Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa
File:                     caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa (raw, json)
Hash identifier:          JWzDq2oQZ6prEH9IXyUOzG0qLdbiXg8AlVTu9PyHSnE=
Subject key identifier:   88:AB:47:FB:C4:2F:D9:3A:F0:2E:8C:AE:FA:C4:98:AB:DD:35:B9:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       154991BED3D7602AF439056E7D8D022B67314778
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa
Signing time:             Tue 15 Apr 2025 00:32:07 +0000
ROA not before:           Tue 15 Apr 2025 00:32:07 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.154.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:49:91:be:d3:d7:60:2a:f4:39:05:6e:7d:8d:02:2b:67:31:47:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:32:07 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=f800bc0e8da8be6da30081b7f8702a46b3afc5b5fca288cb77270a3cacaeb820, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:60:12:4f:32:c4:cf:13:85:da:a4:56:4b:89:
                    2c:50:57:2f:00:3e:ba:ca:d2:33:17:ce:de:cc:2c:
                    7f:56:c1:b6:44:6a:d6:e0:a9:3d:7f:8d:65:68:6a:
                    52:dc:aa:c5:be:3f:8a:11:37:04:7f:2a:bf:3d:03:
                    3f:25:62:18:af:f6:34:f1:1c:f3:e0:31:f8:ca:5d:
                    68:90:1f:42:77:ee:55:f8:a7:33:f6:92:2d:3c:87:
                    de:0e:fd:0e:b9:6e:c5:8a:bb:24:b6:91:fe:6c:f9:
                    83:a3:93:63:a2:be:03:f6:f9:0e:9a:75:df:1d:44:
                    47:75:aa:c2:46:18:fd:71:fd:cc:ce:7e:69:82:91:
                    13:95:83:6c:fa:99:3b:8e:25:f1:05:b6:87:44:ba:
                    6d:da:ac:72:0b:ea:b1:86:8b:e8:1c:f5:a1:e2:c2:
                    b7:be:93:33:ca:27:4c:d6:fc:60:66:b9:e6:24:a3:
                    05:e2:9f:2e:e4:a4:87:96:48:29:e9:23:b8:76:ea:
                    1d:ef:33:52:64:4c:7f:85:5d:e9:4f:9f:87:af:b0:
                    d2:9e:0e:8b:9c:d8:30:b0:85:e9:fb:28:61:ef:66:
                    e9:0d:ab:40:c2:5d:46:ae:1b:6d:d7:a4:62:29:57:
                    5e:4a:3e:88:e1:73:38:64:27:a2:02:6e:2b:9b:bb:
                    63:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:AB:47:FB:C4:2F:D9:3A:F0:2E:8C:AE:FA:C4:98:AB:DD:35:B9:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/caa6be5d-5e5d-48cb-b090-492b5fcf5dc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:8b:df:56:f4:e4:a7:5b:64:6b:33:df:1e:ae:c8:d9:4f:55:
         65:23:6a:ab:bb:eb:2c:e1:59:aa:34:50:0d:38:cd:23:8f:6b:
         00:c5:f5:23:b2:3d:d3:dc:3c:30:24:dc:25:3f:2a:bd:60:a8:
         0c:c4:70:77:5e:39:16:d5:36:6b:fa:b8:6d:79:cf:fe:09:7c:
         d8:d1:d3:b9:5f:b8:f3:87:6a:4a:01:77:9b:9c:55:60:3d:ac:
         d4:53:44:b0:7c:55:0e:d0:03:01:e3:b2:62:f1:65:0e:a8:0f:
         b4:2b:af:91:88:a3:da:68:f7:73:18:2e:54:87:4d:51:fc:10:
         11:37:ab:a4:35:7c:8f:fb:64:b8:e8:11:62:c2:ff:80:13:9b:
         b6:55:bc:e0:3b:bd:3f:91:77:5c:69:1d:a8:fd:52:ab:f8:6f:
         2f:0b:0f:93:04:24:80:9d:59:e9:89:6b:43:62:24:28:a2:2a:
         1c:f9:ef:4b:9a:06:f1:df:b5:45:76:0c:fb:4d:16:b3:1e:37:
         24:ad:73:bc:e2:51:5a:3c:e1:8c:26:48:40:e9:fa:f4:f6:70:
         ce:f9:33:17:f9:f7:94:81:7e:e2:9f:73:f0:3b:b7:e4:b6:db:
         f5:5e:1a:1b:f4:31:02:03:1c:30:36:e4:45:36:e8:77:7b:c2:
         b0:23:c8:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFUmRvtPXYCr0OQVufY0CK2cxR3gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE1MDAzMjA3WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmODAwYmMwZThkYThiZTZkYTMwMDgxYjdmODcwMmE0NmIz
YWZjNWI1ZmNhMjg4Y2I3NzI3MGEzY2FjYWViODIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1YBJPMsTPE4XapFZLiSxQVy8APrrK0jMXzt7MLH9WwbZE
atbgqT1/jWVoalLcqsW+P4oRNwR/Kr89Az8lYhiv9jTxHPPgMfjKXWiQH0J37lX4
pzP2ki08h94O/Q65bsWKuyS2kf5s+YOjk2OivgP2+Q6add8dREd1qsJGGP1x/czO
fmmCkROVg2z6mTuOJfEFtodEum3arHIL6rGGi+gc9aHiwre+kzPKJ0zW/GBmueYk
owXiny7kpIeWSCnpI7h26h3vM1JkTH+FXelPn4evsNKeDouc2DCwhen7KGHvZukN
q0DCXUauG23XpGIpV15KPojhczhkJ6ICbiubu2NPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiKtH+8Qv2TrwLoyu+sSYq901ub4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhYTZiZTVkLTVlNWQtNDhjYi1iMDkwLTQ5MmI1ZmNmNWRjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjl5owDQYJKoZIhvcNAQELBQADggEBADiL31b05KdbZGsz3x6uyNlPVWUj
aqu76yzhWao0UA04zSOPawDF9SOyPdPcPDAk3CU/Kr1gqAzEcHdeORbVNmv6uG15
z/4JfNjR07lfuPOHakoBd5ucVWA9rNRTRLB8VQ7QAwHjsmLxZQ6oD7Qrr5GIo9po
93MYLlSHTVH8EBE3q6Q1fI/7ZLjoEWLC/4ATm7ZVvOA7vT+Rd1xpHaj9Uqv4by8L
D5MEJICdWemJa0NiJCiiKhz570uaBvHftUV2DPtNFrMeNyStc7ziUVo84YwmSEDp
+vT2cM75Mxf595SBfuKfc/A7t+S22/VeGhv0MQIDHDA25EU26Hd7wrAjyPI=
-----END CERTIFICATE-----