Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a68b32-0643-4d0b-a543-f8916c97493c.roa
File:                     68a68b32-0643-4d0b-a543-f8916c97493c.roa (raw, json)
Hash identifier:          A8Fmwq4Wt07RKo1dQJoIHcWHXXfi3WVo9tm5tp0WyP4=
Subject key identifier:   CE:8D:99:8F:20:2B:1A:8E:D7:21:06:EE:EF:7A:54:11:F2:EB:71:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       55512E7E14D2AC88BC780BEC1A3040D006E0366A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a68b32-0643-4d0b-a543-f8916c97493c.roa
Signing time:             Mon 14 Apr 2025 15:00:14 +0000
ROA not before:           Mon 14 Apr 2025 15:00:14 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.149.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:51:2e:7e:14:d2:ac:88:bc:78:0b:ec:1a:30:40:d0:06:e0:36:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 14 15:00:14 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=9f7da09806cc7f7f8900f7a8f7428232f591f39ec597182c3c0421f718c2f421, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fc:0d:63:eb:92:b3:39:d2:11:94:f4:d9:30:
                    8c:e8:02:ca:1a:d0:1c:ee:ef:09:57:07:71:6b:08:
                    23:13:53:a7:58:b3:95:28:4d:53:f8:49:51:db:e8:
                    40:e7:59:09:5e:1a:26:27:8e:39:34:2d:56:f4:1b:
                    7b:b0:33:c9:7e:34:0d:ca:e4:8a:c2:bc:68:27:93:
                    43:70:b4:f1:29:fe:3b:f5:c7:34:28:fa:41:cc:4b:
                    21:0b:bb:81:05:45:a1:bd:58:ff:cd:9a:39:96:dd:
                    b3:d9:d8:f6:3a:c1:6b:c9:c4:9f:01:ba:bd:3e:4c:
                    52:ae:b1:11:7a:57:9f:e5:81:97:d0:fe:3a:b6:51:
                    e0:46:74:96:5d:c7:9a:88:c2:d0:f1:0d:fd:eb:46:
                    1c:cb:ea:0a:81:13:df:e9:f4:17:91:c8:ac:db:b6:
                    28:0c:59:49:58:81:8a:b7:c1:8b:3f:47:57:81:ff:
                    83:8f:41:4d:60:f3:2a:8a:04:5a:2d:62:a7:d7:18:
                    cb:fe:a1:e5:5d:8a:b0:bb:50:1f:d5:7d:b3:ac:b3:
                    2c:d0:72:13:ae:72:75:a1:66:6c:2a:9d:3a:b2:f5:
                    50:36:a3:96:ca:7f:ef:64:1c:51:54:52:41:97:39:
                    34:f2:ed:f3:d9:cb:82:78:4c:15:f0:f4:1e:b1:fe:
                    1f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8D:99:8F:20:2B:1A:8E:D7:21:06:EE:EF:7A:54:11:F2:EB:71:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a68b32-0643-4d0b-a543-f8916c97493c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.149.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c6:cc:ed:91:27:dc:c7:91:90:62:2b:d6:e0:27:e4:f9:77:a3:
         6e:d2:46:19:35:c6:00:20:33:24:9f:ab:ce:86:f6:52:1b:38:
         c7:5c:d5:78:ff:76:3c:02:99:1b:dd:10:5b:7a:38:35:dc:c1:
         7a:f2:05:01:9b:39:8d:f7:e6:6e:21:f1:19:71:ac:a0:8b:30:
         ac:31:07:a6:8f:75:b8:64:38:71:f7:36:bd:03:6e:0f:99:02:
         1e:d8:e3:04:5a:5d:2e:73:1c:71:85:ad:5e:9a:14:5e:0e:d7:
         19:9c:b7:28:48:6f:72:5d:75:21:a3:99:a3:f5:37:88:91:57:
         90:21:08:4e:be:6e:93:4b:74:bc:57:18:8f:59:91:e8:73:cd:
         ec:a1:7f:7a:25:ee:bf:ab:51:12:f8:ac:16:54:e2:24:7b:fa:
         9b:45:c2:a2:d2:7c:3c:5e:d4:6c:94:0a:d9:8d:ec:17:5d:57:
         41:ae:e3:55:b1:40:d2:92:99:94:3b:b4:a9:70:f7:37:37:32:
         a2:b9:9a:7d:59:eb:9a:cb:67:de:03:93:46:0a:e9:f2:74:64:
         46:07:35:b3:17:f9:59:38:26:de:1c:35:91:8c:3c:fd:fa:2d:
         97:f7:6f:05:f9:f3:32:2e:01:4d:38:49:af:58:cd:0d:9c:33:
         d8:79:2e:11
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVVEufhTSrIi8eAvsGjBA0AbgNmowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE0MTUwMDE0WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjdkYTA5ODA2Y2M3ZjdmODkwMGY3YThmNzQyODIzMmY1
OTFmMzllYzU5NzE4MmMzYzA0MjFmNzE4YzJmNDIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2/A1j65KzOdIRlPTZMIzoAsoa0Bzu7wlXB3FrCCMTU6dY
s5UoTVP4SVHb6EDnWQleGiYnjjk0LVb0G3uwM8l+NA3K5IrCvGgnk0NwtPEp/jv1
xzQo+kHMSyELu4EFRaG9WP/NmjmW3bPZ2PY6wWvJxJ8Bur0+TFKusRF6V5/lgZfQ
/jq2UeBGdJZdx5qIwtDxDf3rRhzL6gqBE9/p9BeRyKzbtigMWUlYgYq3wYs/R1eB
/4OPQU1g8yqKBFotYqfXGMv+oeVdirC7UB/VfbOssyzQchOucnWhZmwqnTqy9VA2
o5bKf+9kHFFUUkGXOTTy7fPZy4J4TBXw9B6x/h/JAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzo2ZjyArGo7XIQbu73pUEfLrccQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4YTY4YjMyLTA2NDMtNGQwYi1hNTQzLWY4OTE2Yzk3NDkzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBolTANBgkqhkiG9w0BAQsFAAOCAQEAxsztkSfcx5GQYivW4Cfk+XejbtJG
GTXGACAzJJ+rzob2Uhs4x1zVeP92PAKZG90QW3o4NdzBevIFAZs5jffmbiHxGXGs
oIswrDEHpo91uGQ4cfc2vQNuD5kCHtjjBFpdLnMccYWtXpoUXg7XGZy3KEhvcl11
IaOZo/U3iJFXkCEITr5uk0t0vFcYj1mR6HPN7KF/eiXuv6tREvisFlTiJHv6m0XC
otJ8PF7UbJQK2Y3sF11XQa7jVbFA0pKZlDu0qXD3NzcyormafVnrmstn3gOTRgrp
8nRkRgc1sxf5WTgm3hw1kYw8/fotl/dvBfnzMi4BTThJr1jNDZwz2HkuEQ==
-----END CERTIFICATE-----