Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa
File:                     ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa (raw, json)
Hash identifier:          8JWRyuC3vNa9NOQsLfRdlby7YBWoC6vJQqOrZ+YyieI=
Subject key identifier:   D6:AC:AA:9D:90:0E:5B:1F:A4:50:1E:3D:A1:FC:02:9D:44:62:AF:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3966249A3DCD9E7A34637AC8DAF08851DC133D4A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa
Signing time:             Sat 29 Mar 2025 00:20:14 +0000
ROA not before:           Sat 29 Mar 2025 00:20:14 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.224.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:66:24:9a:3d:cd:9e:7a:34:63:7a:c8:da:f0:88:51:dc:13:3d:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 29 00:20:14 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cb:c0:41:40:66:e0:a8:cc:c9:3f:28:b9:1e:
                    48:c6:37:4c:c0:e8:70:18:c2:66:d4:19:60:86:6a:
                    fb:22:92:7d:96:8b:c8:b7:3d:4e:5c:03:70:21:27:
                    2f:7d:7a:17:1e:56:6d:0f:82:6d:95:6c:54:b0:6f:
                    6d:7c:2e:23:9e:df:ec:b2:b9:e8:4c:6e:6c:3f:fb:
                    fc:9a:d0:01:d2:7b:60:54:b6:05:e6:ec:ce:ef:d5:
                    fc:01:51:83:ad:11:3d:7d:e4:64:5b:73:65:57:10:
                    1e:cb:8d:9e:2f:61:6f:07:64:c4:6e:36:03:0d:39:
                    77:40:f0:76:84:a6:bf:0b:1c:15:a9:99:80:33:2a:
                    3f:67:a0:0b:04:32:f3:13:1b:79:0c:3c:e8:18:c1:
                    2e:21:de:77:8e:55:50:ff:1f:db:34:3d:02:cc:34:
                    4a:13:c0:66:0c:c4:de:82:e7:0b:b9:8e:06:63:74:
                    ce:a8:af:09:36:71:4f:62:51:64:0f:48:e9:46:40:
                    2f:3e:60:46:4d:0b:4e:c7:f2:a5:ae:21:e0:d5:f9:
                    34:85:8d:cf:97:5e:da:66:5b:82:c1:07:56:42:08:
                    f6:1b:e3:5b:80:42:0c:c1:5a:6c:bc:84:0e:81:a2:
                    24:c9:37:41:4f:49:64:10:32:40:ab:3b:0e:70:86:
                    c0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:AC:AA:9D:90:0E:5B:1F:A4:50:1E:3D:A1:FC:02:9D:44:62:AF:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         bb:92:b9:42:a4:b1:0f:47:08:49:9b:22:97:e2:23:9e:bc:d6:
         84:af:bd:ea:11:d9:91:60:c3:c0:d4:fc:37:61:99:67:a7:c1:
         11:24:da:f3:ae:a2:97:73:eb:02:bc:df:ba:6f:72:6c:df:b2:
         76:71:88:cb:38:a9:93:6f:ca:42:75:cb:46:b6:1b:70:17:80:
         5a:7a:1b:84:e1:2d:c5:7a:64:b2:41:93:f8:57:96:5a:cf:88:
         66:62:83:ec:83:91:73:16:61:fc:0e:6f:a7:7e:3e:ea:b4:60:
         a7:13:8d:cc:98:d0:fc:ee:a9:b3:c2:3f:60:6f:73:6f:45:ec:
         d5:0e:71:a7:f2:7d:71:e5:69:24:92:85:62:aa:46:c8:15:c6:
         b4:2f:67:2f:75:20:19:c7:f1:95:8c:aa:24:50:6b:94:63:12:
         f9:cc:1f:e1:3a:72:ad:56:0d:0c:86:c1:2f:fe:59:11:65:36:
         94:9c:5e:73:05:02:22:e2:ad:ad:23:bf:0a:86:37:2e:3e:00:
         fb:b6:40:44:2b:4b:8c:59:81:2c:87:c7:f1:42:9a:d0:52:11:
         67:a1:44:65:f7:a6:58:00:1a:04:b5:31:18:13:fe:fa:0d:60:
         98:f5:31:34:41:2a:e2:fc:54:20:be:94:89:fb:a0:71:e9:39:
         8f:63:d0:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOWYkmj3Nnno0Y3rI2vCIUdwTPUowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI5MDAyMDE0WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDc5ZDBjNDRiMjc3MDUyZjA4NTVjYTNlZGNhYTE0NTU3
MzNlZjIzOWRhZmJmY2VkODEwODMwYTE0ODA2MzBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHy8BBQGbgqMzJPyi5HkjGN0zA6HAYwmbUGWCGavsikn2W
i8i3PU5cA3AhJy99ehceVm0Pgm2VbFSwb218LiOe3+yyuehMbmw/+/ya0AHSe2BU
tgXm7M7v1fwBUYOtET195GRbc2VXEB7LjZ4vYW8HZMRuNgMNOXdA8HaEpr8LHBWp
mYAzKj9noAsEMvMTG3kMPOgYwS4h3neOVVD/H9s0PQLMNEoTwGYMxN6C5wu5jgZj
dM6orwk2cU9iUWQPSOlGQC8+YEZNC07H8qWuIeDV+TSFjc+XXtpmW4LBB1ZCCPYb
41uAQgzBWmy8hA6BoiTJN0FPSWQQMkCrOw5whsBTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1qyqnZAOWx+kUB49ofwCnURirx0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjNzkyMDA2LTNhZDQtNDMyYy1iYzZkLWVjYWY5ZjJmODQwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVrFeAwDQYJKoZIhvcNAQELBQADggEBALuSuUKksQ9HCEmbIpfiI5681oSv
veoR2ZFgw8DU/DdhmWenwREk2vOuopdz6wK837pvcmzfsnZxiMs4qZNvykJ1y0a2
G3AXgFp6G4ThLcV6ZLJBk/hXllrPiGZig+yDkXMWYfwOb6d+Puq0YKcTjcyY0Pzu
qbPCP2Bvc29F7NUOcafyfXHlaSSShWKqRsgVxrQvZy91IBnH8ZWMqiRQa5RjEvnM
H+E6cq1WDQyGwS/+WRFlNpScXnMFAiLira0jvwqGNy4+APu2QEQrS4xZgSyHx/FC
mtBSEWehRGX3plgAGgS1MRgT/voNYJj1MTRBKuL8VCC+lIn7oHHpOY9j0Os=
-----END CERTIFICATE-----