Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76aa40ec-69b9-44f1-9209-484f2d282a6a.roa
File:                     76aa40ec-69b9-44f1-9209-484f2d282a6a.roa (raw, json)
Hash identifier:          9qfBVYQTZJFQbXoc1ljBXmKvDUwEwCnCWeQqFNhyCVQ=
Subject key identifier:   D9:4D:24:60:2D:C1:71:22:1E:AC:3E:EC:2F:8B:B9:38:ED:FB:E7:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1DECA2EC7F6B239EF5311A12CDA9D2F171431F8D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76aa40ec-69b9-44f1-9209-484f2d282a6a.roa
Signing time:             Fri 28 Mar 2025 15:12:02 +0000
ROA not before:           Fri 28 Mar 2025 15:12:02 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        157.175.128.0/17 maxlen: 17

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ec:a2:ec:7f:6b:23:9e:f5:31:1a:12:cd:a9:d2:f1:71:43:1f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:12:02 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=1edb377e3b637364c466c8828f0b0a7aabf0a64a7beafe3b10ebbe642bb89370, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f9:1e:b6:23:66:d7:8e:61:98:e1:8f:f9:dd:
                    18:65:59:33:ae:2e:af:24:6a:74:9d:2d:71:a1:2b:
                    e1:c3:c9:2b:5e:97:83:98:a5:8d:36:c3:28:e6:a3:
                    04:7b:ac:b7:af:48:a6:67:86:5d:d3:bf:a4:44:01:
                    67:76:ab:fb:b8:77:ee:b3:c7:10:93:b7:8c:65:87:
                    81:20:ce:5a:ec:d1:56:5e:5a:fe:e9:34:16:b5:f4:
                    16:e1:ce:7f:94:1a:07:61:23:8e:13:53:cf:e1:38:
                    a3:d2:c5:ca:3d:ae:c6:37:38:c1:11:06:44:a6:9f:
                    04:47:ad:e4:d6:6d:1a:da:53:35:4e:65:c6:8d:82:
                    ff:15:d5:43:d6:49:9c:92:0b:96:cd:f0:b4:4e:47:
                    c4:c5:96:e5:ac:5c:7a:df:dc:72:28:1a:76:44:57:
                    d4:0e:6b:99:8b:ea:08:b4:36:0e:f0:8d:94:15:f5:
                    f7:a1:ff:94:f2:5f:0f:95:c2:93:cf:9c:44:1e:7c:
                    b4:9c:66:51:b9:bc:ca:8c:24:e1:04:cb:a6:75:fd:
                    25:0e:ba:e0:ea:92:48:61:9c:5f:8f:ab:29:64:b0:
                    8a:dc:61:03:be:7e:b3:72:d4:62:d0:ca:69:0f:07:
                    c4:f3:2e:e5:53:3f:37:36:af:16:e6:31:8a:8a:9a:
                    1f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4D:24:60:2D:C1:71:22:1E:AC:3E:EC:2F:8B:B9:38:ED:FB:E7:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76aa40ec-69b9-44f1-9209-484f2d282a6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.175.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         28:12:ae:50:37:f9:58:2c:b8:ed:67:5d:b6:5a:b3:a6:c5:a3:
         34:35:7b:f0:42:2d:79:93:34:eb:60:55:c7:f9:c2:0d:a6:a0:
         8b:0e:e5:fd:76:59:ba:09:7a:83:52:5c:7a:1f:0f:7a:a8:4a:
         dd:6c:30:5e:21:81:42:e1:8b:c4:af:09:d8:ec:8e:0e:79:bf:
         60:b7:b8:50:00:15:8c:0d:0b:cc:80:d0:61:4b:18:51:74:3c:
         e7:9b:53:44:74:23:ac:9c:f7:04:7a:95:85:5b:c8:48:ac:7a:
         8a:d2:56:b2:39:db:43:d5:ab:a1:d4:bd:91:b6:2d:6b:f2:46:
         8e:05:0d:7f:40:c6:bd:cd:27:7a:aa:56:c9:e9:39:f2:6e:f8:
         ee:25:d3:74:1e:09:2f:30:d5:46:11:46:81:1d:f8:36:6e:b1:
         93:37:63:da:4b:98:dd:72:23:3c:7b:cc:a6:c2:d8:32:a7:3b:
         dd:8f:f6:f3:f4:d8:b6:41:2a:65:f0:15:ef:72:b3:7c:7a:97:
         68:32:63:4d:c4:83:9c:24:cb:58:2b:3f:5f:ab:71:90:2a:f3:
         e4:14:cb:2f:08:cb:78:38:e5:ee:64:88:0f:79:12:0b:c4:5e:
         2d:27:75:a8:29:0c:38:af:22:51:93:b5:73:5c:1b:07:8e:52:
         b3:7d:a1:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHeyi7H9rI571MRoSzanS8XFDH40wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTUxMjAyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZWRiMzc3ZTNiNjM3MzY0YzQ2NmM4ODI4ZjBiMGE3YWFi
ZjBhNjRhN2JlYWZlM2IxMGViYmU2NDJiYjg5MzcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDU+R62I2bXjmGY4Y/53RhlWTOuLq8kanSdLXGhK+HDySte
l4OYpY02wyjmowR7rLevSKZnhl3Tv6REAWd2q/u4d+6zxxCTt4xlh4Egzlrs0VZe
Wv7pNBa19Bbhzn+UGgdhI44TU8/hOKPSxco9rsY3OMERBkSmnwRHreTWbRraUzVO
ZcaNgv8V1UPWSZySC5bN8LROR8TFluWsXHrf3HIoGnZEV9QOa5mL6gi0Ng7wjZQV
9feh/5TyXw+VwpPPnEQefLScZlG5vMqMJOEEy6Z1/SUOuuDqkkhhnF+PqylksIrc
YQO+frNy1GLQymkPB8TzLuVTPzc2rxbmMYqKmh+NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2U0kYC3BcSIerD7sL4u5OO3756wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc2YWE0MGVjLTY5YjktNDRmMS05MjA5LTQ4NGYyZDI4MmE2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAedr4AwDQYJKoZIhvcNAQELBQADggEBACgSrlA3+VgsuO1nXbZas6bFozQ1
e/BCLXmTNOtgVcf5wg2moIsO5f12WboJeoNSXHofD3qoSt1sMF4hgULhi8SvCdjs
jg55v2C3uFAAFYwNC8yA0GFLGFF0POebU0R0I6yc9wR6lYVbyEiseorSVrI520PV
q6HUvZG2LWvyRo4FDX9Axr3NJ3qqVsnpOfJu+O4l03QeCS8w1UYRRoEd+DZusZM3
Y9pLmN1yIzx7zKbC2DKnO92P9vP02LZBKmXwFe9ys3x6l2gyY03Eg5wky1grP1+r
cZAq8+QUyy8Iy3g45e5kiA95EgvEXi0ndagpDDivIlGTtXNcGweOUrN9oe0=
-----END CERTIFICATE-----