Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d46be950-bc4a-4992-b4bf-926ccaf04be0.roa
File:                     d46be950-bc4a-4992-b4bf-926ccaf04be0.roa (raw, json)
Hash identifier:          xgoxl9DFq19sPH35vn8BZjvotoqfVkPC2YMNORUnOYA=
Subject key identifier:   9B:B9:D1:4E:31:D8:F2:5A:8F:1B:A1:52:78:01:F3:E0:EE:94:1A:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5FA6F6D2DABA333FFD8959B541210DFF7DD5660E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d46be950-bc4a-4992-b4bf-926ccaf04be0.roa
Signing time:             Mon 31 Mar 2025 16:00:46 +0000
ROA not before:           Mon 31 Mar 2025 16:00:46 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.3.32.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a6:f6:d2:da:ba:33:3f:fd:89:59:b5:41:21:0d:ff:7d:d5:66:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 16:00:46 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=4f996abc25b114955438f1a2dcc0a126593563672ce2c220c50b56ba434bb5d0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2d:af:ee:ee:2b:bf:1d:56:8a:c7:6c:bd:96:
                    0b:0a:fa:5d:de:3e:22:a2:63:fe:8a:6f:92:e0:4e:
                    02:e0:ff:79:46:d7:63:87:0e:b4:9d:66:4b:4d:fe:
                    ca:48:09:57:65:64:db:de:f9:19:3f:63:03:73:4d:
                    da:33:09:3c:a1:8f:ef:4d:de:82:c5:45:69:99:ed:
                    e4:69:7b:80:55:a8:8d:1a:52:23:12:f7:b8:7d:d0:
                    11:88:81:62:90:e9:e9:ba:1d:16:1b:0b:e0:b8:db:
                    b5:d2:21:62:35:89:2b:8f:7c:20:bb:6f:ca:5d:98:
                    c2:16:25:01:6a:74:dc:53:4f:19:35:32:5e:7e:3d:
                    50:39:32:f2:a7:cd:5b:1e:7d:a2:bc:85:38:20:ce:
                    a1:d6:a6:86:e4:e0:94:56:98:be:1c:3a:57:e3:15:
                    a0:ac:bd:72:40:30:ea:9c:6e:20:8d:6b:4d:45:08:
                    5e:13:50:b6:15:ff:47:62:7e:29:a1:10:99:f5:0d:
                    e1:dc:46:83:27:0f:c0:dc:44:fa:54:4b:d0:15:c2:
                    cf:1b:64:e2:08:7a:d4:fd:aa:bf:8a:cb:b3:25:4b:
                    52:4a:e3:14:34:1a:8f:c9:f7:d9:8a:db:cc:35:c4:
                    e2:38:a4:c0:65:d1:fe:73:d3:99:a5:1f:73:69:bc:
                    03:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B9:D1:4E:31:D8:F2:5A:8F:1B:A1:52:78:01:F3:E0:EE:94:1A:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d46be950-bc4a-4992-b4bf-926ccaf04be0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.3.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c2:3c:75:ac:87:b0:ac:de:93:ea:72:4b:84:5e:94:aa:e7:4d:
         cc:00:35:25:8e:1f:7a:d7:e7:69:87:39:c4:a7:69:43:d6:c1:
         a6:5c:f4:d5:7b:38:a3:5f:a2:e6:59:38:4a:e1:61:36:b0:19:
         6f:1b:fd:85:ca:38:a5:23:e4:3f:ff:3e:7b:5c:fc:78:be:f1:
         50:5d:f9:c5:bb:4c:2b:42:e2:1f:db:7a:a7:0e:87:ba:a6:f3:
         aa:1f:7f:56:68:f3:4b:15:05:e3:48:0d:af:48:4f:1f:54:88:
         3b:60:8a:42:16:6d:7c:db:7a:cb:b9:bb:48:54:84:1e:62:a6:
         73:13:d9:0e:98:99:3b:4c:01:38:db:88:6e:93:b1:88:a4:32:
         1a:ed:55:f6:0c:db:52:66:57:ec:ed:1a:65:ed:e0:2c:52:b6:
         e0:e8:46:8b:7d:6f:8b:b6:e4:6c:2f:e7:99:2d:af:4f:f1:9a:
         18:27:e8:4a:70:59:ef:d9:ef:2b:a6:ad:29:4a:83:1c:36:1f:
         89:71:d8:39:84:fe:f8:35:60:bf:b3:7b:92:5a:4f:7e:b2:cc:
         22:fe:c3:e4:07:e9:a6:b8:a3:79:71:c9:e8:0c:78:79:9f:63:
         b8:4b:bf:f7:71:f0:bb:96:d7:aa:08:90:1d:fe:aa:db:c6:66:
         f2:6b:8a:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX6b20tq6Mz/9iVm1QSEN/33VZg4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTYwMDQ2WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Zjk5NmFiYzI1YjExNDk1NTQzOGYxYTJkY2MwYTEyNjU5
MzU2MzY3MmNlMmMyMjBjNTBiNTZiYTQzNGJiNWQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmLa/u7iu/HVaKx2y9lgsK+l3ePiKiY/6Kb5LgTgLg/3lG
12OHDrSdZktN/spICVdlZNve+Rk/YwNzTdozCTyhj+9N3oLFRWmZ7eRpe4BVqI0a
UiMS97h90BGIgWKQ6em6HRYbC+C427XSIWI1iSuPfCC7b8pdmMIWJQFqdNxTTxk1
Ml5+PVA5MvKnzVsefaK8hTggzqHWpobk4JRWmL4cOlfjFaCsvXJAMOqcbiCNa01F
CF4TULYV/0difimhEJn1DeHcRoMnD8DcRPpUS9AVws8bZOIIetT9qr+Ky7MlS1JK
4xQ0Go/J99mK28w1xOI4pMBl0f5z05mlH3NpvAOBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm7nRTjHY8lqPG6FSeAHz4O6UGnAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0NmJlOTUwLWJjNGEtNDk5Mi1iNGJmLTkyNmNjYWYwNGJlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVLAyAwDQYJKoZIhvcNAQELBQADggEBAMI8dayHsKzek+pyS4RelKrnTcwA
NSWOH3rX52mHOcSnaUPWwaZc9NV7OKNfouZZOErhYTawGW8b/YXKOKUj5D//Pntc
/Hi+8VBd+cW7TCtC4h/beqcOh7qm86off1Zo80sVBeNIDa9ITx9UiDtgikIWbXzb
esu5u0hUhB5ipnMT2Q6YmTtMATjbiG6TsYikMhrtVfYM21JmV+ztGmXt4CxStuDo
Rot9b4u25Gwv55ktr0/xmhgn6EpwWe/Z7yumrSlKgxw2H4lx2DmE/vg1YL+ze5Ja
T36yzCL+w+QH6aa4o3lxyegMeHmfY7hLv/dx8LuW16oIkB3+qtvGZvJrijE=
-----END CERTIFICATE-----