Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c1a18f2-6db7-414e-af5f-943e93d34d77.roa
File:                     8c1a18f2-6db7-414e-af5f-943e93d34d77.roa (raw, json)
Hash identifier:          TVN5SxxIjcLptEws7++VZ3U1pqLbTDh8QW2iXNnhKE0=
Subject key identifier:   BB:4C:B3:68:AA:C8:C5:CE:8F:F4:C7:12:5C:36:37:C0:23:FB:1A:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5073352E568C8C6D893AD26951637C71C1516044
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c1a18f2-6db7-414e-af5f-943e93d34d77.roa
Signing time:             Sat 05 Apr 2025 00:01:17 +0000
ROA not before:           Sat 05 Apr 2025 00:01:17 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.134.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:73:35:2e:56:8c:8c:6d:89:3a:d2:69:51:63:7c:71:c1:51:60:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  5 00:01:17 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: serialNumber=ae9e583e502ca591f615cb618d820051d887579356d4ba56d5605ac7730ef117, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:97:c3:b9:29:6b:e3:f2:76:b0:1f:86:fe:72:
                    92:18:06:55:34:1f:7a:1d:66:f0:ca:d9:ae:dd:bb:
                    cf:1a:dd:76:c4:28:9f:62:f7:d8:f8:2e:ac:b2:7d:
                    76:d6:86:96:56:21:2d:af:ad:48:e8:10:81:77:29:
                    63:4f:03:35:62:7c:84:4a:f1:47:f8:ce:d0:96:b2:
                    c1:fa:84:90:00:86:e7:0d:d9:62:dd:d8:95:0b:7b:
                    fb:a9:55:e0:cd:79:4f:28:5f:0a:5e:54:5f:e1:43:
                    a6:9a:51:7f:7e:27:78:e5:22:16:8a:ea:db:f6:9b:
                    c5:ad:05:bc:6d:77:fc:1d:f0:0a:b0:9f:26:a6:d5:
                    8d:4a:13:dc:f7:26:5b:d7:08:74:1d:0e:5f:e6:5f:
                    83:4d:88:e2:5b:9a:c2:1e:a8:e8:9a:02:db:20:19:
                    f4:50:3e:ec:9f:b7:24:b5:c6:9a:32:fd:a4:a9:4d:
                    0b:99:15:24:14:c9:7f:9b:25:89:99:c9:42:37:c8:
                    f4:a6:d3:3a:70:60:26:42:6d:6a:34:05:65:ef:03:
                    2a:23:e0:90:88:58:05:9a:c6:fc:5b:bd:86:a7:34:
                    4d:72:a8:16:f2:49:3e:51:2a:75:1e:ad:e7:86:71:
                    55:dc:e3:5c:18:21:29:24:08:82:fe:9d:24:06:2c:
                    18:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:4C:B3:68:AA:C8:C5:CE:8F:F4:C7:12:5C:36:37:C0:23:FB:1A:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c1a18f2-6db7-414e-af5f-943e93d34d77.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.134.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         71:21:c0:c7:7f:16:74:b0:f1:36:9c:5d:c1:01:56:8f:96:ea:
         71:2b:69:a4:ad:e3:fb:d1:1d:55:09:e6:bc:d7:32:1f:a9:5a:
         6a:ad:1f:6e:8d:d1:94:bf:06:5d:f6:6a:cd:ce:1d:2b:b5:52:
         34:5b:f5:44:ca:65:59:ab:41:3a:da:52:bd:2b:fb:07:78:8c:
         83:c8:d4:32:ef:ce:b6:7b:0f:64:1c:d7:98:56:c3:07:2e:c0:
         ce:79:00:7c:6e:c9:93:73:3f:ea:9d:7a:a0:82:e2:ba:b8:2d:
         19:49:cf:58:d6:79:48:39:8e:11:98:02:04:62:b5:92:d7:ab:
         75:79:44:c3:18:4a:93:ca:70:88:82:42:46:c7:b9:50:1f:41:
         21:40:8d:93:eb:9e:b2:33:b1:7f:50:c3:a6:73:36:f6:2a:37:
         a2:af:e9:47:27:dd:d4:94:92:75:ce:b9:08:e8:d5:f7:8d:db:
         a2:95:63:4a:3b:58:42:ec:61:68:af:53:63:28:c9:d1:92:70:
         44:b0:73:55:a3:4c:e3:83:cd:6e:45:ba:fd:0b:8a:34:db:8b:
         6f:2a:13:c5:2f:a5:fb:c8:8a:86:34:06:c0:a5:b1:43:a8:f6:
         80:14:e2:9f:4b:c1:87:fc:8a:11:ac:58:3e:08:65:ab:7e:b8:
         52:a8:0f:1d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUHM1LlaMjG2JOtJpUWN8ccFRYEQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA1MDAwMTE3WhcNMjUwNTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTllNTgzZTUwMmNhNTkxZjYxNWNiNjE4ZDgyMDA1MWQ4
ODc1NzkzNTZkNGJhNTZkNTYwNWFjNzczMGVmMTE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBl8O5KWvj8nawH4b+cpIYBlU0H3odZvDK2a7du88a3XbE
KJ9i99j4LqyyfXbWhpZWIS2vrUjoEIF3KWNPAzVifIRK8Uf4ztCWssH6hJAAhucN
2WLd2JULe/upVeDNeU8oXwpeVF/hQ6aaUX9+J3jlIhaK6tv2m8WtBbxtd/wd8Aqw
nyam1Y1KE9z3JlvXCHQdDl/mX4NNiOJbmsIeqOiaAtsgGfRQPuyftyS1xpoy/aSp
TQuZFSQUyX+bJYmZyUI3yPSm0zpwYCZCbWo0BWXvAyoj4JCIWAWaxvxbvYanNE1y
qBbyST5RKnUereeGcVXc41wYISkkCIL+nSQGLBhxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUu0yzaKrIxc6P9McSXDY3wCP7GiYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhjMWExOGYyLTZkYjctNDE0ZS1hZjVmLTk0M2U5M2QzNGQ3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCXhjANBgkqhkiG9w0BAQsFAAOCAQEAcSHAx38WdLDxNpxdwQFWj5bqcStp
pK3j+9EdVQnmvNcyH6laaq0fbo3RlL8GXfZqzc4dK7VSNFv1RMplWatBOtpSvSv7
B3iMg8jUMu/OtnsPZBzXmFbDBy7AznkAfG7Jk3M/6p16oILiurgtGUnPWNZ5SDmO
EZgCBGK1kterdXlEwxhKk8pwiIJCRse5UB9BIUCNk+uesjOxf1DDpnM29io3oq/p
Ryfd1JSSdc65COjV943bopVjSjtYQuxhaK9TYyjJ0ZJwRLBzVaNM44PNbkW6/QuK
NNuLbyoTxS+l+8iKhjQGwKWxQ6j2gBTin0vBh/yKEaxYPghlq364UqgPHQ==
-----END CERTIFICATE-----