Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa
File:                     bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa (raw, json)
Hash identifier:          w45/0giNi9UJ7L6PoQJzzr5veJyhLVdzAv2bywgekvI=
Subject key identifier:   9F:3C:0C:B1:7D:E4:F9:94:F2:0D:BF:24:BE:97:10:75:3B:0A:F7:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       059AE50473E014D9BAB16D32120D844650D2B9E6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa
Signing time:             Mon 07 Apr 2025 15:20:23 +0000
ROA not before:           Mon 07 Apr 2025 15:20:23 +0000
ROA not after:            Mon 12 May 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        173.83.0.0/17 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9a:e5:04:73:e0:14:d9:ba:b1:6d:32:12:0d:84:46:50:d2:b9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  7 15:20:23 2025 GMT
            Not After : May 12 23:59:59 2025 GMT
        Subject: serialNumber=32698cfed6914de0f6e9a72d5cd4b5c86e5f43160a526a75d35dea4afa7c88f9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:16:94:b9:ed:09:4a:e5:45:8e:26:74:d6:ca:
                    de:c2:4c:a1:83:ea:0b:11:c5:50:a3:96:be:84:1a:
                    9f:38:8b:0d:41:67:b8:1d:e3:54:50:58:30:eb:b3:
                    0d:8a:ad:f0:ea:53:45:c7:e4:28:d6:b7:15:4c:6f:
                    64:aa:82:bc:86:3f:4b:d4:59:15:39:a1:e2:57:e1:
                    1b:3b:63:0b:16:c5:aa:6a:a1:3e:75:2a:7f:c9:41:
                    9f:20:9d:ca:c9:06:09:03:0a:be:e9:50:1a:7f:dd:
                    51:62:a3:52:19:f3:fd:bf:c4:df:c8:73:79:1c:21:
                    7c:d9:72:1e:23:b9:51:a5:87:84:19:73:57:66:25:
                    ac:00:a3:c4:51:3f:58:69:45:38:e6:2c:9e:d9:62:
                    c8:09:81:ad:66:a8:be:13:d2:6f:04:50:f2:42:f6:
                    8e:d0:58:05:80:74:10:37:09:d3:b5:66:ec:98:7b:
                    f9:b0:e1:f5:26:3c:b9:89:39:6b:dc:20:8f:d8:d0:
                    8c:dd:c5:e4:dc:fd:6b:a4:af:f7:52:79:88:aa:74:
                    6a:c0:d2:7f:04:5e:96:51:20:c6:f3:48:22:ed:58:
                    c7:d9:51:b8:4e:50:78:45:1d:00:46:2d:90:d3:17:
                    6b:59:3f:45:94:f8:74:9b:8a:ec:73:57:25:94:e1:
                    31:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3C:0C:B1:7D:E4:F9:94:F2:0D:BF:24:BE:97:10:75:3B:0A:F7:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4a9276-b5b0-4ac4-88ef-ad750b611dba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.83.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3f:eb:49:cb:bb:79:10:1f:91:7f:09:ae:11:59:ed:c3:55:a5:
         bf:2c:c5:78:5c:e0:d8:79:1f:f4:3c:07:5c:2f:80:2c:94:94:
         ec:f7:00:a4:ad:1c:62:50:25:bf:91:03:16:2f:fe:05:51:b2:
         2a:75:22:f1:87:b4:67:04:6f:e5:85:02:04:0e:f0:cd:0b:8d:
         97:a2:e3:3e:fe:4b:3e:97:e5:06:a9:08:d7:6d:d8:cc:ee:1e:
         0d:ca:ab:9e:30:fc:74:6b:e9:e6:c8:52:6f:a3:0b:95:b4:8f:
         7e:c4:5b:5e:36:e6:29:5a:59:34:66:d1:e7:d0:6c:3c:fc:da:
         17:e2:58:56:3f:fe:8d:a7:09:4d:11:b2:43:fe:73:20:8e:e7:
         b7:24:7c:17:97:14:e0:9b:1c:b8:d4:e4:3e:b6:d8:80:2f:6c:
         45:e1:3a:aa:92:b0:3d:c2:21:dd:b2:c6:cf:23:77:09:62:75:
         76:16:c2:db:b6:eb:4d:ac:c2:ba:08:3b:5a:96:35:85:cf:57:
         a5:79:a6:3b:c6:e9:e9:e5:8b:03:09:c6:7c:62:15:01:cd:d9:
         cf:4b:50:6d:98:c2:6a:9b:66:6b:16:c4:5f:04:96:52:99:d3:
         fa:ac:d8:45:88:a2:20:75:c4:a8:34:8a:b0:2f:cd:9b:fc:7b:
         91:7b:48:13
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBZrlBHPgFNm6sW0yEg2ERlDSueYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA3MTUyMDIzWhcNMjUwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjY5OGNmZWQ2OTE0ZGUwZjZlOWE3MmQ1Y2Q0YjVjODZl
NWY0MzE2MGE1MjZhNzVkMzVkZWE0YWZhN2M4OGY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfFpS57QlK5UWOJnTWyt7CTKGD6gsRxVCjlr6EGp84iw1B
Z7gd41RQWDDrsw2KrfDqU0XH5CjWtxVMb2SqgryGP0vUWRU5oeJX4Rs7YwsWxapq
oT51Kn/JQZ8gncrJBgkDCr7pUBp/3VFio1IZ8/2/xN/Ic3kcIXzZch4juVGlh4QZ
c1dmJawAo8RRP1hpRTjmLJ7ZYsgJga1mqL4T0m8EUPJC9o7QWAWAdBA3CdO1ZuyY
e/mw4fUmPLmJOWvcII/Y0IzdxeTc/Wukr/dSeYiqdGrA0n8EXpZRIMbzSCLtWMfZ
UbhOUHhFHQBGLZDTF2tZP0WU+HSbiuxzVyWU4TFLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnzwMsX3k+ZTyDb8kvpcQdTsK92owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiNGE5Mjc2LWI1YjAtNGFjNC04OGVmLWFkNzUwYjYxMWRiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAetUwAwDQYJKoZIhvcNAQELBQADggEBAD/rScu7eRAfkX8JrhFZ7cNVpb8s
xXhc4Nh5H/Q8B1wvgCyUlOz3AKStHGJQJb+RAxYv/gVRsip1IvGHtGcEb+WFAgQO
8M0LjZei4z7+Sz6X5QapCNdt2MzuHg3Kq54w/HRr6ebIUm+jC5W0j37EW1425ila
WTRm0efQbDz82hfiWFY//o2nCU0RskP+cyCO57ckfBeXFOCbHLjU5D622IAvbEXh
OqqSsD3CId2yxs8jdwlidXYWwtu2602swroIO1qWNYXPV6V5pjvG6enliwMJxnxi
FQHN2c9LUG2YwmqbZmsWxF8EllKZ0/qs2EWIoiB1xKg0irAvzZv8e5F7SBM=
-----END CERTIFICATE-----