Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f26a96cd-95c9-4c5e-9d0c-fb439302a52a.roa
File:                     f26a96cd-95c9-4c5e-9d0c-fb439302a52a.roa (raw, json)
Hash identifier:          KppuEmTnP5a6XLXm7B1K9I+c92Tv0QomqzkjSBjrAiA=
Subject key identifier:   1D:93:CD:D5:C8:93:8B:DB:37:48:A6:87:FF:C5:9B:E1:19:9B:03:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F49DB7E12A30242B21F61E160EFBF0F66B55851
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f26a96cd-95c9-4c5e-9d0c-fb439302a52a.roa
Signing time:             Mon 31 Mar 2025 15:31:50 +0000
ROA not before:           Mon 31 Mar 2025 15:31:50 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.210.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:49:db:7e:12:a3:02:42:b2:1f:61:e1:60:ef:bf:0f:66:b5:58:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 15:31:50 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=9cf2a28eb2a15b866fb2fc04e567e21c8ea00bc15212394eb8ca139da6540fad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:73:0b:33:06:87:d8:ab:2c:e8:2d:5c:00:
                    63:93:61:0e:a6:e5:b6:34:5c:49:3b:cf:fb:87:69:
                    06:f0:58:c8:bc:96:dd:e4:b3:c1:e3:48:28:d6:83:
                    38:f3:f5:0b:78:5b:f1:36:99:03:8c:f3:f2:79:8a:
                    16:9f:05:37:bf:e9:d6:78:02:23:1a:aa:4e:27:04:
                    0d:fd:ca:cf:26:89:e3:b8:e3:4a:73:81:42:f8:04:
                    b5:70:a1:de:0d:1b:da:b3:69:c8:2b:92:8a:43:cc:
                    6e:92:24:f3:8c:7e:15:e3:17:11:01:1c:22:14:13:
                    9b:aa:6d:29:73:8e:e0:07:69:92:72:d3:31:e1:bc:
                    73:28:39:8d:23:f6:8f:8e:c2:d9:b2:19:76:44:15:
                    ac:3c:6b:ca:ac:fb:d2:60:96:2f:14:94:8d:a4:31:
                    53:57:e2:d4:41:48:b5:93:ef:fa:6d:70:83:8e:c2:
                    68:db:34:4d:9b:e7:64:7a:af:96:aa:22:86:26:ec:
                    65:c8:ab:50:cc:42:04:9f:a5:61:2d:df:76:b7:df:
                    cd:d0:4c:a0:8b:0b:1d:99:d5:4e:8e:26:10:ac:9e:
                    f3:19:d2:73:0e:f9:54:ed:0a:1e:62:58:ac:ac:38:
                    63:0e:f9:60:48:e6:cb:25:2b:22:d4:7e:c9:92:4e:
                    c8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:93:CD:D5:C8:93:8B:DB:37:48:A6:87:FF:C5:9B:E1:19:9B:03:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f26a96cd-95c9-4c5e-9d0c-fb439302a52a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:09:11:7e:7b:fc:a0:f0:0a:90:78:f4:03:9e:38:c1:74:c8:
         5f:ac:9b:6d:cf:0f:aa:87:5f:26:a3:56:ac:2d:7a:ba:80:ba:
         9b:b7:34:08:76:fa:8f:1f:cd:6b:0e:f3:dd:78:7a:02:98:d2:
         6f:27:02:24:2b:61:1f:db:e6:47:13:93:52:1b:6c:b3:44:57:
         60:47:99:fb:cb:f2:32:71:cf:6c:ee:7c:f9:8b:6d:c0:b5:8c:
         10:6c:5d:0c:6d:31:47:40:2c:64:3e:ed:53:22:88:e1:70:53:
         30:08:fe:46:bd:4c:9f:00:cc:4c:0a:12:4b:ac:69:b4:60:73:
         a2:04:35:06:f9:71:40:6b:10:63:01:b2:0a:2a:c5:77:78:84:
         5a:b5:2b:27:f2:c2:5c:50:86:d4:7c:0e:fc:4a:a0:1b:1a:26:
         11:0d:c6:20:1a:9e:88:aa:49:fe:91:20:8a:dc:4b:b4:15:3d:
         08:69:f2:f2:a0:83:08:f0:e7:4d:0f:ec:e1:61:87:98:a7:ad:
         a7:3c:23:ca:f4:fa:68:2f:8b:12:a6:f6:5a:0c:b6:c7:11:0d:
         28:bb:f6:e1:a8:8e:d8:ae:d9:de:e4:4f:70:23:7a:a5:5f:e6:
         f1:78:58:56:f8:2a:aa:72:aa:f7:49:c8:63:8e:bc:b4:62:1e:
         b1:61:88:24
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP0nbfhKjAkKyH2HhYO+/D2a1WFEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTUzMTUwWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2YyYTI4ZWIyYTE1Yjg2NmZiMmZjMDRlNTY3ZTIxYzhl
YTAwYmMxNTIxMjM5NGViOGNhMTM5ZGE2NTQwZmFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCX+HMLMwaH2Kss6C1cAGOTYQ6m5bY0XEk7z/uHaQbwWMi8
lt3ks8HjSCjWgzjz9Qt4W/E2mQOM8/J5ihafBTe/6dZ4AiMaqk4nBA39ys8mieO4
40pzgUL4BLVwod4NG9qzacgrkopDzG6SJPOMfhXjFxEBHCIUE5uqbSlzjuAHaZJy
0zHhvHMoOY0j9o+OwtmyGXZEFaw8a8qs+9Jgli8UlI2kMVNX4tRBSLWT7/ptcIOO
wmjbNE2b52R6r5aqIoYm7GXIq1DMQgSfpWEt33a3383QTKCLCx2Z1U6OJhCsnvMZ
0nMO+VTtCh5iWKysOGMO+WBI5sslKyLUfsmSTsipAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHZPN1ciTi9s3SKaH/8Wb4RmbAy4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyNmE5NmNkLTk1YzktNGM1ZS05ZDBjLWZiNDM5MzAyYTUyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo0jANBgkqhkiG9w0BAQsFAAOCAQEAowkRfnv8oPAKkHj0A544wXTIX6yb
bc8PqodfJqNWrC16uoC6m7c0CHb6jx/Naw7z3Xh6ApjSbycCJCthH9vmRxOTUhts
s0RXYEeZ+8vyMnHPbO58+YttwLWMEGxdDG0xR0AsZD7tUyKI4XBTMAj+Rr1MnwDM
TAoSS6xptGBzogQ1BvlxQGsQYwGyCirFd3iEWrUrJ/LCXFCG1HwO/EqgGxomEQ3G
IBqeiKpJ/pEgitxLtBU9CGny8qCDCPDnTQ/s4WGHmKetpzwjyvT6aC+LEqb2Wgy2
xxENKLv24aiO2K7Z3uRPcCN6pV/m8XhYVvgqqnKq90nIY468tGIesWGIJA==
-----END CERTIFICATE-----