Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db463fe4-9f42-45f1-9854-14a5c2057405.roa
File:                     db463fe4-9f42-45f1-9854-14a5c2057405.roa (raw, json)
Hash identifier:          lB/Al39r0JvTxGL+YxW5aVOsWx5jTUIpWgFAKXTGmhw=
Subject key identifier:   FC:DD:63:54:B9:51:40:51:10:D1:1B:45:90:76:55:9A:3B:72:68:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FF09EF940595308A3AFB15077116F8E33E26ECC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db463fe4-9f42-45f1-9854-14a5c2057405.roa
Signing time:             Wed 02 Apr 2025 00:00:29 +0000
ROA not before:           Wed 02 Apr 2025 00:00:29 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        146.167.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f0:9e:f9:40:59:53:08:a3:af:b1:50:77:11:6f:8e:33:e2:6e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  2 00:00:29 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: serialNumber=6e3288b5d04f4f95950be6dbadfcac5812d4eb3f279e301052f47423e54f6bf2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:53:35:b1:4a:fe:22:ac:89:bb:4e:57:9e:d5:
                    9a:c7:de:38:35:be:04:6b:9c:c3:b5:15:5e:ac:ec:
                    74:fa:1b:95:64:f4:f1:ef:f3:29:67:d0:33:8f:31:
                    89:6c:df:49:0c:ef:cd:5d:0f:6b:3c:fc:4c:ce:06:
                    20:84:45:2e:6a:3d:07:1f:c1:0f:f9:40:d2:d1:c8:
                    37:c7:57:91:0d:f8:a6:33:67:a6:fc:f3:18:12:03:
                    5d:ef:da:99:c3:5a:d3:47:71:31:58:61:eb:92:b1:
                    81:40:97:d9:a2:e2:ae:9b:21:dd:ea:49:32:d9:6e:
                    68:64:94:25:87:c4:b6:cf:7a:83:1a:31:b8:6d:21:
                    37:ca:d6:2d:60:8c:0d:99:d1:8e:76:8b:31:16:62:
                    cb:07:62:b4:05:9b:e9:c9:59:e7:cf:9e:a1:14:fd:
                    e3:95:01:2b:99:65:d3:bd:e6:22:6e:09:e3:94:f0:
                    80:e6:89:35:4a:c9:7a:e5:ce:75:1b:a8:d9:8c:96:
                    42:7c:1a:27:b4:27:09:d2:a9:3f:46:68:87:a2:8a:
                    1a:09:59:fb:70:b5:f4:ab:d0:b9:22:ba:65:a1:97:
                    fc:ea:ee:62:31:d3:25:b0:d0:e9:7e:1f:84:44:ea:
                    e2:f3:83:64:5d:8b:77:de:2e:88:a7:84:da:41:53:
                    d7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DD:63:54:B9:51:40:51:10:D1:1B:45:90:76:55:9A:3B:72:68:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db463fe4-9f42-45f1-9854-14a5c2057405.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.167.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d0:2c:a4:8b:de:de:f8:e0:1a:0b:a3:22:b4:20:57:1e:37:84:
         5f:35:f5:ee:53:a7:f7:43:a3:0e:cc:cb:0a:f2:4d:d3:c7:70:
         f6:0d:97:cb:ac:d4:f4:00:da:5e:6f:46:ec:92:52:53:9d:78:
         b8:a5:57:a5:46:eb:8d:60:df:80:49:e9:cd:c6:de:d4:03:aa:
         9e:ca:5f:c7:f4:09:20:60:0f:1e:56:44:0c:e7:be:af:0d:d3:
         63:30:2c:40:42:6c:ad:a5:f0:3c:ae:63:42:e4:06:3c:cf:af:
         b7:27:a2:23:2e:a6:2b:54:72:cb:0b:38:cd:57:54:1b:49:7f:
         4b:02:8e:82:ce:b0:ab:74:91:5b:38:81:a0:c7:4d:18:0b:4b:
         fd:c6:4d:a0:a5:82:46:62:e5:3c:e6:a2:8d:1b:97:2e:d8:0e:
         e2:79:97:49:71:1f:9b:07:53:bb:82:15:86:fc:a0:1c:4a:8e:
         40:43:10:db:c2:97:77:e7:b2:b5:13:95:2d:ff:95:da:07:1c:
         63:e7:9a:cc:b8:df:65:f2:80:01:81:ee:d9:3e:ce:b0:7f:a9:
         79:90:38:d4:3f:54:87:19:f8:e7:41:09:2a:1c:13:f7:2f:56:
         eb:20:91:c5:49:ab:ef:63:87:2b:ff:f6:eb:4e:17:77:5f:d8:
         74:95:ad:cf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP/Ce+UBZUwijr7FQdxFvjjPibswwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAyMDAwMDI5WhcNMjUwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTMyODhiNWQwNGY0Zjk1OTUwYmU2ZGJhZGZjYWM1ODEy
ZDRlYjNmMjc5ZTMwMTA1MmY0NzQyM2U1NGY2YmYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuUzWxSv4irIm7Tlee1ZrH3jg1vgRrnMO1FV6s7HT6G5Vk
9PHv8yln0DOPMYls30kM781dD2s8/EzOBiCERS5qPQcfwQ/5QNLRyDfHV5EN+KYz
Z6b88xgSA13v2pnDWtNHcTFYYeuSsYFAl9mi4q6bId3qSTLZbmhklCWHxLbPeoMa
MbhtITfK1i1gjA2Z0Y52izEWYssHYrQFm+nJWefPnqEU/eOVASuZZdO95iJuCeOU
8IDmiTVKyXrlznUbqNmMlkJ8Gie0JwnSqT9GaIeiihoJWftwtfSr0LkiumWhl/zq
7mIx0yWw0Ol+H4RE6uLzg2Rdi3feLoinhNpBU9dZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/N1jVLlRQFEQ0RtFkHZVmjtyaFgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiNDYzZmU0LTlmNDItNDVmMS05ODU0LTE0YTVjMjA1NzQwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSpzANBgkqhkiG9w0BAQsFAAOCAQEA0Cyki97e+OAaC6MitCBXHjeEXzX1
7lOn90OjDszLCvJN08dw9g2Xy6zU9ADaXm9G7JJSU514uKVXpUbrjWDfgEnpzcbe
1AOqnspfx/QJIGAPHlZEDOe+rw3TYzAsQEJsraXwPK5jQuQGPM+vtyeiIy6mK1Ry
yws4zVdUG0l/SwKOgs6wq3SRWziBoMdNGAtL/cZNoKWCRmLlPOaijRuXLtgO4nmX
SXEfmwdTu4IVhvygHEqOQEMQ28KXd+eytROVLf+V2gccY+eazLjfZfKAAYHu2T7O
sH+peZA41D9Uhxn450EJKhwT9y9W6yCRxUmr72OHK//2604Xd1/YdJWtzw==
-----END CERTIFICATE-----