Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa
File:                     232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa (raw, json)
Hash identifier:          tz68KgQcrBBD/6Psa2MkVkbfXOo8bEpeqAOZMZ/ZhOo=
Subject key identifier:   70:8F:5A:AA:4B:2F:05:BC:90:C5:6D:08:80:15:DB:57:E2:36:AD:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       044D53D7EFB4A6CB2530C3F60641B185E16D3F9A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa
Signing time:             Mon 10 Mar 2025 15:21:23 +0000
ROA not before:           Mon 10 Mar 2025 15:21:23 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.148.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:4d:53:d7:ef:b4:a6:cb:25:30:c3:f6:06:41:b1:85:e1:6d:3f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:21:23 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:71:e2:b9:f6:5d:cc:5e:4b:d2:3b:c4:d2:90:
                    f5:3a:ec:45:ee:fd:7a:6d:06:b5:10:51:b4:c1:6f:
                    d9:ce:0d:03:32:fc:53:e7:b0:a9:26:66:25:c4:21:
                    cb:ca:17:5c:45:09:c4:39:e1:b8:41:2b:25:b3:74:
                    6f:52:3c:26:8c:04:67:bb:8a:a9:34:05:3b:26:e6:
                    65:7d:18:43:5d:4f:42:22:88:67:16:f6:51:77:e6:
                    f8:e8:66:43:07:f8:98:7e:2e:2d:e9:df:60:31:cd:
                    9e:f5:fc:f0:37:1b:ee:c3:aa:0d:84:07:3a:61:4a:
                    92:f4:e2:e5:7a:bc:61:18:b9:b0:70:a8:bd:cd:cb:
                    78:17:1c:26:03:fc:bd:5e:89:a5:87:61:17:09:40:
                    c9:14:7d:08:e8:c6:82:c2:33:9d:69:d2:5c:f0:2e:
                    51:49:83:aa:a9:a3:45:1e:a0:da:1e:61:9e:dc:c8:
                    f7:fb:06:79:a0:62:82:19:ce:54:a0:a3:96:4c:71:
                    a6:8b:86:b7:8e:c7:8f:3d:22:d0:03:35:93:c1:57:
                    26:9e:0e:3e:9d:e7:3c:a9:52:9e:13:a5:98:fc:23:
                    3b:01:cb:b6:56:fa:a3:bb:dc:9e:04:54:7d:38:5c:
                    55:95:4f:f1:af:3d:91:6b:f5:74:66:c4:75:cf:79:
                    e3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8F:5A:AA:4B:2F:05:BC:90:C5:6D:08:80:15:DB:57:E2:36:AD:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:69:83:87:0b:a5:d5:aa:48:8e:f3:b3:7c:b8:5a:5f:69:74:
         4f:a7:92:37:a6:dd:45:eb:1a:5a:bb:a6:b8:5c:89:eb:07:45:
         38:d5:74:5e:9e:56:4c:7a:8e:c7:b8:cf:d9:de:ae:c5:50:94:
         41:42:0e:14:80:4f:64:18:e1:0b:7a:e4:23:4a:78:1b:c9:ab:
         5b:62:3e:52:90:fe:84:11:a2:ed:37:93:8f:cd:28:da:7b:7d:
         06:97:7f:a1:6e:bf:94:eb:a6:09:62:cb:b6:ad:fc:e7:63:83:
         71:34:c5:e6:7b:4a:f6:47:08:90:cf:46:6d:d2:0f:11:7e:72:
         1f:7b:ca:7c:b9:e6:80:60:ee:8e:43:ef:d1:de:7c:98:73:38:
         27:96:bc:74:0f:30:7a:11:40:01:bd:98:2c:40:80:97:89:06:
         e2:61:7a:6a:0e:18:41:ad:f2:be:f8:36:bc:eb:50:21:ef:2f:
         e4:34:95:95:58:45:da:e1:b6:55:4a:e1:d1:b2:37:bd:f4:15:
         42:b1:52:b6:a3:a9:f7:dd:f1:fa:07:6a:ab:e6:83:62:1f:41:
         c9:bf:39:14:26:37:25:33:68:00:4a:37:c5:35:ac:d3:9f:78:
         6e:3b:d9:00:e8:73:ae:56:37:fc:89:32:d9:53:85:f2:48:e5:
         40:ca:98:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBE1T1++0psslMMP2BkGxheFtP5owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUyMTIzWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDQ1ZDZlYTE1MjY4NmM2NzM2ZjhlZmMyOWY2MDRlYjZi
YzM2ZDc0ZGJmODIzMDIyMDc1YzQzNGU5OWUyZWUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCceK59l3MXkvSO8TSkPU67EXu/XptBrUQUbTBb9nODQMy
/FPnsKkmZiXEIcvKF1xFCcQ54bhBKyWzdG9SPCaMBGe7iqk0BTsm5mV9GENdT0Ii
iGcW9lF35vjoZkMH+Jh+Li3p32AxzZ71/PA3G+7Dqg2EBzphSpL04uV6vGEYubBw
qL3Ny3gXHCYD/L1eiaWHYRcJQMkUfQjoxoLCM51p0lzwLlFJg6qpo0UeoNoeYZ7c
yPf7BnmgYoIZzlSgo5ZMcaaLhreOx489ItADNZPBVyaeDj6d5zypUp4TpZj8IzsB
y7ZW+qO73J4EVH04XFWVT/GvPZFr9XRmxHXPeeMfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcI9aqksvBbyQxW0IgBXbV+I2rS4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzMjU0NWQzLWRjYzctNGYwNC1iYjZkLTFkM2Q5YzE3ZDM3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZQwDQYJKoZIhvcNAQELBQADggEBAAppg4cLpdWqSI7zs3y4Wl9pdE+n
kjem3UXrGlq7prhciesHRTjVdF6eVkx6jse4z9nersVQlEFCDhSAT2QY4Qt65CNK
eBvJq1tiPlKQ/oQRou03k4/NKNp7fQaXf6Fuv5Trpgliy7at/Odjg3E0xeZ7SvZH
CJDPRm3SDxF+ch97yny55oBg7o5D79HefJhzOCeWvHQPMHoRQAG9mCxAgJeJBuJh
emoOGEGt8r74NrzrUCHvL+Q0lZVYRdrhtlVK4dGyN730FUKxUrajqffd8foHaqvm
g2IfQcm/ORQmNyUzaABKN8U1rNOfeG472QDoc65WN/yJMtlThfJI5UDKmGk=
-----END CERTIFICATE-----