Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/92e3388a-3322-44eb-9d70-a9abc7a26fb3.roa
File:                     92e3388a-3322-44eb-9d70-a9abc7a26fb3.roa (raw, json)
Hash identifier:          yK3jqE5OfW5syRS8J5mCjOI9v4ZXIh5XyL3rKzsbw30=
Subject key identifier:   C9:54:E1:C7:6B:80:FB:80:29:43:84:FB:B5:24:3D:FD:74:57:8F:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2BDE3348E9EB58E3B2FAE8BB17F47FC1BB2A05E0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/92e3388a-3322-44eb-9d70-a9abc7a26fb3.roa
Signing time:             Fri 14 Mar 2025 15:01:10 +0000
ROA not before:           Fri 14 Mar 2025 15:01:10 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:de:33:48:e9:eb:58:e3:b2:fa:e8:bb:17:f4:7f:c1:bb:2a:05:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 15:01:10 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9c:82:1d:09:b2:f7:c6:a0:39:59:73:2a:5a:
                    23:05:3f:a5:40:69:dd:05:2a:79:2f:e8:75:3c:cd:
                    46:a6:e0:6f:b7:e3:c9:f1:5f:3c:a6:3e:4d:f9:9f:
                    68:e2:9b:d4:fe:dc:f6:cb:70:9e:cb:b2:1e:f4:38:
                    7f:1d:ea:93:a9:21:73:2e:2b:34:9a:6d:48:23:4e:
                    5a:ad:86:17:32:4a:b9:08:c4:f1:82:c7:4f:8e:2f:
                    c0:05:d3:85:87:6d:9b:b6:83:b1:eb:13:59:40:c9:
                    82:e1:88:7a:b6:2d:ad:59:08:6e:29:5e:85:ed:4e:
                    09:15:0d:e8:9f:2c:6d:37:67:ed:cc:0f:b7:dd:3b:
                    de:36:62:ef:92:2e:2e:b3:85:fc:6a:75:40:b6:6c:
                    e7:3b:ee:9d:49:60:1b:08:34:d8:cc:d6:ca:26:69:
                    cd:c0:09:4d:c5:3a:79:19:fd:52:bf:6b:14:ab:9b:
                    4d:e9:3c:2b:a3:5a:3d:ac:02:8c:a0:81:54:12:17:
                    86:28:9c:3a:6b:b2:60:25:02:0f:26:29:ba:d5:e7:
                    56:41:5b:f5:37:73:1b:b6:65:50:e2:2c:14:bc:c7:
                    e2:4f:b9:fa:6b:e8:1e:77:ac:29:2f:0c:12:29:4d:
                    6b:af:22:c6:88:1e:49:07:c8:a3:0e:4f:03:02:16:
                    cc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:54:E1:C7:6B:80:FB:80:29:43:84:FB:B5:24:3D:FD:74:57:8F:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/92e3388a-3322-44eb-9d70-a9abc7a26fb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2e:71:26:5a:d6:18:9d:7f:75:9b:36:58:c4:86:7f:0f:f3:cc:
         bb:b9:4c:70:05:5c:d2:b8:34:f3:79:20:68:77:da:73:ee:95:
         9f:dc:12:9e:f5:67:33:01:ec:06:c8:f6:f6:5a:d2:78:a0:d1:
         e7:03:fc:ab:8f:f1:b3:7f:22:4f:37:0f:e0:a3:6c:8d:f2:d2:
         6d:24:f6:a5:99:9e:52:20:99:a4:89:7d:32:48:b7:88:8b:3a:
         e7:f0:7e:e7:12:3b:5f:7b:c3:a2:38:5e:3d:41:da:8e:88:72:
         cf:61:e5:f5:db:dc:13:92:19:32:62:68:a2:17:ed:1c:c0:de:
         12:c0:48:19:87:40:7a:98:e4:95:a4:95:44:62:6a:48:10:9f:
         7b:a0:14:8f:19:4a:8f:45:37:ac:3e:5a:a5:8d:e2:01:83:7d:
         43:3f:3f:cf:63:6d:e4:c5:bc:f5:4b:bc:a7:85:61:0d:12:f4:
         d0:54:5f:e1:f6:73:80:d5:91:98:c5:49:aa:e0:ae:c0:ab:a5:
         e9:f7:14:be:b9:b5:f9:99:13:b7:3a:b2:3f:4a:7e:31:75:0a:
         6a:8c:a9:4b:12:9c:ba:15:64:7c:43:0a:12:f9:b0:89:09:a3:
         09:17:34:7d:41:0d:35:c3:d3:6b:98:50:6c:6e:45:55:c3:d2:
         6b:9f:52:7b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUK94zSOnrWOOy+ui7F/R/wbsqBeAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MTUwMTEwWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGIwNDZkZTE4YzU5MDY5OWJjZDhlOGU0YzM1YTFkYTQ3
MmFiYWJjMDc3M2Y1Y2E0YjQxZDYzMDg4ZWViNDk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvnIIdCbL3xqA5WXMqWiMFP6VAad0FKnkv6HU8zUam4G+3
48nxXzymPk35n2jim9T+3PbLcJ7Lsh70OH8d6pOpIXMuKzSabUgjTlqthhcySrkI
xPGCx0+OL8AF04WHbZu2g7HrE1lAyYLhiHq2La1ZCG4pXoXtTgkVDeifLG03Z+3M
D7fdO942Yu+SLi6zhfxqdUC2bOc77p1JYBsINNjM1somac3ACU3FOnkZ/VK/axSr
m03pPCujWj2sAoyggVQSF4YonDprsmAlAg8mKbrV51ZBW/U3cxu2ZVDiLBS8x+JP
ufpr6B53rCkvDBIpTWuvIsaIHkkHyKMOTwMCFswpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyVThx2uA+4ApQ4T7tSQ9/XRXj6owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyZTMzODhhLTMzMjItNDRlYi05ZDcwLWE5YWJjN2EyNmZiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBjVjANBgkqhkiG9w0BAQsFAAOCAQEALnEmWtYYnX91mzZYxIZ/D/PMu7lM
cAVc0rg083kgaHfac+6Vn9wSnvVnMwHsBsj29lrSeKDR5wP8q4/xs38iTzcP4KNs
jfLSbST2pZmeUiCZpIl9Mki3iIs65/B+5xI7X3vDojhePUHajohyz2Hl9dvcE5IZ
MmJoohftHMDeEsBIGYdAepjklaSVRGJqSBCfe6AUjxlKj0U3rD5apY3iAYN9Qz8/
z2Nt5MW89Uu8p4VhDRL00FRf4fZzgNWRmMVJquCuwKul6fcUvrm1+ZkTtzqyP0p+
MXUKaoypSxKcuhVkfEMKEvmwiQmjCRc0fUENNcPTa5hQbG5FVcPSa59Sew==
-----END CERTIFICATE-----