Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1505dba2-f5d8-4cfa-892e-d67f9fff862f.roa
File:                     1505dba2-f5d8-4cfa-892e-d67f9fff862f.roa (raw, json)
Hash identifier:          kD2GSWthsyjpg/W2dkh9E6oXx4emAk6GSMbwfL2BdDI=
Subject key identifier:   AD:D3:2B:6C:D6:8C:33:39:64:2E:E4:F8:EE:72:4A:38:FF:88:56:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E17746606FF44E27097EA62CBC095E7071AEA53
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1505dba2-f5d8-4cfa-892e-d67f9fff862f.roa
Signing time:             Sat 15 Mar 2025 00:50:45 +0000
ROA not before:           Sat 15 Mar 2025 00:50:45 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.250.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:17:74:66:06:ff:44:e2:70:97:ea:62:cb:c0:95:e7:07:1a:ea:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 15 00:50:45 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:8d:ba:be:84:d3:6e:12:98:05:b8:c1:38:da:
                    30:2c:13:a4:ee:fc:fa:52:82:b1:21:8f:d3:a8:93:
                    6d:3f:5f:b6:6f:b8:7c:1e:47:03:6d:88:f4:2c:7c:
                    bf:4f:df:07:32:87:4d:63:c4:78:c8:11:b6:04:d3:
                    b7:df:fc:df:5e:71:93:dc:82:5b:3c:b5:0d:c0:8a:
                    e9:29:4c:98:a3:bb:7f:4f:5a:48:21:97:c6:7f:38:
                    62:b5:27:1e:66:1f:e6:07:0b:ab:6d:49:ab:3b:99:
                    12:37:72:4d:54:4c:34:c2:23:26:cb:9f:29:f1:a2:
                    b9:1d:79:70:b9:9a:62:89:57:e3:58:53:4e:b0:84:
                    e5:5f:bb:78:cf:c3:80:3a:3b:72:dc:03:8d:26:a7:
                    b7:91:28:28:72:63:9b:da:90:16:aa:65:67:b6:45:
                    5f:e0:68:05:e3:1e:21:ce:3e:5f:30:e0:42:f7:8a:
                    fd:cd:41:e8:1e:92:c9:47:ee:a5:1a:de:43:35:e9:
                    fd:7c:56:cd:93:ae:c0:2d:ed:40:d1:e6:66:12:98:
                    11:26:f4:05:24:38:dd:52:f7:a8:0e:f2:5b:e9:0c:
                    62:1c:28:9e:11:e5:dd:98:53:f1:85:a7:96:1e:3d:
                    71:1c:d1:d0:01:4a:ad:16:08:8f:ca:88:a0:eb:98:
                    1e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D3:2B:6C:D6:8C:33:39:64:2E:E4:F8:EE:72:4A:38:FF:88:56:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1505dba2-f5d8-4cfa-892e-d67f9fff862f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:4d:ee:71:87:11:ef:fa:76:d0:9d:ab:7d:a0:3d:2c:27:d7:
         34:32:29:5f:2a:4d:3d:ae:f2:43:5e:a8:e6:02:2e:5c:67:84:
         d1:43:67:13:ee:14:df:f6:f9:55:87:71:41:57:76:34:73:ba:
         6c:c5:c9:5a:a7:02:80:fc:b0:30:18:24:c3:97:4f:df:ba:92:
         ea:0d:89:2a:85:51:ec:94:d1:2a:a0:d8:a1:18:0a:90:11:49:
         09:a9:e4:36:24:09:99:cd:97:6b:09:7d:91:14:12:53:13:b1:
         53:df:3b:a6:44:b1:f9:06:46:79:66:dd:21:a9:c0:8e:8e:65:
         27:53:d0:98:ac:16:31:50:ab:7b:c2:93:27:07:88:e9:14:23:
         44:a6:c9:7e:97:f7:22:5c:ed:27:0a:74:25:fa:6a:0a:42:f9:
         e6:2c:c8:ae:9e:34:b0:fb:8d:18:b5:f5:a7:38:c1:ca:3d:26:
         5f:38:1e:91:ef:73:57:17:c9:cf:ed:2d:6d:b2:9c:fb:4a:ed:
         c1:64:2b:e0:fe:59:c6:c6:93:91:3f:98:ca:1b:f4:79:eb:05:
         53:32:47:c2:97:a2:6c:80:65:4e:90:58:71:33:d5:21:d7:ca:
         3c:c7:9f:78:21:81:ec:5d:61:34:0b:23:a2:50:dd:72:3e:a6:
         97:27:05:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbhd0Zgb/ROJwl+piy8CV5wca6lMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE1MDA1MDQ1WhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzYxZTMwZjYyYmM0OWUyZWFiZmRmODViOTRmN2EzNzEw
OTQ2MTk5YWY1MzY3MmM4ODYwMDY5MDAwYmJhNzI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDijbq+hNNuEpgFuME42jAsE6Tu/PpSgrEhj9Ook20/X7Zv
uHweRwNtiPQsfL9P3wcyh01jxHjIEbYE07ff/N9ecZPcgls8tQ3AiukpTJiju39P
Wkghl8Z/OGK1Jx5mH+YHC6ttSas7mRI3ck1UTDTCIybLnynxorkdeXC5mmKJV+NY
U06whOVfu3jPw4A6O3LcA40mp7eRKChyY5vakBaqZWe2RV/gaAXjHiHOPl8w4EL3
iv3NQegekslH7qUa3kM16f18Vs2TrsAt7UDR5mYSmBEm9AUkON1S96gO8lvpDGIc
KJ4R5d2YU/GFp5YePXEc0dABSq0WCI/KiKDrmB47AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrdMrbNaMMzlkLuT47nJKOP+IVjgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1MDVkYmEyLWY1ZDgtNGNmYS04OTJlLWQ2N2Y5ZmZmODYyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTfowDQYJKoZIhvcNAQELBQADggEBALZN7nGHEe/6dtCdq32gPSwn1zQy
KV8qTT2u8kNeqOYCLlxnhNFDZxPuFN/2+VWHcUFXdjRzumzFyVqnAoD8sDAYJMOX
T9+6kuoNiSqFUeyU0Sqg2KEYCpARSQmp5DYkCZnNl2sJfZEUElMTsVPfO6ZEsfkG
Rnlm3SGpwI6OZSdT0JisFjFQq3vCkycHiOkUI0SmyX6X9yJc7ScKdCX6agpC+eYs
yK6eNLD7jRi19ac4wco9Jl84HpHvc1cXyc/tLW2ynPtK7cFkK+D+WcbGk5E/mMob
9HnrBVMyR8KXomyAZU6QWHEz1SHXyjzHn3ghgexdYTQLI6JQ3XI+ppcnBUc=
-----END CERTIFICATE-----