Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa
File:                     7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa (raw, json)
Hash identifier:          ecEutN/2ZpihN8puEquC13I20mgbhcVovt7llD69sTI=
Subject key identifier:   11:D3:77:75:74:A9:AB:8A:28:87:1F:D5:F5:1D:33:E7:A7:ED:1C:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CC494F99A62E972A43D3B90FE8477DD32CC402B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa
Signing time:             Mon 07 Apr 2025 15:11:03 +0000
ROA not before:           Mon 07 Apr 2025 15:11:03 +0000
ROA not after:            Mon 12 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.53.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c4:94:f9:9a:62:e9:72:a4:3d:3b:90:fe:84:77:dd:32:cc:40:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  7 15:11:03 2025 GMT
            Not After : May 12 23:59:59 2025 GMT
        Subject: serialNumber=2131512d49756b84866570da3b4eacd256d6e1c277d728b58aeecc6c05cf9a25, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7b:6c:a4:f2:b5:eb:3c:20:5c:23:54:f6:da:
                    4c:36:82:f5:3c:16:40:66:73:35:f9:5e:78:f2:cb:
                    26:26:40:af:06:67:a6:f2:28:4b:8e:9c:f2:34:ee:
                    cb:12:dd:b3:77:31:55:5b:96:26:53:38:ab:43:20:
                    b4:af:4e:22:f9:52:c2:90:ef:f8:ec:8a:9b:fe:52:
                    27:5b:3c:3a:0b:27:fa:92:5d:ab:41:4b:dc:60:cd:
                    0e:01:c2:77:9f:56:b9:db:fe:57:03:cf:60:50:22:
                    cc:b7:d8:84:17:c9:f9:d8:d6:bf:5f:6b:f0:e9:65:
                    90:d9:63:e5:55:aa:bb:e4:34:2f:a5:01:16:60:d1:
                    ae:7a:98:d1:cb:ae:b9:e7:48:84:8f:4c:7f:47:b2:
                    1f:4f:2d:bd:81:22:f0:72:be:a5:70:79:12:3e:11:
                    36:12:b4:8e:23:6c:87:d1:e3:c9:f7:c2:61:62:01:
                    6f:e5:5d:91:83:ef:a6:41:4b:24:ab:13:5a:78:e3:
                    d8:89:e5:b3:29:3e:ca:88:20:51:1c:46:da:f5:39:
                    6c:33:00:a3:f0:16:89:07:27:2f:d3:a0:f5:02:c6:
                    34:a4:aa:b1:43:d3:cc:37:3d:b3:37:78:c3:2c:14:
                    77:74:3a:d5:be:6c:f5:46:57:81:ec:ca:2f:3f:9c:
                    1e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D3:77:75:74:A9:AB:8A:28:87:1F:D5:F5:1D:33:E7:A7:ED:1C:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:86:e6:c8:08:24:fd:e1:1c:62:74:8e:8f:4a:54:92:33:d9:
         09:ae:12:31:00:10:4e:2b:fd:ea:3d:e5:9a:fe:72:bb:57:7d:
         36:de:58:7e:35:f0:e4:3b:1c:79:ac:47:e6:50:d5:6c:10:b2:
         c0:ff:f2:1f:8f:56:58:25:1b:3f:7f:2c:8d:c2:05:35:e1:f9:
         31:46:37:5e:2b:4a:a4:11:23:59:2a:40:1d:6d:fe:a6:1e:23:
         25:c6:65:fe:71:38:0e:1b:31:3d:e8:d9:92:f8:0c:81:fc:19:
         05:f5:26:50:8a:03:fe:ab:b8:1d:a4:c1:0e:91:eb:11:7f:2a:
         b4:14:ce:32:88:ed:84:6a:62:df:0c:25:06:78:ff:21:80:e6:
         5c:d0:70:31:c3:bd:69:d8:b7:92:42:ce:24:0a:95:37:aa:ef:
         75:70:dc:f6:9c:4c:8c:a9:86:79:80:ad:a1:36:fb:27:ad:cd:
         72:04:e5:77:cd:91:be:3c:9c:ac:96:ec:e1:3e:84:f9:95:bd:
         6f:e1:7f:89:09:61:22:d2:93:df:11:60:4c:b3:74:c5:a2:b1:
         d4:0f:91:ff:81:16:34:b2:93:8e:01:1e:73:7e:ed:21:e4:06:
         56:1e:26:af:b2:68:25:20:0c:0f:1b:79:06:7b:f3:8e:bc:52:
         47:6e:13:51
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXMSU+Zpi6XKkPTuQ/oR33TLMQCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA3MTUxMTAzWhcNMjUwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTMxNTEyZDQ5NzU2Yjg0ODY2NTcwZGEzYjRlYWNkMjU2
ZDZlMWMyNzdkNzI4YjU4YWVlY2M2YzA1Y2Y5YTI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCee2yk8rXrPCBcI1T22kw2gvU8FkBmczX5XnjyyyYmQK8G
Z6byKEuOnPI07ssS3bN3MVVbliZTOKtDILSvTiL5UsKQ7/jsipv+UidbPDoLJ/qS
XatBS9xgzQ4BwnefVrnb/lcDz2BQIsy32IQXyfnY1r9fa/DpZZDZY+VVqrvkNC+l
ARZg0a56mNHLrrnnSISPTH9Hsh9PLb2BIvByvqVweRI+ETYStI4jbIfR48n3wmFi
AW/lXZGD76ZBSySrE1p449iJ5bMpPsqIIFEcRtr1OWwzAKPwFokHJy/ToPUCxjSk
qrFD08w3PbM3eMMsFHd0OtW+bPVGV4Hsyi8/nB4BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEdN3dXSpq4oohx/V9R0z56ftHNgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiZmRmYzM3LTEzZTctNGIzZC1iMDgzLTdjMWQ4Y2YwN2FkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNTANBgkqhkiG9w0BAQsFAAOCAQEAs4bmyAgk/eEcYnSOj0pUkjPZCa4S
MQAQTiv96j3lmv5yu1d9Nt5YfjXw5DsceaxH5lDVbBCywP/yH49WWCUbP38sjcIF
NeH5MUY3XitKpBEjWSpAHW3+ph4jJcZl/nE4DhsxPejZkvgMgfwZBfUmUIoD/qu4
HaTBDpHrEX8qtBTOMojthGpi3wwlBnj/IYDmXNBwMcO9adi3kkLOJAqVN6rvdXDc
9pxMjKmGeYCtoTb7J63NcgTld82RvjycrJbs4T6E+ZW9b+F/iQlhItKT3xFgTLN0
xaKx1A+R/4EWNLKTjgEec37tIeQGVh4mr7JoJSAMDxt5BnvzjrxSR24TUQ==
-----END CERTIFICATE-----