Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e463e796-bd29-4ef8-8a0e-7dec0713ec4c.roa
File:                     e463e796-bd29-4ef8-8a0e-7dec0713ec4c.roa (raw, json)
Hash identifier:          dA7SKZZdNbU2kTGfz264LP47SQaLe0MNtDKYoYaBlt8=
Subject key identifier:   1B:E1:CB:A5:42:E6:D6:C4:A0:9B:82:61:73:C2:0B:A3:BE:79:E1:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3A8042A939F15212ECDC38A206D38CD513C2AEB2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e463e796-bd29-4ef8-8a0e-7dec0713ec4c.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.155.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:80:42:a9:39:f1:52:12:ec:dc:38:a2:06:d3:8c:d5:13:c2:ae:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=d549d4784bdbac5efebfcd064711f6dd2f40e5e56d889fe75c08b932bfb70f50, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c9:1d:8f:9e:8d:33:28:45:59:f2:28:74:cb:
                    81:10:cc:d7:6e:4e:24:a3:e9:ec:72:87:8f:49:41:
                    da:6b:17:2b:a3:7d:53:7c:f9:94:96:90:7b:6a:ae:
                    da:c3:43:33:71:80:e8:d3:56:f3:f4:c1:10:34:cd:
                    55:7f:7f:57:dc:7b:0d:b2:3e:d3:81:0e:c9:ae:e2:
                    1d:e6:a5:c7:43:6e:93:4c:87:66:51:79:10:7e:05:
                    80:60:16:32:67:e3:e8:d3:ad:c9:c9:50:47:9d:4a:
                    4c:1a:ee:ad:ce:ef:e6:13:a3:8c:bc:3f:38:2c:8d:
                    d0:54:c5:04:4b:06:9f:9c:a6:f2:5a:5b:ed:64:46:
                    21:2b:a5:df:95:69:66:c2:0f:e1:c1:0d:db:a5:44:
                    63:c3:df:16:33:34:32:72:c3:e2:25:20:ce:a8:a2:
                    cd:13:84:f1:ee:d0:af:ca:b5:2a:bd:fb:89:39:c3:
                    ab:22:18:b8:86:72:d3:03:08:a6:a9:d2:32:81:19:
                    19:a0:92:33:23:d6:09:f4:6c:78:ed:d2:c7:df:4b:
                    37:5b:9f:b5:2c:33:31:3a:0f:45:7f:f0:af:c6:64:
                    05:d9:42:9a:e5:2f:4d:11:c6:9d:f1:39:a9:46:5d:
                    6e:41:7e:22:57:b1:af:25:43:e1:de:64:1e:2f:a6:
                    b0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E1:CB:A5:42:E6:D6:C4:A0:9B:82:61:73:C2:0B:A3:BE:79:E1:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e463e796-bd29-4ef8-8a0e-7dec0713ec4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:36:70:fa:84:c3:14:bd:27:de:53:71:fc:8f:04:57:99:0c:
         dd:81:8a:d2:33:86:e3:6b:b9:44:34:92:7c:c5:8c:a5:88:e8:
         e2:4c:e5:f7:88:34:7c:78:a8:eb:f9:65:0e:91:2f:a5:b6:60:
         93:4c:63:13:1a:2d:b4:d6:9a:06:0a:f0:7f:6d:80:f1:99:77:
         4c:f7:f3:fe:a6:94:46:97:3a:53:39:91:78:aa:c9:a4:14:9e:
         0d:c3:61:c6:68:36:ff:91:a1:3e:a4:f6:a8:b6:85:9b:aa:e4:
         1f:dd:16:b1:61:a6:14:e7:46:03:9c:3f:08:43:19:e0:f0:a5:
         3b:c2:93:12:18:a8:44:d1:b7:e3:74:1b:d1:7c:55:6a:5b:88:
         9b:18:6a:c5:c5:38:42:d2:a9:38:47:89:64:ef:00:d1:80:1d:
         74:99:64:b4:1c:ca:9e:54:9c:84:9e:25:35:3c:9b:85:e7:a3:
         3e:60:45:9d:37:d6:9f:e1:3f:05:e3:60:1a:ee:86:5b:3f:f1:
         c5:25:48:7f:5e:2f:e2:5c:cc:47:da:7d:26:b8:f6:c2:6e:57:
         f4:d0:ef:12:4b:54:04:37:65:06:97:ff:7a:af:b0:1f:e7:08:
         3a:31:c1:ca:fb:37:ef:b8:ce:90:59:51:e5:e8:ff:7b:2b:62:
         bd:c4:38:43
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOoBCqTnxUhLs3DiiBtOM1RPCrrIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTQ5ZDQ3ODRiZGJhYzVlZmViZmNkMDY0NzExZjZkZDJm
NDBlNWU1NmQ4ODlmZTc1YzA4YjkzMmJmYjcwZjUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLyR2Pno0zKEVZ8ih0y4EQzNduTiSj6exyh49JQdprFyuj
fVN8+ZSWkHtqrtrDQzNxgOjTVvP0wRA0zVV/f1fcew2yPtOBDsmu4h3mpcdDbpNM
h2ZReRB+BYBgFjJn4+jTrcnJUEedSkwa7q3O7+YTo4y8PzgsjdBUxQRLBp+cpvJa
W+1kRiErpd+VaWbCD+HBDdulRGPD3xYzNDJyw+IlIM6oos0ThPHu0K/KtSq9+4k5
w6siGLiGctMDCKap0jKBGRmgkjMj1gn0bHjt0sffSzdbn7UsMzE6D0V/8K/GZAXZ
QprlL00Rxp3xOalGXW5BfiJXsa8lQ+HeZB4vprBBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUG+HLpULm1sSgm4Jhc8ILo7554a0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0NjNlNzk2LWJkMjktNGVmOC04YTBlLTdkZWMwNzEzZWM0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZswDQYJKoZIhvcNAQELBQADggEBAFg2cPqEwxS9J95TcfyPBFeZDN2B
itIzhuNruUQ0knzFjKWI6OJM5feINHx4qOv5ZQ6RL6W2YJNMYxMaLbTWmgYK8H9t
gPGZd0z38/6mlEaXOlM5kXiqyaQUng3DYcZoNv+RoT6k9qi2hZuq5B/dFrFhphTn
RgOcPwhDGeDwpTvCkxIYqETRt+N0G9F8VWpbiJsYasXFOELSqThHiWTvANGAHXSZ
ZLQcyp5UnISeJTU8m4Xnoz5gRZ031p/hPwXjYBruhls/8cUlSH9eL+JczEfafSa4
9sJuV/TQ7xJLVAQ3ZQaX/3qvsB/nCDoxwcr7N++4zpBZUeXo/3srYr3EOEM=
-----END CERTIFICATE-----