Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aed18e-4181-45db-aec2-a8eeb50789dc.roa
File:                     c6aed18e-4181-45db-aec2-a8eeb50789dc.roa (raw, json)
Hash identifier:          Eji4/8giMNFNxIAPsSZf23eWg3J6ivX4iUpbeACdKY4=
Subject key identifier:   66:82:BC:77:3D:58:CC:AD:B7:98:90:51:54:D8:8F:7E:20:82:E1:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04F3A1CC64367983BA4EBE0828A726F068D2FBCA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aed18e-4181-45db-aec2-a8eeb50789dc.roa
Signing time:             Sat 05 Apr 2025 00:10:24 +0000
ROA not before:           Sat 05 Apr 2025 00:10:24 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.68.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f3:a1:cc:64:36:79:83:ba:4e:be:08:28:a7:26:f0:68:d2:fb:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  5 00:10:24 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: serialNumber=9609af376fbd1c33361cbec3cb40e360c03de2f1643a6ccdec06d54ddf93245d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:55:a6:70:e5:92:f0:01:df:43:0e:de:5b:f9:
                    ba:18:be:15:11:af:c5:f8:e4:5d:94:a9:fd:e5:e9:
                    61:2f:2e:f3:b7:81:6f:bc:9e:cf:e0:32:23:fe:57:
                    b4:74:eb:bb:62:6a:f5:3d:12:80:02:e2:95:1c:00:
                    66:51:73:cf:65:51:8d:d7:84:a1:df:93:6c:9c:2b:
                    52:95:3e:7a:ef:cb:12:22:1a:fa:1d:6a:39:9d:af:
                    0f:eb:45:8a:c0:b9:7e:22:a9:82:e7:e5:68:8e:4c:
                    d3:53:43:b4:4a:8a:ff:e5:0f:bc:a8:cf:ec:eb:6b:
                    65:4c:95:65:cd:42:b5:66:e2:af:51:1d:aa:3d:9b:
                    1b:16:b2:18:ad:6f:fe:68:91:1d:48:e9:0d:7d:7d:
                    17:eb:32:53:6e:89:24:90:62:96:43:e3:4e:1f:dd:
                    fb:b3:56:4d:eb:3c:f4:55:12:ee:44:df:95:fc:07:
                    bf:09:42:4c:29:ad:de:a8:af:b8:44:51:da:b0:c2:
                    c7:bf:8f:7f:1e:c0:96:1b:d9:53:08:74:92:3f:ba:
                    1d:ab:fa:1c:96:6d:2a:4f:0e:5b:0b:06:b9:89:5f:
                    cc:2e:77:c7:4c:88:cf:a6:87:46:44:2d:94:72:33:
                    5b:bc:15:19:77:9c:ff:4f:a0:84:6b:ab:91:bc:74:
                    56:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:82:BC:77:3D:58:CC:AD:B7:98:90:51:54:D8:8F:7E:20:82:E1:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aed18e-4181-45db-aec2-a8eeb50789dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.68.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:d8:dc:4a:ef:5a:3b:30:31:09:0c:bb:7d:49:53:dd:ce:23:
         f6:07:8e:da:47:6a:dd:f8:4c:d5:47:b0:43:4e:3c:ae:78:2e:
         f1:99:43:ec:59:a6:83:16:bd:d5:50:47:54:d8:2c:0d:ff:62:
         dc:b3:7a:8a:b0:52:34:05:d0:e0:58:b9:57:69:2b:a1:dd:45:
         00:22:e2:04:d4:4e:af:c7:c4:f3:27:f9:76:84:79:26:da:ee:
         9d:4d:f3:f0:69:18:0b:bb:8b:50:90:57:fb:de:2c:21:e1:e7:
         87:8d:e0:0f:ce:76:a3:d3:ac:c3:0c:5b:3f:fd:ef:c5:a3:78:
         7f:b7:66:b7:01:66:04:96:60:20:26:d0:fa:a4:b6:cc:a9:8b:
         2f:81:76:b2:b9:93:85:a5:aa:d5:63:d0:b6:c6:c7:cf:a8:d7:
         f2:b2:e4:ef:68:e7:1e:5d:f8:00:5f:8c:ec:7b:72:7b:11:be:
         0b:83:90:96:30:e1:43:08:24:85:05:6a:0b:c8:69:95:8d:15:
         94:fc:e5:77:ef:90:7f:bb:60:f0:94:5c:5b:af:7d:4b:17:a7:
         b0:24:2a:af:44:55:f8:26:5d:54:af:27:35:4c:d3:82:1b:ac:
         db:92:a0:08:71:c9:56:d8:7b:ab:19:57:c1:84:ed:ad:79:44:
         34:58:62:7c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBPOhzGQ2eYO6Tr4IKKcm8GjS+8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA1MDAxMDI0WhcNMjUwNTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjA5YWYzNzZmYmQxYzMzMzYxY2JlYzNjYjQwZTM2MGMw
M2RlMmYxNjQzYTZjY2RlYzA2ZDU0ZGRmOTMyNDVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbVaZw5ZLwAd9DDt5b+boYvhURr8X45F2Uqf3l6WEvLvO3
gW+8ns/gMiP+V7R067tiavU9EoAC4pUcAGZRc89lUY3XhKHfk2ycK1KVPnrvyxIi
Gvodajmdrw/rRYrAuX4iqYLn5WiOTNNTQ7RKiv/lD7yoz+zra2VMlWXNQrVm4q9R
Hao9mxsWshitb/5okR1I6Q19fRfrMlNuiSSQYpZD404f3fuzVk3rPPRVEu5E35X8
B78JQkwprd6or7hEUdqwwse/j38ewJYb2VMIdJI/uh2r+hyWbSpPDlsLBrmJX8wu
d8dMiM+mh0ZELZRyM1u8FRl3nP9PoIRrq5G8dFbHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZoK8dz1YzK23mJBRVNiPfiCC4fYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2YWVkMThlLTQxODEtNDVkYi1hZWMyLWE4ZWViNTA3ODlkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBiRDANBgkqhkiG9w0BAQsFAAOCAQEAQ9jcSu9aOzAxCQy7fUlT3c4j9geO
2kdq3fhM1UewQ048rngu8ZlD7Fmmgxa91VBHVNgsDf9i3LN6irBSNAXQ4Fi5V2kr
od1FACLiBNROr8fE8yf5doR5JtrunU3z8GkYC7uLUJBX+94sIeHnh43gD852o9Os
wwxbP/3vxaN4f7dmtwFmBJZgICbQ+qS2zKmLL4F2srmThaWq1WPQtsbHz6jX8rLk
72jnHl34AF+M7HtyexG+C4OQljDhQwgkhQVqC8hplY0VlPzld++Qf7tg8JRcW699
SxensCQqr0RV+CZdVK8nNUzTghus25KgCHHJVth7qxlXwYTtrXlENFhifA==
-----END CERTIFICATE-----