Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d023a52-54e3-44dc-bba9-27b3b31c1f3a.roa
File:                     9d023a52-54e3-44dc-bba9-27b3b31c1f3a.roa (raw, json)
Hash identifier:          wtn+hswcO23Heo3vq2hQLpzuEv6SS1kgAMV840gzZ+M=
Subject key identifier:   2E:70:AF:5C:E0:5A:8E:78:A8:60:50:10:EE:DD:2E:54:39:17:A3:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21F7B317823C09730B6BBE88E766CE743F2E7E7F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d023a52-54e3-44dc-bba9-27b3b31c1f3a.roa
Signing time:             Mon 10 Mar 2025 15:21:31 +0000
ROA not before:           Mon 10 Mar 2025 15:21:31 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.137.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f7:b3:17:82:3c:09:73:0b:6b:be:88:e7:66:ce:74:3f:2e:7e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 10 15:21:31 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:72:71:ff:b5:fc:7b:98:21:05:8c:40:b2:a5:
                    db:e6:c6:45:91:43:60:90:d3:32:ec:57:7c:a8:f6:
                    33:52:e1:ee:0f:8d:b2:72:7c:f0:bf:b1:2a:a4:e0:
                    d9:e2:7e:86:5e:68:0f:d9:18:0b:3f:fc:5e:ab:fd:
                    6b:7f:7e:c8:4b:d8:72:c4:d9:3a:2b:9d:30:d2:15:
                    56:0f:52:e2:4c:fb:5c:0d:19:16:2d:81:2a:0d:a4:
                    a1:8c:e9:89:2b:88:17:04:a2:36:fe:22:37:8e:88:
                    18:cd:50:71:14:b6:51:91:09:2a:17:65:61:a3:63:
                    66:da:8a:f2:12:2d:e8:b9:08:12:12:1c:c8:88:d8:
                    6c:2f:c1:92:20:e2:ca:ef:5f:58:9e:c3:68:46:b2:
                    12:b8:62:aa:3f:fe:bf:9f:c3:60:5a:9f:20:e6:8c:
                    a6:69:52:8a:0e:e9:f0:84:b0:26:a1:f7:49:70:0a:
                    b8:40:23:ac:06:7d:47:c9:e6:0f:1f:9b:cf:7e:e0:
                    7a:47:43:9c:23:80:50:2d:8c:04:6c:a2:21:71:83:
                    4c:68:3d:cf:51:6c:b3:88:da:35:c5:1b:8b:e1:67:
                    b5:ef:79:f8:c2:9c:ad:28:84:e3:d7:9d:6e:d9:5b:
                    c9:06:43:ba:9f:bf:b9:dc:17:e9:79:42:78:df:17:
                    8c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:70:AF:5C:E0:5A:8E:78:A8:60:50:10:EE:DD:2E:54:39:17:A3:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d023a52-54e3-44dc-bba9-27b3b31c1f3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:ce:b6:a3:a6:d0:c1:d6:ef:c1:8d:5c:d1:c2:4d:d5:f6:6c:
         8e:a9:73:6d:5d:a5:70:39:86:63:de:c5:0f:ff:eb:c2:6a:99:
         69:02:47:e2:b8:2c:14:24:2b:70:8d:26:20:68:13:4b:a9:49:
         76:cf:cf:a4:f2:e0:9b:f0:fd:5a:99:48:50:00:56:63:9e:ba:
         9d:31:e4:db:ac:b6:f5:8e:a9:0a:ce:3d:34:15:00:08:8a:61:
         e7:7b:d9:d3:cb:eb:1a:f3:a1:97:dd:49:59:a0:e2:57:df:8e:
         c0:10:ff:30:d0:3c:da:e7:16:2c:dc:12:2f:f7:1c:c4:19:2e:
         93:85:95:3a:af:4e:22:51:99:c0:e4:ad:9f:2a:31:65:60:a7:
         f2:b7:51:ee:2a:fc:11:93:99:69:2e:36:70:ae:be:0e:80:4f:
         9c:60:0e:eb:45:81:55:e9:03:5d:2f:ff:96:be:0b:e1:83:72:
         93:b8:de:cc:71:26:88:8a:fb:e5:20:4d:cd:45:8c:4a:a8:44:
         ee:b2:02:3d:92:13:c1:d7:88:e7:d0:3f:34:11:2d:00:a0:51:
         85:65:b8:8d:ef:7d:c3:d6:e3:80:90:df:ed:3f:76:5d:65:d7:
         ae:b8:1b:b4:28:20:9b:58:22:64:cd:f0:28:7a:ac:02:e0:9b:
         97:80:d4:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIfezF4I8CXMLa76I52bOdD8ufn8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEwMTUyMTMxWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjlkMDliNTlhOTRjMzAxYTUyOTVjMDAzMGMxZDE3ZjBi
NWMwNjM3ODRmZDQ0N2VlMzI3Yjg0ZjBmOTEzZWQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDccnH/tfx7mCEFjECypdvmxkWRQ2CQ0zLsV3yo9jNS4e4P
jbJyfPC/sSqk4NnifoZeaA/ZGAs//F6r/Wt/fshL2HLE2TornTDSFVYPUuJM+1wN
GRYtgSoNpKGM6YkriBcEojb+IjeOiBjNUHEUtlGRCSoXZWGjY2baivISLei5CBIS
HMiI2GwvwZIg4srvX1iew2hGshK4Yqo//r+fw2BanyDmjKZpUooO6fCEsCah90lw
CrhAI6wGfUfJ5g8fm89+4HpHQ5wjgFAtjARsoiFxg0xoPc9RbLOI2jXFG4vhZ7Xv
efjCnK0ohOPXnW7ZW8kGQ7qfv7ncF+l5QnjfF4ydAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULnCvXOBajnioYFAQ7t0uVDkXo7AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkMDIzYTUyLTU0ZTMtNDRkYy1iYmE5LTI3YjNiMzFjMWYzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYkwDQYJKoZIhvcNAQELBQADggEBACTOtqOm0MHW78GNXNHCTdX2bI6p
c21dpXA5hmPexQ//68JqmWkCR+K4LBQkK3CNJiBoE0upSXbPz6Ty4Jvw/VqZSFAA
VmOeup0x5NustvWOqQrOPTQVAAiKYed72dPL6xrzoZfdSVmg4lffjsAQ/zDQPNrn
FizcEi/3HMQZLpOFlTqvTiJRmcDkrZ8qMWVgp/K3Ue4q/BGTmWkuNnCuvg6AT5xg
DutFgVXpA10v/5a+C+GDcpO43sxxJoiK++UgTc1FjEqoRO6yAj2SE8HXiOfQPzQR
LQCgUYVluI3vfcPW44CQ3+0/dl1l1664G7QoIJtYImTN8Ch6rALgm5eA1Oc=
-----END CERTIFICATE-----