Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b573de-8dbd-4362-82ea-1bd3c997a837.roa
File:                     a7b573de-8dbd-4362-82ea-1bd3c997a837.roa (raw, json)
Hash identifier:          BHkTT8Y5MsCZuohyrakY7zOGHWFw7rBJ2z0WEkgl0Fw=
Subject key identifier:   43:EC:F8:7C:90:A6:4C:D5:FB:D3:EE:59:01:06:72:78:41:93:B8:C8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EEB84C2C4F2193C952C8317A2E3F8C90ED76BB4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b573de-8dbd-4362-82ea-1bd3c997a837.roa
Signing time:             Fri 21 Mar 2025 00:41:37 +0000
ROA not before:           Fri 21 Mar 2025 00:41:37 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.64.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:eb:84:c2:c4:f2:19:3c:95:2c:83:17:a2:e3:f8:c9:0e:d7:6b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:41:37 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:06:eb:a6:1c:d6:00:c0:90:fd:42:06:e4:d6:
                    96:90:b1:0c:6a:c8:6f:96:20:73:9a:58:d2:9a:06:
                    3d:fd:85:57:d8:e3:1c:a3:53:b6:0b:b0:1e:24:20:
                    00:f6:db:34:bf:a2:1d:60:95:d9:c7:ac:83:78:f9:
                    4f:8b:d8:e8:76:3a:f2:34:c5:bf:f1:7d:5c:c8:93:
                    55:b8:81:82:c1:bf:66:8e:13:4f:98:aa:36:4f:a8:
                    92:7d:0e:8c:9f:f7:3d:34:63:f2:86:0a:ee:13:9c:
                    83:6c:02:6d:2f:71:75:1f:ab:64:02:b9:27:af:db:
                    a8:9e:01:68:c2:1a:8f:00:26:c9:cf:bf:b2:fd:bd:
                    7e:73:fd:c8:cb:16:b1:d8:14:38:8e:e5:a1:da:7e:
                    68:bd:ef:fb:64:b7:71:61:5f:d1:9a:8d:b1:38:3e:
                    64:92:a2:8f:f5:85:6e:d7:53:38:8f:d1:80:2c:62:
                    53:16:9c:8d:24:0f:6a:5a:74:5b:20:8e:c2:22:7d:
                    1c:53:f0:c3:18:bb:d9:ca:5a:ca:62:a3:ce:02:3b:
                    ea:ab:8f:f7:26:05:6d:1f:86:0a:cb:89:6c:5d:d9:
                    e8:7a:2e:f1:11:1b:72:24:ca:8d:25:10:b3:71:75:
                    a8:61:43:35:ce:e3:8b:5a:53:b8:d9:cd:5b:02:8d:
                    98:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:EC:F8:7C:90:A6:4C:D5:FB:D3:EE:59:01:06:72:78:41:93:B8:C8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b573de-8dbd-4362-82ea-1bd3c997a837.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d8:f2:ce:b0:e0:52:6e:ac:81:a7:56:3e:68:26:8d:14:ce:e1:
         94:2a:e9:1f:cc:5d:58:9c:70:91:ec:f9:e3:17:e6:9b:f0:c4:
         d7:9c:38:fb:60:1b:e6:eb:bf:e5:cd:bb:15:0e:3a:21:76:c5:
         9d:a2:18:e6:f0:a4:e3:6b:ea:43:68:b1:d2:ec:5c:8a:e6:1d:
         b8:bf:d7:b5:7a:17:0c:0c:2a:0a:2e:7a:80:cf:02:b3:6e:bf:
         22:14:e7:cd:bd:14:0e:24:7a:c9:41:f9:45:12:09:80:1a:b0:
         3f:5a:65:df:1d:38:98:3a:15:37:6c:f5:11:5c:56:eb:a8:30:
         61:95:23:20:70:3e:cc:e7:d9:2c:33:f0:65:c3:1f:c0:ad:cc:
         9c:15:1c:40:9d:7b:74:ce:0b:89:be:74:c3:e2:fa:08:65:1b:
         af:e4:57:5c:fe:1a:58:14:3a:ac:a0:8a:08:17:24:ef:15:01:
         79:f0:5d:f3:5b:fc:8b:fe:99:9d:a7:2c:5f:50:20:42:b3:95:
         7e:42:87:61:c7:d7:1d:4d:6b:87:7b:99:17:6e:b4:34:d0:f9:
         05:69:08:b0:ee:7d:a6:fc:2b:af:3f:0f:88:31:0e:a6:28:d8:
         5c:34:b6:ec:ab:ea:25:9c:c3:6a:f2:b6:d8:84:3c:67:42:65:
         46:3a:b0:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHuuEwsTyGTyVLIMXouP4yQ7Xa7QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDA0MTM3WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTVmMTdmODFhMzUxZmQ2YjBhYjAxYmYyOGZjZjU1OWQx
MGQwOTg1ZTkwMjYxYjAyNzJkNWI2MDQ5NmJjOGJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRBuumHNYAwJD9Qgbk1paQsQxqyG+WIHOaWNKaBj39hVfY
4xyjU7YLsB4kIAD22zS/oh1gldnHrIN4+U+L2Oh2OvI0xb/xfVzIk1W4gYLBv2aO
E0+YqjZPqJJ9Doyf9z00Y/KGCu4TnINsAm0vcXUfq2QCuSev26ieAWjCGo8AJsnP
v7L9vX5z/cjLFrHYFDiO5aHafmi97/tkt3FhX9GajbE4PmSSoo/1hW7XUziP0YAs
YlMWnI0kD2padFsgjsIifRxT8MMYu9nKWspio84CO+qrj/cmBW0fhgrLiWxd2eh6
LvERG3Ikyo0lELNxdahhQzXO44taU7jZzVsCjZgPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ+z4fJCmTNX70+5ZAQZyeEGTuMgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3YjU3M2RlLThkYmQtNDM2Mi04MmVhLTFiZDNjOTk3YTgzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl0AwDQYJKoZIhvcNAQELBQADggEBANjyzrDgUm6sgadWPmgmjRTO4ZQq
6R/MXViccJHs+eMX5pvwxNecOPtgG+brv+XNuxUOOiF2xZ2iGObwpONr6kNosdLs
XIrmHbi/17V6FwwMKgoueoDPArNuvyIU5829FA4keslB+UUSCYAasD9aZd8dOJg6
FTds9RFcVuuoMGGVIyBwPszn2Swz8GXDH8CtzJwVHECde3TOC4m+dMPi+ghlG6/k
V1z+GlgUOqygiggXJO8VAXnwXfNb/Iv+mZ2nLF9QIEKzlX5Ch2HH1x1Na4d7mRdu
tDTQ+QVpCLDufab8K68/D4gxDqYo2Fw0tuyr6iWcw2ryttiEPGdCZUY6sDA=
-----END CERTIFICATE-----