Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/712a2fc7-0d39-4161-9b91-32ead9a8c791.roa
File:                     712a2fc7-0d39-4161-9b91-32ead9a8c791.roa (raw, json)
Hash identifier:          ndCQaFqtHEjJOkXw7ktRoL2lYNpM1NNjKaRz3imU87w=
Subject key identifier:   1E:CE:62:59:BA:11:FB:49:07:69:7E:8C:A6:71:08:88:3F:22:9D:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60A8BDE046525AC7FE0C6327894756384F0933B2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/712a2fc7-0d39-4161-9b91-32ead9a8c791.roa
Signing time:             Fri 21 Mar 2025 00:31:36 +0000
ROA not before:           Fri 21 Mar 2025 00:31:36 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.0.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:a8:bd:e0:46:52:5a:c7:fe:0c:63:27:89:47:56:38:4f:09:33:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:31:36 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3e:33:1b:81:2e:11:de:6a:da:a5:d1:ac:43:
                    56:4a:39:88:80:b6:84:4c:e6:95:ca:f2:1f:a3:1e:
                    69:69:18:fc:b6:5a:9b:39:4e:b6:02:0c:ce:4e:b4:
                    a1:8e:cd:1e:cf:00:90:1f:7e:c3:44:5d:f7:0b:6c:
                    4e:9f:a0:bf:6b:dd:3f:66:50:20:a6:cf:e4:0c:6e:
                    86:db:6a:9a:6e:ff:c4:94:c3:aa:b5:69:c3:4b:44:
                    f3:47:25:2c:e7:12:8b:22:4a:22:50:ee:5a:06:b4:
                    2c:01:ae:91:e9:7a:47:6a:96:f8:6a:31:35:45:a3:
                    e8:6a:34:07:ca:2a:25:55:94:31:93:73:57:96:3b:
                    d6:30:79:c2:a7:69:18:28:4a:b2:32:d1:03:c5:97:
                    33:6e:e9:2c:bc:72:98:6a:5f:a9:fd:5d:e3:81:9d:
                    45:18:1d:50:aa:d9:db:ee:77:4d:01:11:25:d0:1e:
                    dc:03:b6:ac:ee:ae:84:f7:ec:04:e5:0a:26:c6:da:
                    a5:80:e8:de:c7:ab:68:3f:87:47:ea:2e:31:60:ae:
                    e1:2e:b3:14:fc:81:d4:1c:7a:b0:59:89:ac:d3:49:
                    59:0b:1d:2e:99:06:03:8b:3b:94:ba:4b:f3:50:b5:
                    5f:e2:7d:ab:02:28:15:0f:43:46:98:4b:56:c5:e4:
                    e4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CE:62:59:BA:11:FB:49:07:69:7E:8C:A6:71:08:88:3F:22:9D:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/712a2fc7-0d39-4161-9b91-32ead9a8c791.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:18:fd:b6:69:d7:08:3b:2c:a2:5a:04:f9:60:4f:45:12:c6:
         4a:90:23:36:35:35:4b:55:5d:cc:7b:b6:a6:23:90:70:24:8c:
         9d:07:79:dd:49:f9:ce:ea:ff:62:88:d1:72:d3:8d:b2:19:cd:
         f2:01:5a:e3:24:3f:be:63:3f:ab:4c:4b:61:0d:83:4b:bc:6e:
         cc:e4:be:17:2a:28:b5:51:5c:8e:cb:16:8d:9e:99:af:da:e0:
         7b:24:15:b6:4e:f6:30:7b:b5:3e:2e:0c:41:7c:bd:6f:e7:6b:
         06:bb:62:bf:be:17:e1:28:61:5a:5e:8c:45:a4:c5:75:aa:65:
         a4:a0:02:3d:1f:9c:b9:4f:22:f3:4c:65:5e:60:e0:db:00:4a:
         bd:a3:7e:cc:a5:59:3d:7e:e0:0c:c8:5d:cf:8f:1f:0b:73:60:
         34:73:5e:78:90:10:ee:44:39:03:3a:fc:42:c4:27:47:65:1f:
         36:8b:1b:a4:ee:31:71:7a:ae:fb:13:0b:d9:a1:d2:da:73:d7:
         a7:36:17:05:20:f8:83:59:d1:58:a9:b4:f6:d8:a5:c3:bd:c5:
         dc:c0:41:b2:a1:3c:99:78:3b:32:35:12:2f:f0:72:cc:b5:7c:
         a5:05:d9:09:df:1e:0e:3d:ef:6d:95:c6:03:ad:7b:b8:b2:b0:
         5d:11:92:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYKi94EZSWsf+DGMniUdWOE8JM7IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAzMTM2WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGYwOTEzNDA4ZDYzYzJjM2NlMjFjOTVhN2E5NzQzNmZm
ZTFkN2Y5MGQwNDFkODc2YmNlYmJmODE0YTAwNTdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0PjMbgS4R3mrapdGsQ1ZKOYiAtoRM5pXK8h+jHmlpGPy2
Wps5TrYCDM5OtKGOzR7PAJAffsNEXfcLbE6foL9r3T9mUCCmz+QMbobbappu/8SU
w6q1acNLRPNHJSznEosiSiJQ7loGtCwBrpHpekdqlvhqMTVFo+hqNAfKKiVVlDGT
c1eWO9YwecKnaRgoSrIy0QPFlzNu6Sy8cphqX6n9XeOBnUUYHVCq2dvud00BESXQ
HtwDtqzuroT37ATlCibG2qWA6N7Hq2g/h0fqLjFgruEusxT8gdQcerBZiazTSVkL
HS6ZBgOLO5S6S/NQtV/ifasCKBUPQ0aYS1bF5OSHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHs5iWboR+0kHaX6MpnEIiD8ineQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxMmEyZmM3LTBkMzktNDE2MS05YjkxLTMyZWFkOWE4Yzc5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjlgAwDQYJKoZIhvcNAQELBQADggEBAJsY/bZp1wg7LKJaBPlgT0USxkqQ
IzY1NUtVXcx7tqYjkHAkjJ0Hed1J+c7q/2KI0XLTjbIZzfIBWuMkP75jP6tMS2EN
g0u8bszkvhcqKLVRXI7LFo2ema/a4HskFbZO9jB7tT4uDEF8vW/nawa7Yr++F+Eo
YVpejEWkxXWqZaSgAj0fnLlPIvNMZV5g4NsASr2jfsylWT1+4AzIXc+PHwtzYDRz
XniQEO5EOQM6/ELEJ0dlHzaLG6TuMXF6rvsTC9mh0tpz16c2FwUg+INZ0ViptPbY
pcO9xdzAQbKhPJl4OzI1Ei/wcsy1fKUF2QnfHg49722VxgOte7iysF0RkuM=
-----END CERTIFICATE-----