Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11efc78f-00de-42b6-b52c-218adf4f6cc9.roa
File:                     11efc78f-00de-42b6-b52c-218adf4f6cc9.roa (raw, json)
Hash identifier:          IJ4oJng5a9aqIGFCKYUn0njVcUkonu87xWKyhaViYpI=
Subject key identifier:   AD:29:61:9D:32:3D:3C:7D:E1:38:D9:30:B7:79:71:C6:9D:8B:54:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14A9F5CF321508A8B1EA63860386F3F680A2299D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11efc78f-00de-42b6-b52c-218adf4f6cc9.roa
Signing time:             Fri 21 Mar 2025 00:41:37 +0000
ROA not before:           Fri 21 Mar 2025 00:41:37 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.64.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:a9:f5:cf:32:15:08:a8:b1:ea:63:86:03:86:f3:f6:80:a2:29:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:41:37 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a6:a7:88:f0:3d:22:aa:8c:f1:3e:5c:56:33:
                    cc:9b:60:32:eb:a4:0f:79:cc:a2:a7:59:c6:a9:c0:
                    7a:b4:74:d0:2a:d4:dc:38:47:fd:5d:02:17:d1:cd:
                    20:92:3e:2f:c7:ea:d7:3b:de:54:d6:b4:28:44:05:
                    3d:cb:37:87:ed:f0:51:b4:df:6e:e7:07:35:d9:e7:
                    9d:c3:05:9d:7f:5d:f7:08:92:c6:60:71:0c:a3:1d:
                    60:44:64:a0:e2:53:75:b1:95:53:02:0f:bc:d2:7f:
                    25:28:ab:75:ab:00:d2:fc:34:a2:a8:18:01:8d:68:
                    0e:1d:d5:1b:9c:e5:e9:af:4f:56:ff:20:b2:f5:95:
                    0b:a1:80:e2:b8:6a:76:f7:d3:11:64:88:b2:3c:4e:
                    d5:39:64:1a:17:3e:06:43:ca:79:b0:27:99:30:b2:
                    1d:52:10:a5:f0:ce:a2:82:85:e0:e9:1b:4b:ea:0c:
                    4b:31:9e:3e:0a:e2:70:08:75:88:49:00:03:f1:3c:
                    94:33:28:e7:f3:aa:5b:95:04:0e:e2:5a:05:42:b2:
                    9d:88:de:2b:39:89:23:36:44:70:af:9c:14:f4:e3:
                    c8:f4:65:98:f9:a1:aa:08:20:79:06:65:9f:bf:c0:
                    1a:ef:ae:a5:9d:41:69:c2:38:c7:89:1e:6a:26:f4:
                    b4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:29:61:9D:32:3D:3C:7D:E1:38:D9:30:B7:79:71:C6:9D:8B:54:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11efc78f-00de-42b6-b52c-218adf4f6cc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:94:95:09:50:47:23:16:82:d9:8c:91:1a:da:5a:de:e3:d9:
         08:25:9e:58:05:05:97:40:02:43:74:4d:e1:de:c6:68:5f:e7:
         79:9a:73:ba:16:f8:df:d5:d9:d1:83:90:74:56:5d:6f:42:47:
         2b:8b:cc:73:98:71:b1:23:d0:8f:12:f1:bb:fe:ad:fe:29:d7:
         fe:4a:13:a9:a6:7a:c9:2b:49:c8:d9:a3:dd:b0:4e:8b:e7:a9:
         bd:dc:51:9e:47:77:df:d4:86:9d:02:8b:55:2c:d9:fe:8d:6d:
         b0:26:1a:b0:27:2b:db:15:92:58:86:aa:48:78:2d:9a:7c:64:
         b6:20:62:17:cb:7b:00:90:4f:a3:d3:4b:73:48:a0:60:82:bf:
         f6:1a:76:7b:e2:8f:5b:88:f1:7e:6c:a1:d4:8a:2b:30:50:bb:
         34:06:e3:4e:ef:f1:39:1e:dc:0c:71:00:82:c3:60:7c:2b:f0:
         8e:06:47:fa:ff:9e:03:27:13:ea:87:07:b3:c5:d3:2d:f0:01:
         af:18:f5:44:71:90:b4:26:e3:c0:31:ea:84:bc:9c:26:62:dc:
         64:53:27:25:6f:4b:66:09:10:55:dd:9d:46:93:3b:12:d5:c2:
         ed:95:be:02:a3:f5:bd:e4:ef:bd:87:de:f2:87:75:92:a3:5c:
         2d:86:b1:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFKn1zzIVCKix6mOGA4bz9oCiKZ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDA0MTM3WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMDY5N2ZiMTM1MGUxMWQ2ODhmNDU2Mzg4MWU2NjJmZjQ3
NWMyNjllMjY4MWE1NzViM2ZkZGI5NGQ3MDVkZTFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQpqeI8D0iqozxPlxWM8ybYDLrpA95zKKnWcapwHq0dNAq
1Nw4R/1dAhfRzSCSPi/H6tc73lTWtChEBT3LN4ft8FG0327nBzXZ553DBZ1/XfcI
ksZgcQyjHWBEZKDiU3WxlVMCD7zSfyUoq3WrANL8NKKoGAGNaA4d1Ruc5emvT1b/
ILL1lQuhgOK4anb30xFkiLI8TtU5ZBoXPgZDynmwJ5kwsh1SEKXwzqKCheDpG0vq
DEsxnj4K4nAIdYhJAAPxPJQzKOfzqluVBA7iWgVCsp2I3is5iSM2RHCvnBT048j0
ZZj5oaoIIHkGZZ+/wBrvrqWdQWnCOMeJHmom9LQbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrSlhnTI9PH3hONkwt3lxxp2LVAgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExZWZjNzhmLTAwZGUtNDJiNi1iNTJjLTIxOGFkZjRmNmNjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl0AwDQYJKoZIhvcNAQELBQADggEBABWUlQlQRyMWgtmMkRraWt7j2Qgl
nlgFBZdAAkN0TeHexmhf53mac7oW+N/V2dGDkHRWXW9CRyuLzHOYcbEj0I8S8bv+
rf4p1/5KE6mmeskrScjZo92wTovnqb3cUZ5Hd9/Uhp0Ci1Us2f6NbbAmGrAnK9sV
kliGqkh4LZp8ZLYgYhfLewCQT6PTS3NIoGCCv/Yadnvij1uI8X5sodSKKzBQuzQG
407v8Tke3AxxAILDYHwr8I4GR/r/ngMnE+qHB7PF0y3wAa8Y9URxkLQm48Ax6oS8
nCZi3GRTJyVvS2YJEFXdnUaTOxLVwu2VvgKj9b3k772H3vKHdZKjXC2GsSw=
-----END CERTIFICATE-----