Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2348448-c641-49ba-bf2c-926c26af7c99.roa
File:                     b2348448-c641-49ba-bf2c-926c26af7c99.roa (raw, json)
Hash identifier:          IL0J8XN6QoLswrcVgXyZ9P2D3BD5bcqLfJMXxDfwuoc=
Subject key identifier:   12:81:61:4C:FD:42:5F:41:83:47:87:5F:7A:56:71:1F:B7:4C:D1:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14B7F224CA5B7DADCDA84E7638460FB51ED69DE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2348448-c641-49ba-bf2c-926c26af7c99.roa
Signing time:             Wed 02 Apr 2025 00:00:20 +0000
ROA not before:           Wed 02 Apr 2025 00:00:20 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.194.224.0/19 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:b7:f2:24:ca:5b:7d:ad:cd:a8:4e:76:38:46:0f:b5:1e:d6:9d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  2 00:00:20 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: serialNumber=3c9aad362182b3b01eea9c09fe036c458ef812d10b4a17bb8aa5f82c65c73088, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5d:a4:90:e8:af:60:6e:44:93:47:3f:f3:04:
                    74:7a:7b:e9:0d:62:9d:86:c5:0e:e4:0e:f3:ca:86:
                    9e:ca:b8:85:32:9c:3f:b1:c5:4b:4b:c2:b6:ec:4d:
                    4a:2f:1c:f5:72:ce:ed:b7:cb:57:d4:36:c9:c1:f0:
                    20:fa:a6:12:e1:ab:6c:c7:ed:aa:47:c2:38:ac:08:
                    85:3f:14:7f:98:14:42:a0:5a:f1:91:4d:8e:ce:41:
                    90:07:db:be:7e:1a:0d:39:f6:12:42:86:5a:89:9d:
                    bf:3e:cc:25:82:ee:06:2f:25:d6:a7:4e:98:79:3b:
                    4a:72:60:ca:f4:7c:f2:96:80:db:5e:df:54:58:bc:
                    e3:19:49:8c:30:03:28:7c:62:2f:1d:21:58:9c:3d:
                    15:2e:83:d6:11:d7:5a:26:eb:c4:73:c4:34:a5:26:
                    42:c2:44:b4:d6:8e:d1:15:f6:50:fe:6e:82:bc:34:
                    96:0e:23:0a:2d:76:65:64:14:13:e7:1f:93:5b:24:
                    7f:96:41:5b:a7:44:86:e0:3d:bb:10:83:86:00:32:
                    6c:aa:d3:39:54:5b:cf:b6:ef:76:f2:9a:0b:12:34:
                    bd:d7:87:b2:5a:57:39:68:b8:81:15:5e:66:26:4a:
                    13:3b:1a:16:54:77:59:43:08:ea:49:d6:ef:a0:99:
                    be:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:81:61:4C:FD:42:5F:41:83:47:87:5F:7A:56:71:1F:B7:4C:D1:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2348448-c641-49ba-bf2c-926c26af7c99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.194.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a6:23:5c:be:00:9c:4a:66:c4:ed:6f:fd:8b:66:b8:d7:1c:7a:
         6d:46:d7:56:2c:24:ff:2d:b4:fd:57:5e:9a:f3:c2:89:53:c5:
         81:fc:70:2b:0d:5c:c4:ac:6d:06:7d:e3:3f:e7:f0:c7:50:a2:
         79:bd:f3:fc:40:42:4f:10:03:9e:8d:b4:1e:4d:57:6f:b8:b6:
         20:7f:1c:e3:10:3b:f9:36:7b:83:fd:fe:fd:54:b7:5a:e9:6b:
         8a:36:75:1a:01:6b:43:7b:ab:d1:dd:4d:f0:5b:fa:e1:1f:9e:
         36:76:a3:e9:e9:99:1c:3e:83:d7:3c:97:b5:63:c1:22:ea:8f:
         bc:f2:63:f2:48:ec:b1:2f:d4:2b:02:e1:a0:2a:03:98:1f:fe:
         17:ab:eb:c4:96:a2:3f:e7:0c:94:60:f6:fc:3f:a2:e0:fe:0d:
         3b:f5:35:7a:4e:52:dc:ce:15:4c:4f:52:54:b3:74:91:51:95:
         52:83:b0:6f:01:14:fd:61:7f:30:86:98:ef:0b:33:bb:d7:bf:
         85:db:95:6c:3c:67:cb:48:36:bd:7d:42:10:d3:c0:1f:fe:5e:
         39:88:a0:02:1e:30:77:5a:30:34:7e:72:09:4f:8d:d8:61:b7:
         9f:38:8f:a1:22:b8:8f:8a:92:d4:20:15:85:11:94:cd:1d:14:
         d2:ac:c7:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFLfyJMpbfa3NqE52OEYPtR7WneMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAyMDAwMDIwWhcNMjUwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzlhYWQzNjIxODJiM2IwMWVlYTljMDlmZTAzNmM0NThl
ZjgxMmQxMGI0YTE3YmI4YWE1ZjgyYzY1YzczMDg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFXaSQ6K9gbkSTRz/zBHR6e+kNYp2GxQ7kDvPKhp7KuIUy
nD+xxUtLwrbsTUovHPVyzu23y1fUNsnB8CD6phLhq2zH7apHwjisCIU/FH+YFEKg
WvGRTY7OQZAH275+Gg059hJChlqJnb8+zCWC7gYvJdanTph5O0pyYMr0fPKWgNte
31RYvOMZSYwwAyh8Yi8dIVicPRUug9YR11om68RzxDSlJkLCRLTWjtEV9lD+boK8
NJYOIwotdmVkFBPnH5NbJH+WQVunRIbgPbsQg4YAMmyq0zlUW8+273bymgsSNL3X
h7JaVzlouIEVXmYmShM7GhZUd1lDCOpJ1u+gmb7vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEoFhTP1CX0GDR4dfelZxH7dM0WUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyMzQ4NDQ4LWM2NDEtNDliYS1iZjJjLTkyNmMyNmFmN2M5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVowuAwDQYJKoZIhvcNAQELBQADggEBAKYjXL4AnEpmxO1v/YtmuNccem1G
11YsJP8ttP1XXprzwolTxYH8cCsNXMSsbQZ94z/n8MdQonm98/xAQk8QA56NtB5N
V2+4tiB/HOMQO/k2e4P9/v1Ut1rpa4o2dRoBa0N7q9HdTfBb+uEfnjZ2o+npmRw+
g9c8l7VjwSLqj7zyY/JI7LEv1CsC4aAqA5gf/her68SWoj/nDJRg9vw/ouD+DTv1
NXpOUtzOFUxPUlSzdJFRlVKDsG8BFP1hfzCGmO8LM7vXv4XblWw8Z8tINr19QhDT
wB/+XjmIoAIeMHdaMDR+cglPjdhht584j6EiuI+KktQgFYURlM0dFNKsxzw=
-----END CERTIFICATE-----