Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa
File:                     ca57515a-3058-4353-ab16-a7d94657f8f8.roa (raw, json)
Hash identifier:          1gtZp687sY2JtFzNBWNe0HmbbycEuH2Z+ysyANbUgUk=
Subject key identifier:   E7:17:49:30:6A:88:BB:8F:6D:59:C1:62:53:01:FA:4F:2B:7A:1A:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18008A84D32F111A981A4C425F7BE49C87A2A4CD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa
Signing time:             Mon 31 Mar 2025 15:31:56 +0000
ROA not before:           Mon 31 Mar 2025 15:31:56 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.252.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:00:8a:84:d3:2f:11:1a:98:1a:4c:42:5f:7b:e4:9c:87:a2:a4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 15:31:56 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=ad3fe6b670c02d24da71c9fe657daca4fa2ab3a071d333ae2267503ad51e3cc7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:62:89:78:25:21:e4:9f:f0:9e:97:06:21:30:
                    71:2c:a0:20:f8:a3:b7:68:c0:6a:36:10:db:7e:68:
                    1c:04:20:75:ff:43:fa:59:0a:70:bf:1a:3a:19:c0:
                    81:d1:fc:e0:fe:0d:95:7b:ea:d9:43:53:95:3b:35:
                    8f:9d:e3:04:51:f2:dd:b0:39:a3:24:28:b4:a0:f2:
                    28:70:d2:39:f8:3f:4e:89:e9:34:ba:21:45:00:12:
                    4f:12:3e:f8:af:60:39:66:cb:f9:8c:e8:49:00:68:
                    49:41:df:19:8e:8b:2a:2b:9b:20:89:e4:00:b6:47:
                    d8:b2:39:0e:4a:df:09:cb:d8:e2:db:19:1a:0a:01:
                    5e:36:5d:67:91:f8:45:09:e2:61:4f:61:76:a7:d4:
                    73:a6:b0:16:95:f0:e3:24:2d:bb:42:83:66:f0:94:
                    8a:63:ba:73:11:f3:7d:58:46:4f:28:64:a6:cb:c2:
                    69:6a:eb:d4:bc:49:d3:2f:15:80:39:1a:f8:c8:4d:
                    71:2c:69:e9:4a:b4:fe:e8:9f:68:5d:18:26:c1:fd:
                    6f:09:ad:9d:f6:0b:07:26:84:45:0f:79:dd:10:d1:
                    83:92:2e:b1:2d:f3:69:67:77:d5:76:a9:fd:e8:ee:
                    9f:0b:da:8d:1d:96:a7:85:da:bd:f5:40:e1:da:75:
                    29:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:17:49:30:6A:88:BB:8F:6D:59:C1:62:53:01:FA:4F:2B:7A:1A:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca57515a-3058-4353-ab16-a7d94657f8f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         40:5a:ca:92:72:dd:33:ff:f6:cb:de:cf:41:33:14:d6:f0:7a:
         ec:17:41:5b:24:5d:ed:26:bc:90:32:cd:66:e0:81:da:22:03:
         66:0e:92:da:35:70:83:33:28:76:6e:df:71:7d:c2:d7:11:ec:
         84:8f:29:9c:58:89:bf:fa:72:be:e4:cd:71:6c:96:d1:84:c4:
         84:ed:73:57:b9:d2:22:9d:94:8a:90:58:6c:b8:b3:fc:e9:7c:
         84:eb:30:b7:70:ec:90:58:e5:ba:5d:93:c8:2a:4f:33:c7:e0:
         4b:f5:b5:03:82:ce:0f:c8:4c:e7:01:e8:2e:c4:67:52:65:08:
         0c:54:b0:94:f8:89:88:6c:ef:d5:49:50:ff:52:3e:42:a6:e8:
         fd:f1:42:36:5f:ab:43:e0:82:b9:9a:71:0a:91:1f:26:90:2b:
         6a:8c:d3:44:17:5d:46:d7:51:66:73:03:fe:a0:99:57:3c:61:
         52:17:94:c9:6a:70:ab:8e:3d:10:01:db:f5:27:a5:90:59:04:
         a0:de:d5:f3:8f:3f:b9:dc:d4:4d:2e:50:c8:f7:60:ab:ed:9b:
         23:62:d1:a4:be:43:61:c3:08:67:23:80:78:ce:89:50:6d:f8:
         64:ba:da:9f:35:0a:e6:21:ce:14:ab:e6:64:a7:51:18:32:75:
         01:17:03:c9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGACKhNMvERqYGkxCX3vknIeipM0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTUzMTU2WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDNmZTZiNjcwYzAyZDI0ZGE3MWM5ZmU2NTdkYWNhNGZh
MmFiM2EwNzFkMzMzYWUyMjY3NTAzYWQ1MWUzY2M3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbYol4JSHkn/CelwYhMHEsoCD4o7dowGo2ENt+aBwEIHX/
Q/pZCnC/GjoZwIHR/OD+DZV76tlDU5U7NY+d4wRR8t2wOaMkKLSg8ihw0jn4P06J
6TS6IUUAEk8SPvivYDlmy/mM6EkAaElB3xmOiyormyCJ5AC2R9iyOQ5K3wnL2OLb
GRoKAV42XWeR+EUJ4mFPYXan1HOmsBaV8OMkLbtCg2bwlIpjunMR831YRk8oZKbL
wmlq69S8SdMvFYA5GvjITXEsaelKtP7on2hdGCbB/W8JrZ32CwcmhEUPed0Q0YOS
LrEt82lnd9V2qf3o7p8L2o0dlqeF2r31QOHadSnnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5xdJMGqIu49tWcFiUwH6Tyt6GnEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhNTc1MTVhLTMwNTgtNDM1My1hYjE2LWE3ZDk0NjU3ZjhmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo/DANBgkqhkiG9w0BAQsFAAOCAQEAQFrKknLdM//2y97PQTMU1vB67BdB
WyRd7Sa8kDLNZuCB2iIDZg6S2jVwgzModm7fcX3C1xHshI8pnFiJv/pyvuTNcWyW
0YTEhO1zV7nSIp2UipBYbLiz/Ol8hOswt3DskFjlul2TyCpPM8fgS/W1A4LOD8hM
5wHoLsRnUmUIDFSwlPiJiGzv1UlQ/1I+Qqbo/fFCNl+rQ+CCuZpxCpEfJpAraozT
RBddRtdRZnMD/qCZVzxhUheUyWpwq449EAHb9SelkFkEoN7V848/udzUTS5QyPdg
q+2bI2LRpL5DYcMIZyOAeM6JUG34ZLranzUK5iHOFKvmZKdRGDJ1ARcDyQ==
-----END CERTIFICATE-----