Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907c8a55-20c2-4392-9479-d76e91b7b34f.roa
File:                     907c8a55-20c2-4392-9479-d76e91b7b34f.roa (raw, json)
Hash identifier:          8SjkDdZCCXa/TEpxPzvZVOszcjztLHI7IPuz+NdqrIo=
Subject key identifier:   E3:A7:0C:A0:2C:E1:06:82:74:9E:E3:92:AC:FA:2A:AC:04:54:C6:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       12F0F8A0B47040A2FF08461097F47E1B0FB32157
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907c8a55-20c2-4392-9479-d76e91b7b34f.roa
Signing time:             Fri 04 Apr 2025 00:00:24 +0000
ROA not before:           Fri 04 Apr 2025 00:00:24 +0000
ROA not after:            Fri 09 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.71.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:f0:f8:a0:b4:70:40:a2:ff:08:46:10:97:f4:7e:1b:0f:b3:21:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  4 00:00:24 2025 GMT
            Not After : May  9 23:59:59 2025 GMT
        Subject: serialNumber=3a53c365c7c581f26a91c28eac8f7f5dfa95898e70cdf113f46d2c4565370a6b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:81:20:4e:27:b4:2f:11:d9:30:80:42:da:f2:
                    23:8e:a9:f1:27:8f:f1:22:23:9f:f4:0e:68:24:ad:
                    4e:9e:f8:85:15:92:0c:c0:fe:61:d4:69:c6:43:e5:
                    96:8c:23:bb:f2:e2:80:7c:02:a6:b6:5d:5e:11:57:
                    89:f6:e3:ea:75:e7:a9:4a:a0:26:02:bb:59:db:4a:
                    fd:82:94:f7:7b:f7:15:ab:3c:4c:d0:b7:f9:5c:3c:
                    d0:80:ce:29:68:81:17:f9:99:49:36:4a:b2:09:46:
                    78:c8:6b:35:b4:29:63:d2:90:4f:09:b2:73:c4:18:
                    d3:ac:4d:09:5a:d7:2b:24:51:33:ff:a4:fb:ce:d8:
                    5d:89:4e:ad:66:65:b1:1e:ff:0c:ac:70:26:7d:96:
                    29:bb:24:4f:ea:3b:7b:d5:1e:fc:64:87:8c:30:4b:
                    85:e1:b9:9e:67:70:5d:7d:b7:62:d7:dc:f1:50:73:
                    dd:cf:cf:3a:5b:7e:36:2e:4f:8b:06:e2:c1:0d:02:
                    87:f3:02:8f:18:0f:d8:10:84:90:da:32:70:99:aa:
                    0b:e4:aa:c8:5e:fc:b6:5e:77:7f:e3:c4:be:e7:7f:
                    e6:ae:f9:b2:6f:7f:7a:8a:bd:72:ce:7d:bc:b8:6c:
                    42:ee:6f:f7:22:23:75:a0:11:bf:fd:64:50:04:44:
                    b3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A7:0C:A0:2C:E1:06:82:74:9E:E3:92:AC:FA:2A:AC:04:54:C6:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907c8a55-20c2-4392-9479-d76e91b7b34f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.71.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         92:01:52:ed:c6:83:59:a6:ee:81:e8:74:b2:cb:87:c1:3d:0d:
         ef:7c:8e:14:d2:e4:b7:5a:08:c2:bc:7a:18:48:4b:ce:86:4b:
         61:45:3a:91:5f:6f:7b:16:87:e1:51:77:8b:4e:30:7e:0d:bf:
         bf:12:b2:19:f4:57:3f:a2:ff:a8:94:62:e3:48:3d:54:50:42:
         ab:a7:d8:94:54:bf:a8:5e:3c:21:46:a4:64:f4:46:72:c5:80:
         2f:c7:4a:1f:d7:61:81:bd:23:77:2c:01:60:0b:47:e6:16:55:
         48:83:57:57:6b:be:ca:15:89:48:d7:7a:49:7c:6a:6a:fd:a2:
         22:47:81:e3:df:9a:1d:c0:da:60:cd:5d:d4:3b:a4:5c:67:bb:
         6e:8f:39:af:37:33:7f:ec:22:56:0a:00:64:91:bc:8f:b6:31:
         11:2b:eb:a5:cd:fe:2e:ad:e1:29:cd:49:49:88:d6:de:83:3a:
         bb:d6:c0:5e:cb:ea:13:f4:7f:e0:a0:34:34:d5:24:17:64:69:
         36:f0:ff:24:f0:59:fe:92:b8:a7:a4:25:cd:06:25:1a:a5:d8:
         09:da:da:a2:f2:dc:0b:ef:9e:7f:27:fd:b3:86:a4:b5:b3:40:
         e6:86:c8:4b:d6:ed:4c:97:6c:45:f7:c6:a2:91:13:23:34:63:
         32:88:50:ae
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEvD4oLRwQKL/CEYQl/R+Gw+zIVcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA0MDAwMDI0WhcNMjUwNTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTUzYzM2NWM3YzU4MWYyNmE5MWMyOGVhYzhmN2Y1ZGZh
OTU4OThlNzBjZGYxMTNmNDZkMmM0NTY1MzcwYTZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCegSBOJ7QvEdkwgELa8iOOqfEnj/EiI5/0DmgkrU6e+IUV
kgzA/mHUacZD5ZaMI7vy4oB8Aqa2XV4RV4n24+p156lKoCYCu1nbSv2ClPd79xWr
PEzQt/lcPNCAzilogRf5mUk2SrIJRnjIazW0KWPSkE8JsnPEGNOsTQla1yskUTP/
pPvO2F2JTq1mZbEe/wyscCZ9lim7JE/qO3vVHvxkh4wwS4XhuZ5ncF19t2LX3PFQ
c93PzzpbfjYuT4sG4sENAofzAo8YD9gQhJDaMnCZqgvkqshe/LZed3/jxL7nf+au
+bJvf3qKvXLOfby4bELub/ciI3WgEb/9ZFAERLM3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU46cMoCzhBoJ0nuOSrPoqrARUxs4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwN2M4YTU1LTIwYzItNDM5Mi05NDc5LWQ3NmU5MWI3YjM0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQRzANBgkqhkiG9w0BAQsFAAOCAQEAkgFS7caDWabugeh0ssuHwT0N73yO
FNLkt1oIwrx6GEhLzoZLYUU6kV9vexaH4VF3i04wfg2/vxKyGfRXP6L/qJRi40g9
VFBCq6fYlFS/qF48IUakZPRGcsWAL8dKH9dhgb0jdywBYAtH5hZVSINXV2u+yhWJ
SNd6SXxqav2iIkeB49+aHcDaYM1d1DukXGe7bo85rzczf+wiVgoAZJG8j7YxESvr
pc3+Lq3hKc1JSYjW3oM6u9bAXsvqE/R/4KA0NNUkF2RpNvD/JPBZ/pK4p6QlzQYl
GqXYCdraovLcC++efyf9s4aktbNA5obIS9btTJdsRffGopETIzRjMohQrg==
-----END CERTIFICATE-----