Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc59645b-efad-4950-a874-ac47ec42f4b2.roa
File:                     fc59645b-efad-4950-a874-ac47ec42f4b2.roa (raw, json)
Hash identifier:          Ir/3WX4LY7apo+VUYgo+mt+ODog7M8lFn99Vo1iELWQ=
Subject key identifier:   07:5E:9C:C7:A2:B9:6D:46:74:DC:3E:63:3E:8B:B6:91:6A:66:1D:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D5C8149779C2C207A14748BAFABC2A2A93C0B65
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc59645b-efad-4950-a874-ac47ec42f4b2.roa
Signing time:             Sat 12 Apr 2025 00:01:09 +0000
ROA not before:           Sat 12 Apr 2025 00:01:09 +0000
ROA not after:            Sat 17 May 2025 23:59:59 +0000
asID:                     701
IP address blocks:        139.56.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:5c:81:49:77:9c:2c:20:7a:14:74:8b:af:ab:c2:a2:a9:3c:0b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 12 00:01:09 2025 GMT
            Not After : May 17 23:59:59 2025 GMT
        Subject: serialNumber=893f5e6302c3e623437cb15b8676c1eb3698350b02a028f670d0caaee837c8d5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cf:e1:a4:18:0e:99:21:48:94:48:c3:3e:10:
                    88:4a:f4:2d:84:aa:ec:9f:14:05:f0:b5:df:b2:77:
                    02:76:1d:08:6c:9a:1f:86:4f:7c:13:c2:68:3a:42:
                    aa:fb:04:b3:ea:30:8b:53:40:79:7c:06:6e:ec:f7:
                    37:8f:cb:b1:5b:cc:13:ae:01:11:39:37:22:56:5e:
                    52:62:36:2c:5c:5b:e8:11:cc:f6:19:96:e7:f2:7c:
                    e0:76:65:69:1c:f6:46:b3:8e:2d:19:e6:9e:c7:c2:
                    14:61:f5:45:a2:fa:e9:be:73:51:61:90:f6:94:df:
                    32:09:5c:15:9f:3a:f6:ae:a6:e0:74:e0:db:bb:73:
                    eb:d1:cb:92:d5:32:d9:d1:57:cc:1d:1d:a4:73:f5:
                    36:71:4d:19:fa:66:5a:61:39:3b:78:89:28:fe:d5:
                    94:ba:62:45:49:c5:f5:bf:44:e0:69:f7:73:f2:53:
                    69:34:bc:4c:b8:27:07:f1:c4:e6:e6:50:90:f2:64:
                    2f:44:bb:6a:7f:aa:d1:01:a1:7e:3b:65:eb:b5:05:
                    1b:25:0b:df:c7:bc:1f:92:c7:6e:e2:7c:45:fc:54:
                    8c:3f:ad:8a:bc:ec:4b:d4:11:b6:15:8b:0d:bc:4d:
                    ba:88:3a:23:ae:06:8d:78:dc:c6:8e:0e:7b:44:b8:
                    d9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5E:9C:C7:A2:B9:6D:46:74:DC:3E:63:3E:8B:B6:91:6A:66:1D:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc59645b-efad-4950-a874-ac47ec42f4b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:73:25:2f:88:85:a5:54:62:92:6d:fb:ec:36:9e:84:e8:d5:
         3a:60:6e:c7:42:cb:57:ae:8f:3a:65:d0:c4:f6:0f:c6:08:02:
         34:3b:64:f7:64:a6:6f:ae:4d:ed:08:3b:ea:11:7f:1a:af:da:
         76:ab:e0:92:ea:82:27:2f:7b:83:4c:f0:46:b0:f5:a1:ce:48:
         35:5b:e0:00:8a:82:42:43:a1:f9:04:3e:ed:13:8f:e8:63:bb:
         bf:62:f6:b6:90:f4:6e:f8:77:41:e8:cf:f7:ef:5c:77:d9:0a:
         cd:2f:be:24:fc:d2:71:e1:f0:3d:aa:6b:f1:b9:a1:43:9f:2f:
         07:b4:fa:ff:45:ec:28:8d:54:ba:53:2e:ae:f4:6c:5f:a3:31:
         ad:d6:e3:a0:76:30:66:e9:29:ec:4b:ed:72:0d:3c:0e:e3:26:
         d7:d2:58:fd:47:7a:99:3a:a1:52:4d:dd:bd:04:e0:33:b0:a0:
         25:26:54:04:bc:e7:be:29:9a:b5:64:ad:18:c1:5d:0b:5c:63:
         be:05:a3:9f:5c:db:cf:56:7b:39:cd:4e:a1:bb:73:ee:33:43:
         6a:e2:4d:20:86:ea:e3:03:0a:25:13:93:c2:de:70:dd:c0:09:
         73:8f:c1:7c:d1:fb:b0:8d:53:ef:db:7f:14:82:d4:1f:f3:ef:
         97:5e:12:12
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXVyBSXecLCB6FHSLr6vCoqk8C2UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDEyMDAwMTA5WhcNMjUwNTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTNmNWU2MzAyYzNlNjIzNDM3Y2IxNWI4Njc2YzFlYjM2
OTgzNTBiMDJhMDI4ZjY3MGQwY2FhZWU4MzdjOGQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOz+GkGA6ZIUiUSMM+EIhK9C2EquyfFAXwtd+ydwJ2HQhs
mh+GT3wTwmg6Qqr7BLPqMItTQHl8Bm7s9zePy7FbzBOuARE5NyJWXlJiNixcW+gR
zPYZlufyfOB2ZWkc9kazji0Z5p7HwhRh9UWi+um+c1FhkPaU3zIJXBWfOvaupuB0
4Nu7c+vRy5LVMtnRV8wdHaRz9TZxTRn6ZlphOTt4iSj+1ZS6YkVJxfW/ROBp93Py
U2k0vEy4JwfxxObmUJDyZC9Eu2p/qtEBoX47Zeu1BRslC9/HvB+Sx27ifEX8VIw/
rYq87EvUEbYViw28TbqIOiOuBo143MaODntEuNm7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUB16cx6K5bUZ03D5jPou2kWpmHSgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjNTk2NDViLWVmYWQtNDk1MC1hODc0LWFjNDdlYzQyZjRiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCLODANBgkqhkiG9w0BAQsFAAOCAQEAM3MlL4iFpVRikm377DaehOjVOmBu
x0LLV66POmXQxPYPxggCNDtk92Smb65N7Qg76hF/Gq/adqvgkuqCJy97g0zwRrD1
oc5INVvgAIqCQkOh+QQ+7ROP6GO7v2L2tpD0bvh3QejP9+9cd9kKzS++JPzSceHw
Papr8bmhQ58vB7T6/0XsKI1UulMurvRsX6MxrdbjoHYwZukp7Evtcg08DuMm19JY
/Ud6mTqhUk3dvQTgM7CgJSZUBLznvimatWStGMFdC1xjvgWjn1zbz1Z7Oc1Oobtz
7jNDauJNIIbq4wMKJROTwt5w3cAJc4/BfNH7sI1T79t/FILUH/Pvl14SEg==
-----END CERTIFICATE-----