Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0a6e2e2-64ef-45e6-b6a8-9a5830ee2ade.roa
File:                     f0a6e2e2-64ef-45e6-b6a8-9a5830ee2ade.roa (raw, json)
Hash identifier:          Do2MMCG2NcFkxNBvnYjE16nNC3Ssw2KLrpU62ncD2mA=
Subject key identifier:   A6:F5:8C:25:16:AD:E1:9A:A1:16:ED:8F:A5:53:C5:23:66:2A:D6:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3115CD686DB6B7FE43DD01F046F2FD575C691960
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0a6e2e2-64ef-45e6-b6a8-9a5830ee2ade.roa
Signing time:             Tue 01 Apr 2025 00:10:21 +0000
ROA not before:           Tue 01 Apr 2025 00:10:21 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.36.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:15:cd:68:6d:b6:b7:fe:43:dd:01:f0:46:f2:fd:57:5c:69:19:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  1 00:10:21 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: serialNumber=df630ff2012313cbab5daff5c4c7c50292a06c74e8df001f4a937af8484e06f7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d0:a3:65:ac:f2:b7:ee:3d:66:bf:90:44:52:
                    aa:f8:f1:7b:41:e0:46:4c:58:e2:ef:58:4e:54:45:
                    74:48:b0:17:8d:fb:d7:6e:42:92:6f:44:c6:bb:e7:
                    68:9e:6d:76:46:67:cf:4a:2a:e3:5e:89:46:38:b0:
                    ed:c2:d9:be:1e:93:8c:5a:81:97:b9:d4:b8:41:79:
                    bf:75:a7:ed:7c:55:57:f3:c2:c8:34:10:0a:70:ad:
                    ad:06:79:93:21:8f:e3:6a:ef:4d:e9:2b:fe:5b:65:
                    b9:db:ad:ca:60:63:89:26:28:db:fe:66:44:c5:f4:
                    e2:0e:74:ae:b3:9a:a9:db:b2:e4:7c:70:63:1a:f1:
                    5a:63:af:f0:a9:02:51:a9:20:e2:7a:33:ce:7c:20:
                    5a:1e:77:4e:fd:1a:24:c8:74:56:87:e2:4a:13:fa:
                    ea:64:78:0f:a8:3d:41:3d:0b:bd:30:e5:f1:b4:28:
                    a1:fa:b7:da:38:ec:21:6d:47:60:0f:3d:a6:b1:08:
                    02:6b:c3:17:59:11:f7:48:8a:af:b5:d7:9a:23:3f:
                    b5:93:da:88:69:cb:f0:00:47:06:7a:3f:fb:f8:bd:
                    6f:e5:4a:1a:6f:d1:3d:d7:54:f7:dd:e1:ec:a7:fa:
                    de:6c:6f:a1:2c:9b:0c:82:21:ed:52:04:5a:f6:95:
                    aa:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F5:8C:25:16:AD:E1:9A:A1:16:ED:8F:A5:53:C5:23:66:2A:D6:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0a6e2e2-64ef-45e6-b6a8-9a5830ee2ade.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.36.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:c5:2e:a7:3f:97:e7:a7:c2:84:fc:bb:dc:d2:7d:fd:78:4f:
         f7:3f:a7:72:a3:e7:47:01:7c:5d:20:5d:cb:c2:2f:42:1c:48:
         84:7e:44:2d:24:15:35:b5:73:27:8a:75:e4:f5:c1:4d:81:92:
         2a:92:f3:85:85:e1:32:5c:8e:b9:5d:5b:54:e5:ee:46:94:c0:
         78:f8:22:69:37:40:24:f7:dc:11:37:35:d2:6f:43:ec:fd:04:
         01:2c:fb:f6:31:28:6b:03:44:9d:c5:f1:a5:e4:7b:89:1b:80:
         99:97:c6:15:ff:6c:bd:5b:dc:96:19:a4:b2:4d:09:ff:e3:60:
         d3:ac:8f:c8:5e:6a:35:77:9c:45:8c:db:d5:99:f5:0c:5e:96:
         2e:90:53:ff:22:14:46:b8:61:f4:b6:5c:04:e6:a5:84:0d:61:
         c3:06:9d:bb:e2:3c:21:e6:6b:1f:33:a9:16:9c:b1:57:a4:40:
         27:08:91:71:b6:49:73:d5:80:01:ae:4b:8a:d8:46:91:d4:f6:
         f0:04:a2:af:5e:54:84:37:53:d2:80:c0:c7:31:e1:02:03:0c:
         b0:d3:ca:bc:51:fd:c1:ae:3f:b1:0f:24:2b:72:d4:0b:74:80:
         ce:d2:25:5e:01:d1:0c:a9:a7:82:f4:ca:25:4e:cf:03:7c:d5:
         54:bc:99:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMRXNaG22t/5D3QHwRvL9V1xpGWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAxMDAxMDIxWhcNMjUwNTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjYzMGZmMjAxMjMxM2NiYWI1ZGFmZjVjNGM3YzUwMjky
YTA2Yzc0ZThkZjAwMWY0YTkzN2FmODQ4NGUwNmY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy0KNlrPK37j1mv5BEUqr48XtB4EZMWOLvWE5URXRIsBeN
+9duQpJvRMa752iebXZGZ89KKuNeiUY4sO3C2b4ek4xagZe51LhBeb91p+18VVfz
wsg0EApwra0GeZMhj+Nq703pK/5bZbnbrcpgY4kmKNv+ZkTF9OIOdK6zmqnbsuR8
cGMa8Vpjr/CpAlGpIOJ6M858IFoed079GiTIdFaH4koT+upkeA+oPUE9C70w5fG0
KKH6t9o47CFtR2APPaaxCAJrwxdZEfdIiq+115ojP7WT2ohpy/AARwZ6P/v4vW/l
Shpv0T3XVPfd4eyn+t5sb6EsmwyCIe1SBFr2laphAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpvWMJRat4ZqhFu2PpVPFI2Yq1g0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YwYTZlMmUyLTY0ZWYtNDVlNi1iNmE4LTlhNTgzMGVlMmFkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjJDANBgkqhkiG9w0BAQsFAAOCAQEAQ8Uupz+X56fChPy73NJ9/XhP9z+n
cqPnRwF8XSBdy8IvQhxIhH5ELSQVNbVzJ4p15PXBTYGSKpLzhYXhMlyOuV1bVOXu
RpTAePgiaTdAJPfcETc10m9D7P0EASz79jEoawNEncXxpeR7iRuAmZfGFf9svVvc
lhmksk0J/+Ng06yPyF5qNXecRYzb1Zn1DF6WLpBT/yIURrhh9LZcBOalhA1hwwad
u+I8IeZrHzOpFpyxV6RAJwiRcbZJc9WAAa5LithGkdT28ASir15UhDdT0oDAxzHh
AgMMsNPKvFH9wa4/sQ8kK3LUC3SAztIlXgHRDKmngvTKJU7PA3zVVLyZpw==
-----END CERTIFICATE-----