU9
MqBidE5yPFBO0aPaDk8niutS1NJifdDacCaUgXqkNxcq5bh5AKb3vTVW5eal4SUl
bNIQeF8DbiTwT0LeeXhHiVA1y4aH8MxusNTfuUJLiZt9tq4JOwSnRpTzgd3nPfDM
uMhi1QBH1YX7KMA2gaLyc0d9G8fII/gdHbXdERcTIIExjmPJfRrTSXmZY4+vzOgc
kYR7DrtJnlqPXKdL+4U4BBLaUzzb936uanUxZHGRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZpP9rY0R3kzPIloy4D9kHuFQF4wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1OTU5OWZkLTUyMzEtNGExNC1iNjQyLWM0M2I3MTI4OWVmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFpgwDQYJKoZIhvcNAQELBQADggEBAEj523OqepbgaGeX5D305WSU5jwc
77cECqQVChTApVXn07WmjNdRs1mkoqQKk2VRZUkng1LyggSuXiif9Sz8SnTzXPbW
9uQoFpMJ5V0KBM6FC00Z2XzMyTfTJD7FGJGWJ5cL/LBaN3jHgFd/aC7QgAzPomAM
GXh3nl9KzlMJ2w7LyGm78PzshSK4hd87ydF16eHbB8VqSquMZIyFVcD4c6yfxXay
v4uTMV4JDxEjq55y48ic5VNTdHkMULFmWDwv32GL2z0OlK7k6f9wwHk6iqKsYm1B
PHNZ4Aw3aQdiadqmtd38PFd/JQ1SP5o+ktj2l0Be4lX4zZOH3foDcm+xLxg=
-----END CERTIFICATE-----