Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fddfc757-7acf-4f35-9789-c0e414f4126c.roa
File:                     fddfc757-7acf-4f35-9789-c0e414f4126c.roa (raw, json)
Hash identifier:          peqGYZZCpii/RXAk73K49+PzJRm9Xn+uDp/w6PfQxF8=
Subject key identifier:   13:40:FD:91:2D:47:80:30:72:81:5B:8A:FD:F1:C1:F0:CB:B0:70:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A87035F66C646F68C5EAE6B4A01B80DADBCABAC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fddfc757-7acf-4f35-9789-c0e414f4126c.roa
Signing time:             Tue 08 Apr 2025 00:31:17 +0000
ROA not before:           Tue 08 Apr 2025 00:31:17 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.247.224.0/19 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:87:03:5f:66:c6:46:f6:8c:5e:ae:6b:4a:01:b8:0d:ad:bc:ab:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:31:17 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=7f3403848d7ad9e297b3262c01a07ca074b2e436817070ec64ef557f66ecabb4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0b:58:47:07:fe:32:8a:31:8d:f2:21:8a:c8:
                    8c:57:75:b6:77:d8:cb:17:ec:7b:f4:a8:ab:f0:c5:
                    55:a0:06:be:c3:43:3a:2c:ff:cf:68:1c:b5:ae:4b:
                    44:ff:04:95:a2:63:6e:22:25:f3:75:70:72:d8:f5:
                    82:d2:71:3c:5b:20:19:e9:ed:87:b4:26:2f:c2:6e:
                    a0:1d:40:f7:fc:62:8b:5a:9a:56:92:17:ca:97:36:
                    20:2b:1c:28:67:36:d5:10:8e:9d:6b:b2:36:6e:ce:
                    67:d0:70:a7:f4:d0:90:24:de:f4:6b:d0:40:e9:16:
                    7f:e8:08:b5:63:0e:41:bb:b7:67:c3:5e:f4:36:66:
                    ec:f9:72:1e:ea:0f:33:f2:f6:f8:de:32:8f:28:82:
                    67:d8:35:86:08:07:df:cb:20:4f:bc:2f:25:3e:63:
                    d2:fe:81:b0:57:7e:c2:12:e9:d9:30:41:ad:ea:1d:
                    ac:c3:9d:f3:84:4e:c6:9e:4a:e3:55:c3:34:0a:7f:
                    68:f6:da:62:7b:ae:b1:19:ea:66:37:ea:fd:d9:a0:
                    76:aa:0e:8e:1f:4d:16:b9:85:49:87:58:4a:58:8d:
                    c4:41:e5:a7:aa:3b:cf:96:a3:5f:4c:03:41:4d:a5:
                    7f:8b:31:85:cf:04:1b:33:de:0d:95:2b:45:9b:9a:
                    46:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:40:FD:91:2D:47:80:30:72:81:5B:8A:FD:F1:C1:F0:CB:B0:70:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fddfc757-7acf-4f35-9789-c0e414f4126c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.247.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c0:73:6f:e2:9f:68:2d:50:3c:1c:b6:48:87:72:a0:7c:ad:4f:
         85:07:4d:a0:2e:38:4d:3f:d7:e6:7f:0c:76:73:19:d9:98:b3:
         5c:40:79:00:3b:ad:73:ce:ba:15:a9:df:58:c7:f1:dd:03:f5:
         3a:b4:96:97:22:2f:72:b2:bc:f0:08:8a:bc:f6:fb:30:3e:c2:
         5d:c1:a1:5e:5c:fc:b3:ab:b7:04:91:b1:88:db:19:9e:cc:df:
         b3:30:e9:e2:46:cb:98:1f:5a:49:0e:00:b2:13:23:68:cb:37:
         32:95:c7:4f:18:a5:a9:54:0d:0c:74:d4:e7:92:fd:54:aa:4a:
         9c:af:ad:63:5e:50:ed:3a:4c:d3:4d:0e:bd:b1:ac:12:b0:de:
         a6:17:a7:66:1e:a2:59:aa:19:73:99:74:b3:6b:fa:bb:23:bd:
         b9:cd:fe:36:c4:a8:55:6f:37:70:92:48:61:60:6f:4a:5e:a2:
         a8:82:98:e3:bc:e2:3c:83:fc:7c:53:48:80:40:0c:32:bc:07:
         79:02:32:d6:f0:b1:33:52:1a:d3:81:99:e5:00:f8:03:d7:af:
         cf:08:6f:6d:fc:4b:c3:89:ed:ad:82:53:aa:7c:e3:52:ed:8e:
         ab:c9:64:13:d6:94:b4:99:aa:e4:e2:39:d1:cc:11:c0:c6:e1:
         04:01:72:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKocDX2bGRvaMXq5rSgG4Da28q6wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAzMTE3WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjM0MDM4NDhkN2FkOWUyOTdiMzI2MmMwMWEwN2NhMDc0
YjJlNDM2ODE3MDcwZWM2NGVmNTU3ZjY2ZWNhYmI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3C1hHB/4yijGN8iGKyIxXdbZ32MsX7Hv0qKvwxVWgBr7D
Qzos/89oHLWuS0T/BJWiY24iJfN1cHLY9YLScTxbIBnp7Ye0Ji/CbqAdQPf8Yota
mlaSF8qXNiArHChnNtUQjp1rsjZuzmfQcKf00JAk3vRr0EDpFn/oCLVjDkG7t2fD
XvQ2Zuz5ch7qDzPy9vjeMo8ogmfYNYYIB9/LIE+8LyU+Y9L+gbBXfsIS6dkwQa3q
HazDnfOETsaeSuNVwzQKf2j22mJ7rrEZ6mY36v3ZoHaqDo4fTRa5hUmHWEpYjcRB
5aeqO8+Wo19MA0FNpX+LMYXPBBsz3g2VK0WbmkY7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUE0D9kS1HgDBygVuK/fHB8MuwcKowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkZGZjNzU3LTdhY2YtNGYzNS05Nzg5LWMwZTQxNGY0MTI2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVA9+AwDQYJKoZIhvcNAQELBQADggEBAMBzb+KfaC1QPBy2SIdyoHytT4UH
TaAuOE0/1+Z/DHZzGdmYs1xAeQA7rXPOuhWp31jH8d0D9Tq0lpciL3KyvPAIirz2
+zA+wl3BoV5c/LOrtwSRsYjbGZ7M37Mw6eJGy5gfWkkOALITI2jLNzKVx08YpalU
DQx01OeS/VSqSpyvrWNeUO06TNNNDr2xrBKw3qYXp2YeolmqGXOZdLNr+rsjvbnN
/jbEqFVvN3CSSGFgb0peoqiCmOO84jyD/HxTSIBADDK8B3kCMtbwsTNSGtOBmeUA
+APXr88Ib238S8OJ7a2CU6p841LtjqvJZBPWlLSZquTiOdHMEcDG4QQBciM=
-----END CERTIFICATE-----