Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5332b03c-61a9-413c-af32-f67a7d5c8781.roa
File:                     5332b03c-61a9-413c-af32-f67a7d5c8781.roa (raw, json)
Hash identifier:          8WTDyl27A9xlmoj53IZ6rqocmaiE//dBx0Y1VIml/Hs=
Subject key identifier:   33:83:5D:BA:AC:4D:AA:00:DF:AD:C8:88:4B:C8:6A:34:E0:A5:28:12
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A9976D244E1220F3EFFB16554ABEDC8EAD4DFDB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5332b03c-61a9-413c-af32-f67a7d5c8781.roa
Signing time:             Fri 21 Mar 2025 00:20:22 +0000
ROA not before:           Fri 21 Mar 2025 00:20:22 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.19.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:99:76:d2:44:e1:22:0f:3e:ff:b1:65:54:ab:ed:c8:ea:d4:df:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:20:22 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:b3:58:78:4f:3b:21:6a:6c:19:79:c0:d4:
                    9c:eb:05:8f:6c:be:25:00:1a:53:ee:75:c0:c5:59:
                    fd:54:b7:3d:d6:93:68:9e:73:e1:d7:79:bf:8d:1c:
                    77:ea:e9:ba:e8:72:40:61:0f:3b:d9:5d:dd:e8:b9:
                    e7:60:56:02:08:c5:0a:67:8d:0e:c3:d5:f1:e3:77:
                    69:ce:1d:d8:28:c4:7d:e1:d1:cd:09:a4:71:b0:5c:
                    0d:47:db:fe:df:9b:e0:ac:04:d0:aa:fd:88:bf:c0:
                    90:39:9c:23:d8:69:60:6a:85:85:28:74:eb:36:f9:
                    8e:cd:7b:bb:77:f6:15:3d:be:95:38:44:67:90:a9:
                    26:b0:57:b5:41:10:b0:dc:f5:f2:df:ac:d3:a4:96:
                    6a:38:00:c2:58:73:fd:13:57:3a:86:68:9f:a0:5b:
                    dc:de:5a:44:73:42:3d:47:fd:bc:3e:24:a3:68:a7:
                    b6:e4:fc:73:80:7f:6e:8c:68:a4:61:c4:b1:d2:37:
                    95:60:7e:5a:2f:74:10:f6:51:46:00:28:79:d3:3a:
                    13:d5:5a:d8:8f:b6:81:7e:8f:c8:0a:10:32:5d:f4:
                    f6:04:a8:fb:b8:58:13:6e:63:78:63:e5:c9:e0:fd:
                    0e:ee:5e:b1:e3:57:77:ca:9c:3c:fd:d0:c1:6a:fc:
                    de:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:83:5D:BA:AC:4D:AA:00:DF:AD:C8:88:4B:C8:6A:34:E0:A5:28:12
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5332b03c-61a9-413c-af32-f67a7d5c8781.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:3a:2a:40:df:8d:08:c9:7e:9e:51:33:c1:25:66:9e:8d:0b:
         a2:2d:2e:35:80:c3:5b:00:0d:92:de:1b:de:18:7b:3e:c9:fc:
         65:d1:3f:af:60:b3:a6:f4:9b:fa:e8:be:64:26:d1:3e:b0:f9:
         b8:27:a0:2a:11:2a:0c:97:37:fa:f1:19:d5:31:9a:fc:7e:8c:
         24:0f:60:1f:32:02:3d:e8:70:2b:43:f5:7b:9b:2c:64:ca:d6:
         20:c0:e3:c3:0b:0a:83:0f:c5:f9:38:f0:20:df:91:25:70:cb:
         3c:a5:43:54:23:a4:e3:d3:7c:d7:18:e8:29:8a:2d:c0:bc:78:
         ce:c7:e7:d8:b6:4b:8f:88:f7:8a:f2:81:05:49:a1:f4:5f:fe:
         cb:a5:0e:58:87:f7:10:e9:69:bd:23:fa:88:85:02:27:05:44:
         c9:93:87:43:ef:d3:a0:ee:e3:fc:cd:da:e9:77:24:c7:95:a4:
         41:6d:d6:93:02:2d:b3:2f:7e:f1:e3:36:26:12:02:82:33:f6:
         f0:1f:5a:cd:4d:ad:6c:b5:27:14:da:94:b4:f8:c4:1c:c6:66:
         85:33:7b:ad:d6:55:0a:97:e7:0c:00:6a:92:7a:f6:72:67:e9:
         3c:83:03:f9:d2:2b:c2:a2:04:f6:49:70:f5:a4:d9:2a:07:f9:
         0b:bf:63:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKpl20kThIg8+/7FlVKvtyOrU39swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAyMDIyWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTJjYzAzYTg1ODQxZTYxZWJjMzMwYTVmZTQwMWEwMzdk
NGRmNzQ0MWM4MTNmZThkYzgwYjg0YzU4ZGFlYjc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAIbNYeE87IWpsGXnA1JzrBY9sviUAGlPudcDFWf1Utz3W
k2iec+HXeb+NHHfq6brockBhDzvZXd3ouedgVgIIxQpnjQ7D1fHjd2nOHdgoxH3h
0c0JpHGwXA1H2/7fm+CsBNCq/Yi/wJA5nCPYaWBqhYUodOs2+Y7Ne7t39hU9vpU4
RGeQqSawV7VBELDc9fLfrNOklmo4AMJYc/0TVzqGaJ+gW9zeWkRzQj1H/bw+JKNo
p7bk/HOAf26MaKRhxLHSN5VgflovdBD2UUYAKHnTOhPVWtiPtoF+j8gKEDJd9PYE
qPu4WBNuY3hj5cng/Q7uXrHjV3fKnDz90MFq/N5tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM4NduqxNqgDfrciIS8hqNOClKBIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzMzJiMDNjLTYxYTktNDEzYy1hZjMyLWY2N2E3ZDVjODc4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjlhMwDQYJKoZIhvcNAQELBQADggEBADU6KkDfjQjJfp5RM8ElZp6NC6It
LjWAw1sADZLeG94Yez7J/GXRP69gs6b0m/rovmQm0T6w+bgnoCoRKgyXN/rxGdUx
mvx+jCQPYB8yAj3ocCtD9XubLGTK1iDA48MLCoMPxfk48CDfkSVwyzylQ1QjpOPT
fNcY6CmKLcC8eM7H59i2S4+I94rygQVJofRf/sulDliH9xDpab0j+oiFAicFRMmT
h0Pv06Du4/zN2ul3JMeVpEFt1pMCLbMvfvHjNiYSAoIz9vAfWs1NrWy1JxTalLT4
xBzGZoUze63WVQqX5wwAapJ69nJn6TyDA/nSK8KiBPZJcPWk2SoH+Qu/Y3A=
-----END CERTIFICATE-----