Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b9e2606a-70b0-45cc-a03d-b5a54fb9b75a.roa
File:                     b9e2606a-70b0-45cc-a03d-b5a54fb9b75a.roa (raw, json)
Hash identifier:          wBizFkqVvXLkNq5osTajZe786xNoIFcFuPO3zkdtIGs=
Subject key identifier:   3E:2E:FE:30:AE:7F:E9:BF:42:0E:21:44:E3:AC:40:28:CE:58:47:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5BFFBB845D2B8BD2BE48E61DC1F0DAD34CC15342
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b9e2606a-70b0-45cc-a03d-b5a54fb9b75a.roa
Signing time:             Mon 07 Apr 2025 15:10:18 +0000
ROA not before:           Mon 07 Apr 2025 15:10:18 +0000
ROA not after:            Mon 12 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.150.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ff:bb:84:5d:2b:8b:d2:be:48:e6:1d:c1:f0:da:d3:4c:c1:53:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  7 15:10:18 2025 GMT
            Not After : May 12 23:59:59 2025 GMT
        Subject: serialNumber=4158e3f08a274bb94e292516a38d6734c7572ae04e1c314b357c51786dc29ada, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b9:c8:51:a3:34:d5:05:4a:12:b3:48:67:1e:
                    03:0e:97:0a:f2:d0:0c:7f:91:7f:ee:59:d6:39:77:
                    53:3d:12:2e:a7:3f:82:63:1e:92:ac:2e:12:54:97:
                    30:40:88:90:cf:d0:c6:01:d4:82:16:50:55:45:3c:
                    13:3f:39:d8:a1:95:17:bb:ce:80:aa:df:92:fa:5e:
                    36:1a:23:be:98:c7:8a:fd:cb:b3:28:fd:42:12:e0:
                    40:21:9a:5c:1a:c0:9c:45:b8:a1:2a:82:ba:f9:5b:
                    87:bd:0c:82:9e:de:77:a4:97:8e:20:12:3b:c7:e7:
                    e4:78:4f:0d:61:3b:8a:f4:19:e5:63:55:c7:1b:15:
                    dc:f1:15:93:4e:15:cd:fb:dc:61:bf:40:79:e0:2f:
                    15:d2:70:c5:d8:f9:94:f1:24:1a:c3:50:03:88:d1:
                    a3:c4:c0:22:fe:2b:ff:e2:e2:2f:b5:b2:51:cd:c0:
                    8e:c9:5d:ce:38:cd:7d:44:5e:d7:f4:83:12:fc:a0:
                    6f:bc:f1:b0:4c:26:45:f3:4f:03:ed:9c:7c:42:ac:
                    d3:ff:89:a7:88:ed:6d:62:50:ed:b1:7d:d3:37:8c:
                    7f:06:5e:07:ea:9d:99:c4:b3:db:b6:0c:c4:29:91:
                    26:ff:33:5f:5d:6c:3c:c1:ee:c7:29:16:46:6c:2d:
                    c5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2E:FE:30:AE:7F:E9:BF:42:0E:21:44:E3:AC:40:28:CE:58:47:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b9e2606a-70b0-45cc-a03d-b5a54fb9b75a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d7:be:07:ae:ee:ca:55:d9:30:c8:0c:75:68:09:66:46:96:28:
         0e:b5:a3:d4:94:22:b0:25:73:22:eb:38:3a:7b:b8:67:16:9a:
         b6:87:65:12:6c:e3:89:b3:6f:04:62:66:8f:64:50:41:e9:24:
         1f:fc:63:10:da:b1:64:ad:dd:e2:2c:ab:c7:80:97:d0:aa:3d:
         ff:48:36:9d:62:5a:cb:d8:45:58:0e:93:49:bd:7e:ee:e8:a3:
         56:d8:ee:27:8e:61:52:82:3d:91:d8:91:44:a7:ac:ad:5b:75:
         28:78:bd:c1:6e:6d:9d:25:68:79:db:ec:4f:df:6c:42:d5:eb:
         08:89:53:1d:c8:84:c8:f9:11:85:09:d3:8f:c4:44:9a:d5:11:
         9b:19:ca:c7:5f:ee:75:c4:46:73:a9:ae:4d:bf:b9:26:a0:1f:
         89:09:da:30:1c:bf:7a:89:1c:d9:fd:37:3c:4f:f7:32:3b:ac:
         39:db:df:aa:78:8e:aa:52:f7:5d:28:42:7b:c1:17:5c:45:d4:
         82:78:9d:b3:eb:64:5e:ee:e4:43:67:8c:f0:6c:16:d6:09:e1:
         68:9a:03:77:ee:68:4e:cc:a3:6b:87:47:24:d0:ab:62:d3:d4:
         45:4a:d6:6a:3a:8e:71:af:df:2b:fe:b3:65:54:5a:ec:dd:86:
         90:91:9a:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUW/+7hF0ri9K+SOYdwfDa00zBU0IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA3MTUxMDE4WhcNMjUwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTU4ZTNmMDhhMjc0YmI5NGUyOTI1MTZhMzhkNjczNGM3
NTcyYWUwNGUxYzMxNGIzNTdjNTE3ODZkYzI5YWRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2uchRozTVBUoSs0hnHgMOlwry0Ax/kX/uWdY5d1M9Ei6n
P4JjHpKsLhJUlzBAiJDP0MYB1IIWUFVFPBM/OdihlRe7zoCq35L6XjYaI76Yx4r9
y7Mo/UIS4EAhmlwawJxFuKEqgrr5W4e9DIKe3nekl44gEjvH5+R4Tw1hO4r0GeVj
VccbFdzxFZNOFc373GG/QHngLxXScMXY+ZTxJBrDUAOI0aPEwCL+K//i4i+1slHN
wI7JXc44zX1EXtf0gxL8oG+88bBMJkXzTwPtnHxCrNP/iaeI7W1iUO2xfdM3jH8G
XgfqnZnEs9u2DMQpkSb/M19dbDzB7scpFkZsLcVHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPi7+MK5/6b9CDiFE46xAKM5YR1AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I5ZTI2MDZhLTcwYjAtNDVjYy1hMDNkLWI1YTU0ZmI5Yjc1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQljANBgkqhkiG9w0BAQsFAAOCAQEA174Hru7KVdkwyAx1aAlmRpYoDrWj
1JQisCVzIus4Onu4ZxaatodlEmzjibNvBGJmj2RQQekkH/xjENqxZK3d4iyrx4CX
0Ko9/0g2nWJay9hFWA6TSb1+7uijVtjuJ45hUoI9kdiRRKesrVt1KHi9wW5tnSVo
edvsT99sQtXrCIlTHciEyPkRhQnTj8REmtURmxnKx1/udcRGc6muTb+5JqAfiQna
MBy/eokc2f03PE/3MjusOdvfqniOqlL3XShCe8EXXEXUgnids+tkXu7kQ2eM8GwW
1gnhaJoDd+5oTsyja4dHJNCrYtPURUrWajqOca/fK/6zZVRa7N2GkJGaxA==
-----END CERTIFICATE-----