Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2b12345-104a-4e98-ae2a-6da7a7ccc683.roa
File:                     a2b12345-104a-4e98-ae2a-6da7a7ccc683.roa (raw, json)
Hash identifier:          hBWGtDUq9um0TCv3Xw0p0FnUq4hl0Xw2bTyzKlLtU9s=
Subject key identifier:   08:CB:38:94:DB:5B:58:A0:CC:7A:C9:A8:3D:EE:DE:B3:0F:D6:F1:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5577476BB496E29A10AA8F72C15A1E3F6133D83A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2b12345-104a-4e98-ae2a-6da7a7ccc683.roa
Signing time:             Wed 02 Apr 2025 00:00:25 +0000
ROA not before:           Wed 02 Apr 2025 00:00:25 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        108.175.48.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:77:47:6b:b4:96:e2:9a:10:aa:8f:72:c1:5a:1e:3f:61:33:d8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  2 00:00:25 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: serialNumber=3c87ef1ae788acb0437bcf7869570f0c0656f759a85644f6bd9a2c0ec4536d6d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1a:89:c8:ea:52:da:f5:22:10:b9:c1:bb:12:
                    d6:67:7b:67:2f:d4:64:30:79:8d:ee:24:c4:1a:51:
                    ab:5f:d6:57:e5:dd:a5:32:ef:e2:8d:a3:30:60:08:
                    4e:6e:a6:05:1d:e7:70:b3:46:e0:a9:68:0e:4c:13:
                    34:f1:be:19:b3:cf:9a:c3:d0:d3:52:90:72:d4:d4:
                    b0:30:86:9a:d2:d6:a0:ce:43:fe:b8:9e:c5:fe:c6:
                    c4:88:9d:40:3b:73:a7:f9:20:72:91:88:3e:81:d5:
                    64:70:69:a2:e4:d9:25:1f:a4:ae:b6:93:3e:94:f3:
                    8e:88:30:ad:af:65:f1:02:b4:26:bb:45:92:10:74:
                    e8:90:48:b8:2b:b2:8b:5b:e1:cf:7f:21:75:4d:2d:
                    ec:38:e5:86:12:21:28:6e:62:47:bf:fa:5c:8a:e8:
                    10:5e:51:fd:ab:ba:f4:19:59:78:80:81:4d:41:08:
                    52:97:33:24:af:34:b3:81:3a:72:ff:0d:ad:ef:ce:
                    1c:75:c2:92:60:aa:0d:4c:5a:ee:f0:56:d6:7c:4f:
                    4f:3b:c4:87:89:63:25:a7:19:80:ec:a3:41:80:e2:
                    ed:94:52:6a:83:72:b8:f8:c6:51:ec:cc:a3:19:66:
                    2c:6d:53:ac:03:88:54:1a:7e:98:c1:31:7c:b9:d5:
                    b2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CB:38:94:DB:5B:58:A0:CC:7A:C9:A8:3D:EE:DE:B3:0F:D6:F1:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2b12345-104a-4e98-ae2a-6da7a7ccc683.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.175.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:98:fe:3d:9a:45:3d:21:64:18:29:2d:a6:e8:1d:65:c9:fd:
         f0:84:a5:f9:2b:47:37:4a:a0:c0:ca:9d:4d:23:d8:d3:17:75:
         bc:21:7e:cf:83:4f:d2:50:dd:27:12:d7:c1:f3:e4:53:74:35:
         e1:59:98:41:ce:17:8d:9c:eb:88:8b:61:28:a1:8d:77:07:78:
         95:05:75:b4:1c:cd:c4:c5:8d:aa:23:63:dc:36:fa:ab:b5:c5:
         94:da:0a:6a:d5:16:c7:eb:23:61:8d:79:3b:41:b8:ab:de:99:
         12:02:9f:25:45:ad:b0:b9:2a:b7:fa:cb:8f:c8:f4:37:80:4f:
         c9:48:8f:ad:39:f9:28:3e:e7:94:bc:b4:16:4d:87:e1:85:b4:
         66:64:b2:21:17:ed:a7:f5:d8:a7:73:2d:19:49:d3:0a:da:79:
         2b:df:da:92:b1:86:bf:9a:5d:47:3d:1c:61:01:da:0c:84:2c:
         10:00:fa:5f:c6:2b:80:f4:88:29:68:9a:8d:51:ef:03:1b:81:
         60:ca:3b:0a:38:ee:54:5a:f4:88:02:bb:c8:79:cf:b6:2c:80:
         dc:4c:8e:b4:15:f7:06:56:0f:c1:ce:68:9c:f7:00:66:41:d5:
         72:af:27:59:cd:86:e9:d0:9f:2b:72:83:97:d3:da:24:d8:e5:
         bc:25:5b:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVXdHa7SW4poQqo9ywVoeP2Ez2DowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAyMDAwMDI1WhcNMjUwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzg3ZWYxYWU3ODhhY2IwNDM3YmNmNzg2OTU3MGYwYzA2
NTZmNzU5YTg1NjQ0ZjZiZDlhMmMwZWM0NTM2ZDZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTGonI6lLa9SIQucG7EtZne2cv1GQweY3uJMQaUatf1lfl
3aUy7+KNozBgCE5upgUd53CzRuCpaA5MEzTxvhmzz5rD0NNSkHLU1LAwhprS1qDO
Q/64nsX+xsSInUA7c6f5IHKRiD6B1WRwaaLk2SUfpK62kz6U846IMK2vZfECtCa7
RZIQdOiQSLgrsotb4c9/IXVNLew45YYSIShuYke/+lyK6BBeUf2ruvQZWXiAgU1B
CFKXMySvNLOBOnL/Da3vzhx1wpJgqg1MWu7wVtZ8T087xIeJYyWnGYDso0GA4u2U
UmqDcrj4xlHszKMZZixtU6wDiFQafpjBMXy51bKpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCMs4lNtbWKDMesmoPe7esw/W8dMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyYjEyMzQ1LTEwNGEtNGU5OC1hZTJhLTZkYTdhN2NjYzY4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsrzAwDQYJKoZIhvcNAQELBQADggEBAIaY/j2aRT0hZBgpLaboHWXJ/fCE
pfkrRzdKoMDKnU0j2NMXdbwhfs+DT9JQ3ScS18Hz5FN0NeFZmEHOF42c64iLYSih
jXcHeJUFdbQczcTFjaojY9w2+qu1xZTaCmrVFsfrI2GNeTtBuKvemRICnyVFrbC5
Krf6y4/I9DeAT8lIj605+Sg+55S8tBZNh+GFtGZksiEX7af12KdzLRlJ0wraeSvf
2pKxhr+aXUc9HGEB2gyELBAA+l/GK4D0iClomo1R7wMbgWDKOwo47lRa9IgCu8h5
z7YsgNxMjrQV9wZWD8HOaJz3AGZB1XKvJ1nNhunQnytyg5fT2iTY5bwlWx4=
-----END CERTIFICATE-----