Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33ce2add-fe4e-4a9c-8f90-8e6774cb7050.roa
File:                     33ce2add-fe4e-4a9c-8f90-8e6774cb7050.roa (raw, json)
Hash identifier:          EQR83CYWMrDBpXqDQmBiIipC9fP2lIni2fnO0mspCuY=
Subject key identifier:   23:04:71:FB:39:ED:A8:A2:8E:9B:E4:59:F2:8F:4E:DB:33:4B:E8:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7E3A6A3A1FB2796D40AA171F030FDF2F37E707BF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33ce2add-fe4e-4a9c-8f90-8e6774cb7050.roa
Signing time:             Sat 22 Mar 2025 00:10:18 +0000
ROA not before:           Sat 22 Mar 2025 00:10:18 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        93.77.128.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:3a:6a:3a:1f:b2:79:6d:40:aa:17:1f:03:0f:df:2f:37:e7:07:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 22 00:10:18 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a0:b1:31:ae:84:d7:30:fd:8a:e4:c7:06:81:
                    6a:d7:fa:16:95:d2:92:8b:da:58:7b:56:07:e1:f0:
                    65:30:bc:05:25:9b:e9:1b:ae:3e:40:3b:aa:ff:5e:
                    d9:4e:40:41:38:46:db:35:6e:e5:25:c4:58:9c:b1:
                    a4:ea:8e:b1:61:49:53:31:f7:ec:1a:8b:c4:74:d3:
                    24:a2:f8:3f:42:df:c8:31:bc:06:18:0f:78:fc:e5:
                    81:18:66:b1:44:62:8b:db:4f:be:f9:f1:cf:59:9d:
                    43:c8:6a:41:62:40:75:78:9f:c1:67:64:d0:4f:7a:
                    d8:6f:8b:eb:56:a8:5f:5d:fb:2d:2a:70:e4:da:47:
                    e6:62:97:67:36:55:83:ec:fd:dc:9f:ed:0d:b9:d5:
                    82:d8:8d:56:2a:59:72:a5:ad:de:9e:53:3f:fa:3f:
                    b5:32:3a:98:f8:a5:42:67:fc:50:70:03:a3:27:1f:
                    5b:c4:8c:70:f3:ed:a6:2d:a9:14:63:96:b1:8c:bf:
                    23:fb:be:d1:8c:19:2f:04:ce:e8:7d:53:8c:7d:49:
                    80:f5:1d:b2:ba:00:49:0b:fd:d3:11:42:23:2d:4d:
                    fd:64:4f:e0:39:65:cc:78:d0:fd:4a:60:37:3e:4a:
                    11:88:d5:33:4d:ed:b5:9d:2a:92:93:71:36:92:43:
                    13:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:04:71:FB:39:ED:A8:A2:8E:9B:E4:59:F2:8F:4E:DB:33:4B:E8:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33ce2add-fe4e-4a9c-8f90-8e6774cb7050.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.77.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3d:d9:6e:da:74:bc:e0:77:eb:a3:ac:fe:72:1d:51:71:13:fb:
         50:a3:f8:05:1a:ba:e0:87:17:85:f4:fb:fb:9c:b0:12:c3:2c:
         81:d3:ea:a3:cf:66:b5:54:93:e4:36:bb:48:f8:d0:52:d8:5f:
         b2:43:b9:98:09:f8:ca:13:ba:07:fd:ff:87:42:ae:21:5c:4e:
         25:97:a3:9e:3b:94:32:e4:6f:65:3d:d9:ea:2b:97:6f:5c:cb:
         2f:90:f6:26:65:fb:a4:e7:cc:32:32:70:ce:12:2a:e9:99:54:
         6d:24:62:60:3e:ea:a8:aa:eb:9e:eb:f5:4b:93:2e:f7:b6:12:
         2d:b3:e6:99:ea:d6:f9:3a:f7:59:e6:e7:7f:95:a9:fa:d9:33:
         96:93:41:0d:be:d3:b5:dc:9b:e5:94:b7:aa:95:34:16:ea:cf:
         05:79:b3:0c:2b:ff:27:3a:09:0f:3e:ba:3a:6e:f2:0e:30:99:
         50:9b:24:cd:76:20:b2:c8:ca:a3:6d:05:8b:d8:73:e5:6c:9d:
         7f:fb:ec:58:13:3c:dd:46:4e:6c:f8:12:5f:25:84:ec:04:57:
         be:3d:c2:3c:39:60:1e:24:74:4c:c3:93:42:b8:c9:a1:00:90:
         bf:81:3a:1b:aa:9e:52:56:db:96:dd:b3:89:32:c4:d9:03:c1:
         86:07:66:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfjpqOh+yeW1AqhcfAw/fLzfnB78wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIyMDAxMDE4WhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmIxOGJlMTI5YmY2ZDQyMjJmZGU5NmY3NzIwZmE3NjUz
Y2RjOTcxN2M1OTJhY2ZmYmQwYzgxMGQyMTQ5NDg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnoLExroTXMP2K5McGgWrX+haV0pKL2lh7Vgfh8GUwvAUl
m+kbrj5AO6r/XtlOQEE4Rts1buUlxFicsaTqjrFhSVMx9+wai8R00ySi+D9C38gx
vAYYD3j85YEYZrFEYovbT7758c9ZnUPIakFiQHV4n8FnZNBPethvi+tWqF9d+y0q
cOTaR+Zil2c2VYPs/dyf7Q251YLYjVYqWXKlrd6eUz/6P7UyOpj4pUJn/FBwA6Mn
H1vEjHDz7aYtqRRjlrGMvyP7vtGMGS8Ezuh9U4x9SYD1HbK6AEkL/dMRQiMtTf1k
T+A5Zcx40P1KYDc+ShGI1TNN7bWdKpKTcTaSQxOJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIwRx+zntqKKOm+RZ8o9O2zNL6EEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzY2UyYWRkLWZlNGUtNGE5Yy04ZjkwLThlNjc3NGNiNzA1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVdTYAwDQYJKoZIhvcNAQELBQADggEBAD3Zbtp0vOB366Os/nIdUXET+1Cj
+AUauuCHF4X0+/ucsBLDLIHT6qPPZrVUk+Q2u0j40FLYX7JDuZgJ+MoTugf9/4dC
riFcTiWXo547lDLkb2U92eorl29cyy+Q9iZl+6TnzDIycM4SKumZVG0kYmA+6qiq
657r9UuTLve2Ei2z5pnq1vk691nm53+VqfrZM5aTQQ2+07Xcm+WUt6qVNBbqzwV5
swwr/yc6CQ8+ujpu8g4wmVCbJM12ILLIyqNtBYvYc+VsnX/77FgTPN1GTmz4El8l
hOwEV749wjw5YB4kdEzDk0K4yaEAkL+BOhuqnlJW25bds4kyxNkDwYYHZrA=
-----END CERTIFICATE-----