Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d40ce859-6725-4b9d-a6c6-30915d571df2.roa
File:                     d40ce859-6725-4b9d-a6c6-30915d571df2.roa (raw, json)
Hash identifier:          g+/3/cpuIpLqMBdW2oxSAJEIr1p/Emot4u2V7mxzeq0=
Subject key identifier:   A2:35:A2:B3:D2:7F:27:C9:D4:9F:74:04:A5:C6:C7:B5:C7:7E:10:E1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29B2B6DC8C8503A8E2164A72265331F0C49C6B91
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d40ce859-6725-4b9d-a6c6-30915d571df2.roa
Signing time:             Sat 12 Apr 2025 00:21:12 +0000
ROA not before:           Sat 12 Apr 2025 00:21:12 +0000
ROA not after:            Sat 17 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.220.76.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:b2:b6:dc:8c:85:03:a8:e2:16:4a:72:26:53:31:f0:c4:9c:6b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 12 00:21:12 2025 GMT
            Not After : May 17 23:59:59 2025 GMT
        Subject: serialNumber=764acabdacdea81b020bf19282fde0935af43b1b55739ebaa35997fd45532a3a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:14:b2:d8:e6:3f:fc:d5:92:28:8d:f0:41:20:
                    2d:11:c7:0f:74:c4:94:d3:5e:1d:34:c0:58:f5:ac:
                    e8:61:af:47:94:dc:40:86:5d:be:f4:a2:68:41:c3:
                    70:79:82:6c:f5:4e:59:e9:10:47:d9:e1:8d:d8:31:
                    3e:4f:c7:ec:85:a8:bf:73:58:2a:65:e0:48:d8:21:
                    c6:b6:7b:72:24:d6:59:44:8b:96:b9:1b:df:10:87:
                    d4:6f:6b:99:fc:20:52:45:cd:78:4e:ef:81:c5:0e:
                    34:e3:bc:c1:f7:33:5b:03:e6:d9:a9:3c:5e:e7:f2:
                    51:d6:14:a2:15:86:e3:b7:fc:9a:90:6a:24:e8:04:
                    44:5c:98:00:75:af:96:28:b9:36:cd:51:f2:20:1d:
                    46:9c:ba:69:84:2b:04:7a:6f:b1:e6:58:a1:4d:dd:
                    ad:cc:3a:dc:28:fc:72:11:06:e3:da:25:45:45:dc:
                    cb:4a:54:bc:59:ba:d8:f5:2c:03:f5:01:b0:7c:08:
                    76:5d:4e:7c:e8:57:9e:94:4d:1f:2d:d9:f1:f0:e3:
                    81:2a:ba:bf:d2:64:67:4d:f2:ca:6a:0f:a6:bd:bd:
                    d7:8f:35:71:64:4a:c0:c8:13:13:de:5a:8e:50:8c:
                    34:d8:8c:36:e6:db:c1:21:3e:f6:f2:b3:8e:81:7f:
                    e3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:35:A2:B3:D2:7F:27:C9:D4:9F:74:04:A5:C6:C7:B5:C7:7E:10:E1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d40ce859-6725-4b9d-a6c6-30915d571df2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.220.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:16:34:47:42:1b:54:a5:10:ac:94:b6:88:7d:c2:71:45:dd:
         d0:ad:80:0a:20:4b:92:c9:22:7f:58:63:f6:db:21:be:6e:4a:
         bd:04:34:d0:dc:26:da:c5:ed:bf:be:60:ea:4a:0f:53:3d:ec:
         37:09:a6:cb:18:e2:18:a9:2a:34:4b:47:2d:03:b4:d8:33:de:
         43:0e:cf:ef:ed:27:62:6c:8d:13:50:82:3a:dc:02:30:80:b8:
         71:2b:81:0a:b6:6f:6f:5d:dd:8b:9e:31:cc:60:8f:a1:da:b0:
         7e:07:c3:9b:66:d9:58:12:c3:16:be:7c:b6:3f:9b:dc:17:95:
         52:8d:4c:a5:71:48:80:94:f9:62:82:04:f5:62:1f:8e:e9:01:
         c2:21:a5:4d:5b:c1:af:fe:0b:71:e5:33:05:81:0e:37:26:66:
         4e:c1:e1:d1:aa:a9:c0:87:86:ad:20:21:d5:5e:d3:eb:4b:7b:
         3d:8e:b8:fe:ae:87:53:cf:1a:15:89:f7:ed:11:8b:4b:d4:0e:
         14:9b:f4:5c:77:3e:bd:00:49:ec:42:74:e3:36:55:0d:10:21:
         88:e0:be:14:5b:26:d6:30:5f:b8:93:ca:ed:13:24:b6:dd:fd:
         6a:c5:d8:42:6c:60:b1:2e:2f:5e:a7:1f:77:d0:5c:53:26:49:
         14:c7:e0:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKbK23IyFA6jiFkpyJlMx8MSca5EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDEyMDAyMTEyWhcNMjUwNTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjRhY2FiZGFjZGVhODFiMDIwYmYxOTI4MmZkZTA5MzVh
ZjQzYjFiNTU3MzllYmFhMzU5OTdmZDQ1NTMyYTNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAFLLY5j/81ZIojfBBIC0Rxw90xJTTXh00wFj1rOhhr0eU
3ECGXb70omhBw3B5gmz1TlnpEEfZ4Y3YMT5Px+yFqL9zWCpl4EjYIca2e3Ik1llE
i5a5G98Qh9Rva5n8IFJFzXhO74HFDjTjvMH3M1sD5tmpPF7n8lHWFKIVhuO3/JqQ
aiToBERcmAB1r5YouTbNUfIgHUacummEKwR6b7HmWKFN3a3MOtwo/HIRBuPaJUVF
3MtKVLxZutj1LAP1AbB8CHZdTnzoV56UTR8t2fHw44Equr/SZGdN8spqD6a9vdeP
NXFkSsDIExPeWo5QjDTYjDbm28EhPvbys46Bf+NrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUojWis9J/J8nUn3QEpcbHtcd+EOEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0MGNlODU5LTY3MjUtNGI5ZC1hNmM2LTMwOTE1ZDU3MWRmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIs3EwwDQYJKoZIhvcNAQELBQADggEBACcWNEdCG1SlEKyUtoh9wnFF3dCt
gAogS5LJIn9YY/bbIb5uSr0ENNDcJtrF7b++YOpKD1M97DcJpssY4hipKjRLRy0D
tNgz3kMOz+/tJ2JsjRNQgjrcAjCAuHErgQq2b29d3YueMcxgj6HasH4Hw5tm2VgS
wxa+fLY/m9wXlVKNTKVxSICU+WKCBPViH47pAcIhpU1bwa/+C3HlMwWBDjcmZk7B
4dGqqcCHhq0gIdVe0+tLez2OuP6uh1PPGhWJ9+0Ri0vUDhSb9Fx3Pr0ASexCdOM2
VQ0QIYjgvhRbJtYwX7iTyu0TJLbd/WrF2EJsYLEuL16nH3fQXFMmSRTH4Cw=
-----END CERTIFICATE-----