Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abfa8cec-4fb4-41fa-9101-2f83a4c46bbe.roa
File:                     abfa8cec-4fb4-41fa-9101-2f83a4c46bbe.roa (raw, json)
Hash identifier:          B+sAE8V+LvryvZthsZXk1RoYI0z7AVr1OHPgzN+hX4g=
Subject key identifier:   70:E4:95:49:A4:0B:01:D9:1A:0B:B3:07:13:C0:83:F8:34:6B:5B:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7E08FE9642C036D5AF1335A57242462C5A815602
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abfa8cec-4fb4-41fa-9101-2f83a4c46bbe.roa
Signing time:             Mon 31 Mar 2025 15:31:58 +0000
ROA not before:           Mon 31 Mar 2025 15:31:58 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.35.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:08:fe:96:42:c0:36:d5:af:13:35:a5:72:42:46:2c:5a:81:56:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 15:31:58 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=92a5643274f68e24e963f09654bb1a58ec54d29741b7eabe45ac5bbb4a768c27, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c5:a2:53:c0:6f:df:3c:72:0c:fe:00:59:5a:
                    1a:3b:24:c8:69:52:3a:5f:6b:3a:33:ac:da:92:f5:
                    5b:e0:47:71:c0:fa:39:11:46:1c:8d:a1:fa:5e:b4:
                    6e:ec:ea:88:db:5c:6a:72:f1:b2:c5:b9:03:fa:40:
                    83:6a:23:dd:3f:91:70:d4:51:5c:0b:ea:47:88:68:
                    69:a7:b6:c0:d7:df:fd:b8:f3:63:27:0e:ee:99:60:
                    e5:79:81:62:fd:93:38:d9:53:e4:99:d2:e8:f7:29:
                    05:15:6b:03:e4:09:c6:7b:c3:2d:ac:b6:e5:4b:ab:
                    8b:f6:1d:02:35:d3:b3:b6:b4:40:65:70:ba:0b:38:
                    79:73:d4:d5:ef:a6:a8:32:2c:ed:26:eb:fd:f8:9d:
                    63:eb:d7:bf:c5:61:65:16:66:db:02:85:bf:4e:3a:
                    43:9e:5e:e6:be:e8:97:60:de:69:7d:31:5f:aa:b1:
                    45:51:97:05:7d:ee:03:23:c8:0d:7d:18:fb:54:6d:
                    78:71:22:a9:8b:28:45:9a:d7:e0:38:a1:02:cc:18:
                    8a:fd:c3:a9:aa:0a:fa:5e:9d:32:27:66:63:74:4e:
                    1d:e4:e3:5c:a1:f4:22:e2:30:60:73:80:31:e1:72:
                    6f:f8:2d:1a:33:64:35:cf:57:a8:6a:f5:c5:28:f0:
                    1b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E4:95:49:A4:0B:01:D9:1A:0B:B3:07:13:C0:83:F8:34:6B:5B:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abfa8cec-4fb4-41fa-9101-2f83a4c46bbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:d4:8d:ec:52:ea:b5:16:3c:ef:88:c3:98:df:fe:0f:d6:fa:
         65:d8:63:4c:2c:63:f8:51:17:c7:ec:93:51:a9:99:8e:ee:6c:
         b6:12:7a:56:f4:e2:f1:c3:fa:a8:b6:d0:7f:f3:40:c4:1c:01:
         31:58:26:cf:05:c8:61:8c:4d:3f:1c:94:a9:e5:4d:a7:f7:47:
         aa:97:d0:4f:b6:1d:14:ed:c1:8e:5d:0c:7e:30:c7:08:94:6b:
         f5:17:26:f3:41:40:2c:f1:b4:90:cf:44:dd:9d:48:62:26:aa:
         af:b8:9d:05:99:b5:7c:74:cb:cb:3d:aa:61:5b:0f:ce:e1:87:
         bb:9c:29:d5:b7:4c:a7:2b:c1:ac:99:27:a3:b1:78:07:83:de:
         44:81:7e:19:29:fe:33:57:83:d8:df:fd:4a:80:9e:02:20:7d:
         90:01:8b:99:3f:37:7a:73:64:12:ff:f8:d2:cf:a4:f7:05:b9:
         98:98:52:d7:2e:94:c3:fa:64:8b:54:a9:97:fa:b0:f1:d5:02:
         ae:eb:a2:c2:a6:44:0e:c3:fc:17:04:63:4c:12:f3:74:f9:45:
         3c:bb:67:6a:42:b6:c6:68:f7:3d:5e:33:79:89:d8:1b:6c:33:
         5f:1c:91:22:44:2f:c7:ce:5a:3f:2d:c3:8a:e3:7b:7d:5c:78:
         19:b7:94:0d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfgj+lkLANtWvEzWlckJGLFqBVgIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTUzMTU4WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MmE1NjQzMjc0ZjY4ZTI0ZTk2M2YwOTY1NGJiMWE1OGVj
NTRkMjk3NDFiN2VhYmU0NWFjNWJiYjRhNzY4YzI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0xaJTwG/fPHIM/gBZWho7JMhpUjpfazozrNqS9VvgR3HA
+jkRRhyNofpetG7s6ojbXGpy8bLFuQP6QINqI90/kXDUUVwL6keIaGmntsDX3/24
82MnDu6ZYOV5gWL9kzjZU+SZ0uj3KQUVawPkCcZ7wy2stuVLq4v2HQI107O2tEBl
cLoLOHlz1NXvpqgyLO0m6/34nWPr17/FYWUWZtsChb9OOkOeXua+6Jdg3ml9MV+q
sUVRlwV97gMjyA19GPtUbXhxIqmLKEWa1+A4oQLMGIr9w6mqCvpenTInZmN0Th3k
41yh9CLiMGBzgDHhcm/4LRozZDXPV6hq9cUo8BsJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcOSVSaQLAdkaC7MHE8CD+DRrW1UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiZmE4Y2VjLTRmYjQtNDFmYS05MTAxLTJmODNhNGM0NmJiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoIzANBgkqhkiG9w0BAQsFAAOCAQEAKtSN7FLqtRY874jDmN/+D9b6Zdhj
TCxj+FEXx+yTUamZju5sthJ6VvTi8cP6qLbQf/NAxBwBMVgmzwXIYYxNPxyUqeVN
p/dHqpfQT7YdFO3Bjl0MfjDHCJRr9Rcm80FALPG0kM9E3Z1IYiaqr7idBZm1fHTL
yz2qYVsPzuGHu5wp1bdMpyvBrJkno7F4B4PeRIF+GSn+M1eD2N/9SoCeAiB9kAGL
mT83enNkEv/40s+k9wW5mJhS1y6Uw/pki1Spl/qw8dUCruuiwqZEDsP8FwRjTBLz
dPlFPLtnakK2xmj3PV4zeYnYG2wzXxyRIkQvx85aPy3DiuN7fVx4GbeUDQ==
-----END CERTIFICATE-----