Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa
File:                     d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa (raw, json)
Hash identifier:          FS5R02AoWbn/AqTnec4tRKIq5hEbuqy9+UzLkPHPj+o=
Subject key identifier:   90:D0:9F:FA:98:78:32:0F:40:BC:FF:B9:AE:E1:80:62:C3:72:B6:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5634AD4E5F1AF3A582ED97DFCD25FA15BD831583
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa
Signing time:             Wed 12 Mar 2025 00:22:08 +0000
ROA not before:           Wed 12 Mar 2025 00:22:08 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.43.176.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:34:ad:4e:5f:1a:f3:a5:82:ed:97:df:cd:25:fa:15:bd:83:15:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:22:08 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:26:41:a6:7d:b7:7f:93:58:f4:2f:b6:c1:61:
                    5c:66:af:17:8c:17:51:7f:12:2e:4f:1c:df:4c:50:
                    c6:b3:6f:4d:7f:83:92:0c:74:68:d3:09:f5:a9:c7:
                    e6:bc:4f:8f:9f:72:94:04:2a:79:ce:e9:09:d9:29:
                    ad:ed:53:15:2f:e0:a3:2e:97:2b:9f:cb:c3:43:85:
                    38:e3:26:6d:84:d5:bb:e9:55:28:e9:ca:9e:68:eb:
                    26:45:d3:51:6d:4e:a2:7d:a7:f1:c4:0a:52:f3:05:
                    c1:f4:52:80:f5:46:77:92:8a:7c:da:b4:14:27:63:
                    9c:fa:43:4c:1b:94:47:8f:d4:6f:e7:6d:f0:c8:f7:
                    2e:7c:c0:5e:22:df:9c:07:f7:ce:18:ff:c2:0f:cd:
                    e1:f5:9a:d2:81:5b:6a:19:9f:d7:1c:72:ed:b1:36:
                    de:5d:c7:89:3c:7e:75:43:9b:fd:57:a0:d9:c2:a3:
                    e2:60:97:ec:69:c0:b5:07:bf:ae:68:4e:4f:02:42:
                    b4:a3:83:dc:31:45:12:57:1c:3b:7a:d7:d9:34:f1:
                    92:92:36:d4:64:e6:7e:6b:41:4a:a2:49:0b:66:e5:
                    07:77:d5:40:ee:d5:6a:12:9e:1e:1f:24:d7:d1:1d:
                    01:0b:0e:ea:60:4e:fc:10:16:5c:d1:10:dc:41:b6:
                    93:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D0:9F:FA:98:78:32:0F:40:BC:FF:B9:AE:E1:80:62:C3:72:B6:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.43.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:e2:96:20:46:13:d9:d8:b3:89:73:d1:b0:52:a0:24:a5:18:
         ad:47:f3:70:54:59:09:bf:85:41:cf:0a:2a:79:ba:eb:62:ee:
         66:2d:1d:e8:68:e9:33:b6:52:64:da:1e:2a:82:cd:1a:4c:c6:
         81:8c:31:19:1e:ec:ae:1c:bc:2c:cd:f4:89:c9:a6:04:6e:f7:
         e1:9e:af:b9:8a:89:58:2f:f1:df:cf:30:2d:5b:d3:9f:03:89:
         3f:b5:f2:77:ae:c6:76:35:bd:e3:d6:a8:a0:9d:d4:02:20:6b:
         be:0c:b5:47:d0:e4:27:15:7b:38:84:4c:32:fd:b4:55:9d:71:
         1d:5a:0f:f3:24:5f:6c:43:11:4d:e3:1a:7d:26:c5:ce:a6:78:
         1a:31:6d:d1:48:c5:e5:28:42:54:8c:9a:5e:37:00:21:9f:be:
         50:7d:96:7c:00:a5:bd:d4:b6:30:a4:07:e1:c4:11:b7:98:3d:
         97:0a:ad:7a:4d:62:30:53:3b:10:91:f1:ec:dd:bd:6b:84:85:
         bb:01:68:3e:f1:68:4c:d2:f1:dd:35:4a:06:e6:f3:be:99:17:
         d1:78:58:c8:ae:73:e9:dd:79:d0:3c:e8:3d:50:9b:fc:1a:d5:
         f3:b7:04:c6:ad:e2:64:71:9a:2f:b5:6e:d1:46:bd:9e:5f:53:
         94:c6:f0:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVjStTl8a86WC7ZffzSX6Fb2DFYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAyMjA4WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NjJhNmJlZTIwYWJjMzAwNjRkOTY1YTYzNGJmM2JhN2Nh
ZmNkYmM1NjNiMzQxMzE2YWNiNjQ5YTM0Y2YyZTBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQJkGmfbd/k1j0L7bBYVxmrxeMF1F/Ei5PHN9MUMazb01/
g5IMdGjTCfWpx+a8T4+fcpQEKnnO6QnZKa3tUxUv4KMulyufy8NDhTjjJm2E1bvp
VSjpyp5o6yZF01FtTqJ9p/HEClLzBcH0UoD1RneSinzatBQnY5z6Q0wblEeP1G/n
bfDI9y58wF4i35wH984Y/8IPzeH1mtKBW2oZn9cccu2xNt5dx4k8fnVDm/1XoNnC
o+Jgl+xpwLUHv65oTk8CQrSjg9wxRRJXHDt619k08ZKSNtRk5n5rQUqiSQtm5Qd3
1UDu1WoSnh4fJNfRHQELDupgTvwQFlzRENxBtpPrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkNCf+ph4Mg9AvP+5ruGAYsNytn4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4N2MyOTc1LWMzMjItNGE5OS04YWY2LTMyYjBkM2FhOGZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPAK7AwDQYJKoZIhvcNAQELBQADggEBAFDiliBGE9nYs4lz0bBSoCSlGK1H
83BUWQm/hUHPCip5uuti7mYtHeho6TO2UmTaHiqCzRpMxoGMMRke7K4cvCzN9InJ
pgRu9+Ger7mKiVgv8d/PMC1b058DiT+18neuxnY1vePWqKCd1AIga74MtUfQ5CcV
eziETDL9tFWdcR1aD/MkX2xDEU3jGn0mxc6meBoxbdFIxeUoQlSMml43ACGfvlB9
lnwApb3UtjCkB+HEEbeYPZcKrXpNYjBTOxCR8ezdvWuEhbsBaD7xaEzS8d01Sgbm
876ZF9F4WMiuc+ndedA86D1Qm/wa1fO3BMat4mRxmi+1btFGvZ5fU5TG8CA=
-----END CERTIFICATE-----